The purpose of this policy is to detail the procedures for the retention and disposal of personal information records, to ensure that we carry this out consistently and that we fully document any actions taken. Unless otherwise specified the retention and disposal policy refers to both hard and soft copy records.
1.2 Review and updates
This policy was created on 19th December 2017. Leith Pilates Ltd. will review this policy regularly to ensure it stays up to date. The last review of this policy was on 19th December 2017.
Detailed in section 1.7 is a Record Retention Schedule that is approved as the initial maintenance, retention and disposal schedule for both physical and electronic records belonging to Leith Pilates Ltd. Mr. Andrew Pearson (the “Administrator”) is the officer in charge of the administration of this policy and the implementation of processes and procedures to ensure that the Record Retention Schedule is followed. The Administrator is also authorised to make modifications to the Record Retention Schedule to ensure it is in compliance with local laws.
1.4 Suspension of record disposal in event of legal claims
In the event that Leith Pilates Ltd. is served with any legal requests for documents relating to a specific individual, any further disposal of documents shall be suspended until the Administrator deems otherwise. When record disposal resumes, all records that have passed their disposal date will be retrospectively handled.
1.5 Audit trail
Disposal of records that have been listed on the Record Retention Schedule will not be recorded. Records disposed of out with the schedule either by being disposed of earlier or kept for longer than listed will be recorded for audit purposes. This will provide an audit trail for any inspections conducted by the Information Commissioner and will aid in addressing Freedom of Information requests where Leith Pilates Ltd. no longer holds the material.
1.6 Disposal method
When disposing of a physical record, pages will be shredded if all data on said page is required to be destroyed. If a page has both data that is required to be disposed of, as well as data that is required to be kept, the data to be disposed of will be either cut out of the page or obscured using some form of correctional fluid.
Disposing of electronic records will be done with standard deletion methods available on Windows operating systems.
1.7 Record Retention Schedule
All data on clients will be kept for 7 years after their last session with Leith Pilates Limited as required by our insurance (BALENS)
Enrolment Forms & Medical Information
We ask everyone who attends an induction class or studio session to fill in an enrolment form. This asks you for your name, address and phone-numbers and has a large health information section. To be able to do our job as Pilates teachers, we need to ask you information about health conditions and injuries. It is very important you give accurate and current information to us, and keep us up-to-date with your state of health. Enrolment forms are stored as paper copies in a secure location and certain elements transferred to a password protected database. Only Andy Pearson, the senior Pilates instructor and owner of Leith Pilates Ltd, has access to the secure location and to the electronically stored copies. We will not discuss teaching you or any details of your health with anyone outside of our group of Pilates teachers working with Leith Pilates. We will only discuss your health between teachers when you are going to see another teacher. We may ask your permission to talk to, or email your physiotherapist, consultant, doctor, or other health professional if we think this will benefit your treatment or is required to teach you safely. You are entitled to see this correspondence if such permission has been requested.
From time to time, we will send you emails relating to the classes that you attend, new terms that are starting and guest instructors that will be available. We may also send you emails relating to payments that are due. You can unsubscribe from any marketing emails at any time by using the link at the bottom of each email.
The cookies that we use allow us to:
- remember your preferences during and between visits
- continuously improve our services, website, and marketing
- collect any personally identifiable information
- collect any sensitive information
- pass personally identifiable data to third parties
Cookies on this site are set by Google Analytics and Leith Pilates Ltd:
Turning Cookies Off / Opting Out
Almost all browsers and devices can be instructed not to accept cookies. Please consult the Help pages for your browser (usually available via the F1 key), or your device’s instruction manual for details. Please be aware that the functionality of the site may suffer as a result.
Here are some links for the more popular browsers Chrome: https://support.google.com/chrome/answer/95647
Internet Explorer: http://windows.microsoft.com/en-gb/windows7/block-enable-or-allow-cookies
We will disclose your personal information where required to do so by law or in accordance with an order of a court of competent jurisdiction, or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.
The security of your personal information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security. As such we make no warranties as to the level of security afforded to your data, except that we will always act in accordance with the relevant UK and EU legislation.
Links to Other Sites
Our service does not address anyone under the age of 13 (“Children”). We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us. If we become aware that we have collected personal information from a child under age 13 without verification of parental consent, we will take steps to remove that information from our servers.
This policy shall be governed and construed in accordance with the laws of Scotland, without regard to its conflict of law provisions.
Right of access, amendment and deletion of personal data
In accordance with the General Data Protection Regulation due to be released on 25th May 2018 you have the right to access, rectify, restrict and delete any information that we hold relating to you. Please make any such request via the contact us page. In accordance with the terms of the new regulation, we will respond to you within one month.