Locker 27 Privacy Notice
For the purposes of the Data Protection Act 1998 ("the DPA"), Locker 27 Ltd ("the Company") is the "data controller" of personal data.
This policy is intended to provide information about how the Company will use (or "process") personal data about individuals including current, past and prospective members and clients, employees and volunteers.
RESPONSIBILITY FOR DATA PROTECTION
In accordance with the Data Protection Act 1998 ('the Act'), the Company has notified the Information Commissioner's Office of its processing activities. The Companies ICO registration number is ZA152196 and its registered address is Locker 27 Ltd, 7 Milbanke Ct, Bracknell RG12 1RP.
The Company has appointed Rebecca Church as Data Protection Officer ("DPO"), for all registrations, who will endeavour to ensure that all personal data is processed in compliance with this policy and the Act.
TYPES OF PERSONAL DATA PROCESSED BY THE COMPANY
The Company may process a wide range of personal data about individuals including current, past and prospective members, clients and customers, employees and volunteers as part of its operation by way of example:
names, addresses, telephone numbers, e-mail addresses and other contact details;
bank details and other financial information, e.g. about members who pay membership fees to the Company;
where appropriate, information about individuals' health, and contact details for their next of kin;
references given or received by the Company about staff, and information provided by previous educational
establishments and/or other professionals or organisations working with staff; and
images of members and clients (and occasionally other individuals) engaging in Company activities (in accordance
with the Companies policy on taking, storing and using images of children)
The Company may, from time to time, need to process "sensitive personal data" regarding individuals. Sensitive personal data includes information about an individual's physical health. Sensitive personal data is entitled to special protection under the Act, and will only be processed by the Company with the explicit consent of the appropriate individual, or as otherwise permitted by the Act.
USE OF PERSONAL DATA BY THE COMPANY
The Company will use (and where appropriate share with third parties) personal data about individuals for a number of purposes as part of its operations, including as follows:
For the purposes of employee recruitment and selection and to confirm the identity of prospective employees;
To make use of photographic images of members, clients and customers in publications, on the Company website
and (where appropriate) on the Companies social media channels in accordance with the Companies policy on
taking, storing and using images of children;
For security purposes, and for regulatory and legal purposes (for example child protection and health and safety)
and to comply with its legal obligations; and
Where otherwise reasonably necessary for the Companies purposes, including to obtain appropriate professional
advice and insurance for the Company.
We value your privacy and do not sell your information to any third parties under any circumstances.
To third parties who will help process or administer services or who will provide advice and take action in relation to the collection of debts. The only third parties who have access to the data you have provided us are:
Clubwise - for the processing of membership records and direct debit collections
Izettle (till system)- where you have provided an email address at point of purchase for an electronic copy of your receipt.
KEEPING IN TOUCH AND SUPPORTING THE COMPANY
The Company will use the contact details of members, clients and customers and other members of the Company community to keep them updated about the activities of the Company, including by sending updates and newsletters, by email.
We only send email or text messages to individuals who have requested that these mailings be sent to them, or as part of an ongoing relationship we have with an individual or business.
Our right to control what communications, if any, that you receive from Locker 27 Ltd is important to us. The information below will assist you in understanding the different communications options you have, and how you can notify us of changes in your preferences or to unsubscribe in general.
If we provide notifications to Members including, without limitation, class cancellations, membership terms or bookings changes, these notifications may be made by telephone or sent by email, text message, mobile telephone application, post or any other appropriate means.
Locker 27 Ltd maintains a list of people who have expressed an interest in receiving updates about local Club events, special promotions and offers. These can be sent by email. You can subscribe to these updates at any time, and unsubscribe by following the instructions within any email you receive.
In addition, you may reply to email or text messages from Locker 27 Ltd requesting that your address be unsubscribed. Any request will take approximately 5 working days to process.
You can update your communications preferences at any time by following the convenient links located within any electronic communication from Locker 27 Ltd.
RIGHTS OF ACCESS TO PERSONAL DATA ("SUBJECT ACCESS REQUEST")
Individuals have the right under the Act to access personal data about them held by the Company, subject to certain exemptions and limitations set out in the Act. Any individual wishing to access their personal data should email their request to the DPO at firstname.lastname@example.org.
