Data controller: Pamela McFarlane for EnRich Coaching for Educators
In accordance with the General Data Protection Requirements (GDPR) and the Data Protection Act’s (DPA) 8 key principles, data processing is defined by the Information Commissioners Office (ICO) as:
- Obtaining
- Recording
- Storing
- Updating
- Sharing
Personal data must be processed fairly and lawfully
Personal data of clients collected by EnRich Coaching for Educators:
- Name
- Telephone number
- Email address
- Skype/Zoom address
- Address
- Notes from sessions
Data is collected from clients by email, phone or messaging.
This is collected at first point of contact for the purpose of communications and booking coaching sessions.
New data may be updated as necessary thereafter, for example, details of a new method of communication.
Notes from sessions are made to facilitate subsequent sessions.
Client data will not be shared, or passed on to, any third parties (except anonymised data to HMRC for taxation purposes only).
Personal data must be processed for specified lawful purposes
Consent for data to be collected is requested under the General Data Protection Requirement’s (GDPR) Contract basis. This is so that EnRich Coaching for Educators can undertake a necessary basis of:
- Fulfilling a contractual obligation to clients
- Providing quotes prior to commencement of coaching sessions
- Communicating and booking coaching sessions
- Making notes during sessions to facilitate subsequent sessions
- Data collected will be used for no other purpose than to: contact clients; facilitate sessions; report income to HMRC
Personal data must be adequate, relevant and not excessive
The data collected is the minimum necessary to enable contact for bookings and facilitation of sessions
Personal data must be accurate and up-to-date
Data is collected directly from the clients.
Clients are able to ask for amendments to be made at any time.
Amendments will be made within 48 hours of receipt of requests.
Personal data must not be kept for any longer than is necessary
Clients’ data shall be held for seven years, in accordance with insurance policy, and so that re-engagements can be easily made if the client wishes.
If a client requests their data to be deleted prior to this, requests will be looked into within one month of request being received.
Personal data must be processed in accordance with the rights of individuals
Right to be informed
- Individuals have the right to be informed about the collection and use of their personal data
- This privacy notice sets out the purposes for processing personal data, retention periods for that personal data, and with whom it will be shared
- This privacy information will be provided to individuals within one week of personal data being collected
Right of access
- Individuals have the right to access a copy of their personal data as well as other supplementary information
- Individuals can make an access request to EnRich Coaching for Educators verbally or in writing
- These will be responded to within one month of receipt of request
- There will be no fee for dealing with these requests
Right of rectification
- Individuals have the right to have inaccurate personal data rectified, or completed if it is incomplete
- An individual can make a request for rectification verbally or in writing
- These will be responded to within one month of receipt of request
Right to erasure
- Individuals to have personal data erased, also known as “the right to be forgotten”
- Individuals can make a request for erasure verbally or in writing
- These will be responded to within one month of receipt of request
- Contact details will be deleted
- Case notes will be shredded
- Anonymised log of payments will be kept for HMRC
Right to restrict processing
- Individuals have the right to request the restriction or suppression of their personal data. This is not an absolute right and applies only in certain circumstances
- When processing is restricted, EnRich Coaching for Educators is permitted to store the personal data, but not use it
- An individual can make a request for restriction verbally or in writing
- These will be responded to within one month of receipt of request
Right to data portability
- The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services
- It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability
- Doing this enables individuals to take advantage of applications and services that can use this data to find them a better deal or help them understand their spending habits
- The right applies only to information an individual has provided to a controller
Right to object
- Individuals have the right to object to the processing of their personal data in certain circumstances.
- Individuals have an absolute right to stop their data being used for direct marketing
- Individuals can make an objection verbally or in writing
- Objections will be responded to within one calendar month of receipt of objection
For all rights, EnRich Coaching for Educators can refuse or charge for requests that are manifestly unfounded, or excessive. If EnRich Coaching for Educators refuses a request, they must tell the client why and that they have the right to complain to the supervisory authority and to a judicial remedy.
Personal data must be kept secure
All personal data is kept in password-protected files, backed up on a password-protected memory stick, which is locked away when not in use.
Case notes are kept in a file locked in a cupboard.
Clients have the right to be informed of any personal data breaches.
This shall be done within 72 hours of the breach being identified, and will be recorded.
Complaints
EnRich Coaching for Educators is registered with the ICO.
Clients have a right to complain to the ICO if they think there is a problem with the way EnRich Coaching for Educators is handling their data.