Policy key definitions:
- “I”, “our”, “us”, or “we” refer to the business, [Business name & other trading names].
- “you”, “the user” refer to the person(s) using this website.
- GDPR means General Data Protection Act.
- PECR means Privacy & Electronic Communications Regulation.
- ICO means Information Commissioner’s Office.
- Cookies mean small files stored on a users computer or device.
Daventry Health Rehabilitation Trust, operating as Reach for Health (RfH), is strongly committed to protecting personal data. This privacy statement describes why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.
Personal data is any information relating to an identified or identifiable living person. When collecting and using personal data, our policy is to be transparent about why and how we process the personal data we collect.
What personal data do we use?
The information we collect includes your name and contact details when you join Reach for Health and, where relevant, details of health assessments and medical history and notes relating to your personalised exercise programme. Where you have opted to pay membership fees by direct debit, we also collect your bank details.
We also collect personal data for the purposes of the day to day operation of RfH. This includes, for instance, employee records and contact details for volunteers and Trustees. A full breakdown of what personal data we hold can be found in our Data Protection Policy document.
How will your personal data be used?
All the information Reach for Health collects and processes is used strictly and solely for administering memberships and undertaking health and fitness consultations and assessments. This enables us to make informed decisions when designing your personalised exercise program and enables us to monitor your progress. We also have a legal responsibility to ensure we have your personal details and those of your emergency contact which we would use if you became unwell whilst at the Centre.
In addition, where you have given us permission, we use your email address to keep you informed of the latest news and upcoming events at Reach for Health.
Who do we share your personal data with?
If you have chosen to pay your membership fees by direct debit, we are obliged to share the relevant specific personal data i.e. bank details, with DFC (Debit Finance Collections) who operate and administer direct debit collections on our behalf. The data is input directly to DFC’s secure online system, so it is not held on the Reach for Health computers.
Other than the instance above, we will never share your information with anyone else electronically and will only provide written notes for you to personally give to your doctor if we feel you need to consult your doctor on a specific issue.
How long do we keep your personal data?
We will keep your personal details for as long as necessary to enable us to fulfil the purposes
that we describe above. For example:
- Personal contact and emergency contact details along with health notes where
relevant will be held for the duration of your membership with Reach for Health
- Bank details are held by DFC on our behalf for the duration of your payment by direct
debit. On cancellation of the direct debit that data is permanently deleted.
- Employee, volunteer and trustee personal data will be held for the duration of their
working relationship with Reach for Health
As a service user, when you leave Reach for Health all personal data is securely deleted from
This rule also applies to the personal details of our employees and volunteers (including trustees) i.e. all online records containing personal details are securely deleted and paperbased DBS checks are shredded.
Your rights under GDPR
As an individual, you have certain rights over your personal data and data controllers are responsible for fulfilling these rights. Where we decide how and why personal data is processed, we are a data controller and include further information about the rights that individuals have and how to exercise them below.
Access to personal data You have a right to request details of the personal data held by us as a data controller. This right may be exercised in writing or by emailing us at firstname.lastname@example.org. We may charge for a request for access in accordance with applicable law. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits.
Amendment of personal data
To update personal data submitted to us, you may advise us in writing or email us at email@example.com. When practically possible, once we are informed that any personal data processed by us is no longer accurate, we will make corrections (where appropriate) based on your updated information.
Withdrawal of consent
Individuals have a right to withdraw consent to process personal data at any time. To withdraw consent to our use of your personal data please either write to us or email us at firstname.lastname@example.org . To stop receiving emails from us please click on the unsubscribe link in the relevant email received from us.
Other data subject rights
As well as rights of access and amendment referred to above, individuals have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data. If you wish to exercise any of these rights, please write to us or send an email to email@example.com
We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to firstname.lastname@example.org. We will look into and respond to any complaints we receive in accordance with our complaints handling policy.
You also have the right to lodge a complaint with the Information Commissioner’s Office (“ICO”) (the UK data protection regulator). For further information on your rights and how to complain to the ICO, please refer to the ICO website.