Derby City Boxing Academy

DERBY CITY BOXING ACADEMY C I C DATA PRIVACY POLICY

ABOUT US:

In this privacy policy, reference to “we” “us” or “the company” is Derby City Boxing Academy C I C, a Community interest company incorporated and registered in England (Company No 9978190) at Derby City Boxing Academy, at 290a Stockbrook Street, Derby DE22 3WH.

1 OVERVIEW

1.1     Derby City Boxing Academy takes the security and privacy of your data seriously. We need to gather and use information or ‘data’ about you as part of our business and to manage our relationship with you. We intend to comply with our legal obligations under the General Data Protection Regulation (GDPR) in respect of data privacy and security. We have a duty to notify you of the information contained in this policy.

1.2     The Company is committed to respecting and protecting your privacy. The Company is the data controller of any personal information you provide to us. This means that we are responsible for complying with data protection laws. This means that we determine the purpose and means of the processing of your data. This “Privacy Policy” (referred to as “the policy”) explains how we will collect and store any personal data you provide to us. This policy applies to future, current and former clients.

1.3     By providing your personal information to us, you acknowledge that we my use it in ways set

out in this policy.

1.4     The Company has measures in place to protect the security of your data in accordance with

our Data Security Policy. A copy can be obtained from Derby City Boxing Academy C I C.

1.5     The Company will hold data in accordance with our Data retention Policy. A copy can be obtained from Derby City Boxing Academy. We will hold data for as long as necessary and for the purpose for which it was collected.

1.6     This policy explains how the Company will hold and process your information. It explains your rights as a data subject. It also explains our obligations when obtaining, handling, processing or storing personal data whilst working for, or on behalf of, the Company.

2     HOW WE DEFINE PERSONAL DATA

2.1    ‘Personal data’ means information which relates to a living person who can be identified from               that data (a ‘data subject’) on it’s own, or when taken together with other information which is likely to come into our possession. It includes any expression of opinion about the person and an indication of the intentions of us or others, in respect of that person. It does not include anonymised data.

2.2      This policy applies to all personal data whether it is held electronically, on paper or by other methods

3      WHY WE NEED YOUR DETAILS

3.1       The Company obtains and uses your personal details to enable us to process / transact business on your behalf.

4      WHAT PERSONAL INFORMATION DO WE COLLECT

4.1       We may collect the following non-sensitive information:

4.2          We may collect the following sensitive information:

5   HOW DO WE COLLECT YOUR PERSONAL INFORMATION
5.1        Face-to-face (directly from you)

6   HOW DO WE DEFINE PROCESSING

6.1      We define processing in the following ways:

This includes processing personal data which forms part of filing system and any automated processing.

7 HOW WE WILL PROCESS YOUR PERSONAL DATA

7.1          The Company will process your personal data (including special categories of personal data) in accordance with our obligations under the 2018 Act.

7.2          We will use your personal data to:

We can process your personal data for these purposes without your knowledge or consent. We will not use your personal data for an unrelated purpose without telling you about it and the legal basis that we intend to rely on for processing it.

8       THE PURPOSE FOR WHICH WE PROCESS YOUR SENSITIVE AND NON-SENSITIVE INFORMATION

8.1          The non-sensitive information supplied to us may be necessary to transact business to which you are party to, or to take steps at your request prior to transaction.

8.2          Processing is necessary for compliance with a legal obligation to which we are subject and legitimate interests pursued by us or by a third party.

9            SHARING YOUR PERSONAL DATA

9.1        We may disclose your personal information to a third party (listed below) for the purpose described in this policy to carry out our obligations outlined within the terms of our business agreement for details of specific disclosures made in respect of your personal information. The third parties listed below will only use your personal information under strict instruction and are under an obligation to ensure appropriate security measures are in place.

9.2        We require those Companies to keep your personal data confidential and secure and to protect it in accordance with the law and our policies. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.

9.3        We do not send any personal data out of the UK

10   HOW WE PROTECT YOUR PERSONAL INFORMATION

10.1    We are committed to keeping our personal information secure. We keep your personal Information in a secure server and have the appropriate security measures in place in our physical facilities.

11     DATA BREACH

11.1     We have robust measures in place to minimise and prevent data breaches from taking place. You have the right to be notified of a data security breach. If the breach is likely to result in risk to the rights and freedoms of individuals, then we must notify the Information Commissioner’s Office within 72 hours.

12      YOUR RIGHTS

12.1   Subject to any relevant exemptions, you are entitled to see a copy of the personal information we hold about you and to request details of how we use your personal information including any disclosures made.

To exercise your rights to access your own personal data, please make your request in writing to the data protection officer (Alex Neave). We will respond as soon as possible within two days from receiving the request. If the request is complex, in which case the period could be extended by a further seven days.

We take reasonable steps to ensure that the personal information we hold about you is reliable and as accurate and complete as necessary for it’s intended use, but you are entitled to ask us to update or amend any inaccuracies in the personal information that we hold about you.

To request us to update or amend any personal information we hold about you, please submit this to us in writing. Any information that is found to be incorrect or incomplete will be amended promptly.

12.2      Under certain conditions, you may also have the right to require us to:

13       MAKING A COMPLAINT  

13.1   In the unlikely event that you have a complain about the way in which your details are use or stored by us, please contact the data protection officer (Alex Neave) in writing.

13.2    You have the right to complain to the Information Commissioner. You can do this by   contacting the information Commissioner’s office directly. Full contact details including a helpline number can be found on the website (www.ico.Org.uk).   This website has further information on your rights and our obligations.