Brighton Holistics General Data Protection Regulation Policy

General Data Protection Regulation (GDPR) Policy Statement

Brighton Holistics is fully committed to full compliance with the requirements of the General Data Protection Regulation. Brighton Holistics will, therefore, follow procedures which aim to ensure that all team members who have access to any personal data held by Brighton Holistics are fully aware of and abide by their duties under the General Data Protection Regulation. Brighton Holistics will not share any information with any third party.

Statement of policy

Brighton Holistics needs to collect and use information about people with whom it carries out business with in order to operate and carry out its business. This personal information must be handled and dealt with properly however it is collected, recorded and used and whether it is on paper, in computer records or recorded by other means.

Brighton Holistics regards the lawful and appropriate treatment of personal information as very important to its successful operations and essential to maintaining confidence between Brighton Holistics and those with whom it carries out business. Brighton Holistics therefore fully endorses and adheres to the Principles of the General Data Protection Regulation.

Handling personal/special category data

Brighton Holistics will, through management and use of appropriate controls, monitoring and review:

  • Use personal data in the most efficient and effective way to deliver better services,
  • Strive to collect and process only the data or information which is needed,
  • Use personal data for such purposes as are described at the point of collection, or for purposes which are legally permitted,
  • Strive to ensure information is accurate,
  • Not keep information for longer than is necessary,
  • Securely destroy data which is no longer needed,
  • Take appropriate technical and organisational security measures to safeguard information (including unauthorised or unlawful processing and accidental loss or damage of data),
  • Ensure that information is not transferred abroad without suitable safeguards,
  • Ensure that there is general information made available to the public of their rights to access information,
  • Ensure that the rights of people about whom information is held can be fully exercised under the General Data Protection Regulation.

These rights include:

  • The right to be informed,
  • The right of access to personal information,
  • The right to request rectification,
  • The right to request erasure,
  • The right to restrict processing in certain circumstances,
  • The right to data portability,
  • The right to object to processing.

We will retain your information for the periods stated below unless or until you request us to do otherwise.

We collect and process your personal information for the following purposes:

  • To process your order
  • To provide you with the best possible service

We will hold your name, address, email address, phone number, date of birth and any other relevant details/information you provide to us. We use this information to maintain contact with you to provide your requested services, manage their delivery and bill you for them.  We retain this information in our electronic database for five years after the most recent event we host for you, and for seven years in our financial records (due to statutory requirements).  Where we have not hosted a course/event for you, we will retain the details relating to your initial enquiries of services for no more than two years

While we retain your contact information, we will contact you about our services.  You may unsubscribe from such communications at any time.

We do not share personal information with any third parties except if requested by law.  If you have concerns or queries about any of these purposes, or how we communicate with you, please contact us at the address given below.

The right to access personal data:

General Data Protection Regulation 2018 gives individuals who are subject of personal data (known in the General Data Protection Regulation as ‘data subjects’) a general right of access to personal data that relates directly to you.

To request information, a written request and proof of identity must be received before any such information will be released by Brighton Holistics. We aim to supply all requests in a calendar month as prescribed in the General Data Protection Regulation this will be calculated from the day on which the Brighton Holistics receives the written request.

All data subject access requests must be in writing (email not accepted).

All requests should be addressed to:

Mr J Matson-Higgins FFHT.
Principal and Senior Tutor.
Brighton Holistics.
206 Warren Road,
Brighton,
BN2 6DD,
The United Kingdom.

Brighton Holistics Data Protection policy was updated on January 1st, 2018 in line with the new GDPR legislation for May 25, 2018. Brighton Holistics is fully registered with the Information Commissioner’s Office (ICO).