The Company will endeavour to respond to any such written requests (known as "subject access requests") as soon as is reasonably practicable and in any event within statutory time-limits.
You should be aware that certain data is exempt from the right of access under the Act. This may include information which identifies other individuals, or information which is subject to legal professional privilege. The Company is also not required to disclose any reference given by the Company for the purposes of the education, training or employment of any individual.
The rights under the Act belong to the individual to whom the data relates. However, the Company will in most cases rely on parental consent to process personal data relating to children (if consent is required under the Act) unless, given the nature of the processing in question, and the child's age and understanding, it is more appropriate to rely on the child's consent. Parents should be aware that in such situations they may not be consulted.
In general, the Company will assume that children’s consent to disclosure of their personal data to their parents, e.g. for the purposes of keeping parents informed about the child's activities, progress and behaviour, and in the interests of the child's welfare, unless, in the Companies opinion, there is a good reason to do otherwise.
However, where a child seeks to raise concerns confidentially with a member of staff and expressly withholds their agreement to their personal data being disclosed to their parents, the Company will maintain confidentiality unless, in the Companies opinion, there is a good reason to do otherwise; for example where the Company believes disclosure will be in the best interests of the child or other children.
Members, clients, customers and staff are required to respect the personal data and privacy of others, and to comply with the Companies policies and the Company rules.
DATA ACCURACY AND SECURITY
The Company will endeavour to ensure that all personal data held in relation to an individual is as up to date and accurate as possible. Individuals must notify the DPO of any changes to information held about them.
An individual has the right to request that inaccurate information about them is erased or corrected (subject to certain exemptions and limitations under the Act) and may do so by contacting the DPO by email email@example.com.
The Company will take appropriate technical and organisational steps to ensure the security of personal data about individuals. All staff will be made aware of this policy and their duties under the Act.
In order to comply with our obligations under the Data Protection Act 1998, we will protect your personal data from unauthorised access, misuse, alteration or loss by using commercially reasonable security measures. Any payment transactions will be encrypted using SSL technology.
Nothing in this policy in any way excludes or limits our liability for negligence causing death or personal injury or for fraudulent misrepresentation.
The data that we collect from you will not be transferred to or stored at a destination outside the European Economic Area.
Unfortunately the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of any data transmitted to our site; any transmission will be at your own risk.
We are not responsible or liable to you for any loss or damage you may suffer or incur in connection with your use of our website which is caused by any event beyond our reasonable control including the electronic transmission of information, content, material and data over the internet and the interception and decryption of it by others.
We are not responsible to you for any losses or damage you may suffer caused by any distributed denial-of-service attack, or any viruses, trojans, worms, logic bombs or other material which is malicious or technologically harmful and which may infect, contaminate or damage your computer equipment or computer programs, or cause damage to software or damage to or loss of data unless caused by our negligence. You should ensure that you use appropriate virus checking software and firewalls.
Whilst we have taken reasonable steps to ensure the accuracy, currency, correctness and completeness of the information contained on the Site, we do not check, review, monitor, verify or endorse any information, content, material or data collected from or provided by third parties which is displayed on or is otherwise available from this Site or any third party websites or services which you can access from the Site. We are not responsible to you for any loss, damage or injury you may suffer or incur in connection with such information, content, material or data. It is your responsibility to check that such information, content, material or data is accurate, current, correct and complete.
If your personal data is accessed by an unauthorised third party, we will not be responsible for any direct or indirect damage caused as a result of such unauthorised access.
Whilst we take all reasonable steps to ensure that the Site continues to be available there may be times when it is not available. This may be for reasons relating to the maintenance of, or alterations to, the Site or for reasons beyond our control. We are not responsible to you if the Site is unavailable.
QUERIES AND COMPLAINTS
Any comments or queries on this policy should be directed to the DPO using the following contact details e. firstname.lastname@example.org
Locker 27 Ltd
Hamm Moor Lane Addlestone
If an individual believes that the Company has not complied with this policy or acted otherwise than in accordance with the Act, they should first contact the DPO. The Company complaints / grievance procedure should be followed if a more formal complaint is warranted.
4th May 2018