This is the Privacy policy of www.daphnecaumartin.com
“We”, “our”, or “us” refer to Daphne Caumartin of www.daphnecaumartin.com
Introduction
- This is a notice to inform you of our policy about all information that we record about you. It sets out the conditions on how we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not.
- We take seriously the protection of your privacy and confidentiality. We understand that all visitors to our website are entitled to know that their personal data will not be used for any purpose unintended by them and will not accidentally fall into the hands of a third party.
- Our policy complies with UK law accordingly implemented, including that required by the EU General Data Protection Regulation (GDPR).
- The law requires us to tell you about your rights and our obligations with you in regards to the processing and control of your personal data.
- We do not sell your information such as names or contact details to other companies.
1. What Is The Legislation That Protects You and Your Personal Data
General Data Protection Regulation ((EU) 2016/679) is the European legislation, which came into effect on 25th May 2018.
GDPR is incorporated into UK legislation through the Data Protection Act 2018 and it provides enforceable legal rights for individuals against organisation who process their personal data.
2. Who Are we and How to Contact Us
- Name: Daphne Caumartin
- Email daphne.eft@gmail.com
We respect your privacy, and we are committed to protect your personal data We shall ensure that your personnel data is processed in accordance with this policy so please read it carefully and let us know if you have any queries.
3. How Will We Process Your Personal Data
Personal Data includes any and all data which can identify an individual. We are committed to ensuring that we process your data in accordance with the following principles.
a) Lawfully, Fairly and Transparently
We are processing your data because you have provided consent by agreeing to this policy or to meet our legal requirements to provide you our services and run a compliant business.
You can withdraw your consent at any time by contacting us using the details above.
b) Why Are we Holding Your Data
We will only process your personal data for the following purposes;
a) to enable us to provide you the services as set out in the contract between us.
b) to enable relevant certificates to be provided.
c) to keep you updated with our latest news and offers.
c) What Data Will We Be Holding
We will only collect and hold sufficient personal data to enable us to undertake the purposes set out in clause 2 above, including
- Identity Data includes First and last name, payment details
- Contact Data includes e-mail address and telephone number, trading or home address
- Technical information, which is automatically collected through the website
- Special Category Data (this may include details about your race or ethnicity, gender and information about your health). We will hold transcripts of clients coaching conversation (which are checked and sanitised by the Client) for review and this shall be forwarded to EFTi as part of the accreditation process at L2 and L3.
We do not collect any information about criminal convictions and offences.
If you believe the personal data we are holding is excessive then please contact us.
d) How We Collect Your Personal Data
We only collect personal data that You provide to us directly through any of the following methods
- by filling in forms or by corresponding with us by post, phone, email or otherwise.
- completing details or interacting with our website.
e) Keeping Your Personal Data Accurate
You are responsible for ensuring that all personal data provided by you is accurate and advise us as soon as possible of any amendments required.
We may request that you confirm the accuracy of your personal data, which you are required to respond to within 14 days
Failure provide or keep your personal data up to date may result in us ceasing to provide the services to you.
f) Storing And Deleting Your Personal Data
All digital Personal data will be held on IT hardware owned by us and is only available to authorised representatives of our business or as set out in this policy. All personal data completed on paper ie registration forms shall be kept in a locked files and only authorised representatives of our business shall have access to these files.
We shall store your personal data for duration of the services we provide to you (including any renewal or extension periods) plus 6 years.
If you wish your personal data to be deleted prior to the timescales above, please contact us and we will action such request within 10 working days.
g) Protecting Your Personal Data
We are undertaking all reasonable security measures including but not limited to password protecting all PC’s which personal data is held on. Personal data is backed up to separate secure servers and emails are backed up to the cloud. All hardware has relevant and up to data security and anti-virus software enabled., including but not limited to Intego and Malwarebytes.
4 Cookies on our website
We use cookies on our website which may include:
(a) Analytical/performance cookies – which count and trac visitors to our website and evaluate how visitors use the website.
(b) Targeting cookies –which record your visit to our website, the pages you have visited and the links you have followed.
You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you do so, you may not be able to access all or parts of our website.
5. Sharing Your Personal Data
We shall not transfer or share your personal data with any 3rd parties except as follows;
- A service provider for admin, social media or marketing purposes, who is under contract to us to provide such services.
- EFT International, the governing body for EFT.
- Our accountant for the purposes of completing tax returns and HMRC enquires.
We may use 3rd party software to process your personal data for the sole purposes as set out in this policy and undertaking the services.
We will use reasonable endeavours to ensure that the 3rd parties stated above comply with GDPR and We will advise you if any 3rd parties change.
We may process your personal data outside the UK or the EU
6. What To Do If You Believe There Is A Personal Data Breach
If you suspect there has been a potential or actual breach of your personal data then you should contact us as soon as possible detailing the nature of the breach (notice of Breach).
We will acknowledge your Notice of Breach within 7 working days and investigate the breach within an additional 20 working days.
If through the investigation we determine that there has been a personal data breach, then We will take all necessary action in order to rectify the situation and minimalise any potential or actual damage caused through such a personal data breach.
We will communicate with you regarding the action being taken.
We will comply with any guidelines issued by the Information Commissioners Office (ICO) in relation to Personal Data Breach’s, including notifying the ICO when required to do so.
If this does not resolve your complaint to your satisfaction, you have the right to lodge a complaint with the Information Commissioners Office
7 Your Legal Rights
Unless subject to an exemption under the data protection laws, you have the following rights with respect to your personal data:
- The right to request a copy of the personal data which we hold about you.
- The right to request that we correct any personal data if it is found to be inaccurate or out of date.
- The right to request your personal data is deleted where it is no longer necessary to retain such data.
- The right to withdraw your consent to the processing at any time, where consent was the lawful basis for processing your data.
- The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), where applicable i.e., where our processing is based on consent or is necessary for the performance of our contract with you or where we process your data by automated means);
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
- The right to object to our processing of personal data, where applicable i.e., where processing is based on our legitimate interests (or in performance of a task in the public interest/exercise of official authority); direct marketing or processing for the purposes of scientific/historical research and statistics).
If you wish to exercise any of the rights set out above, please contact us using the details in the policy.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). Without complying with this essential security measure, we may not be able to meet your request.
We try to respond to all legitimate requests within 20 working days, however on occasion it may be necessary for this period to be extended and in this event, we shall write to advise you of the extension of time required.
4. When We Act As A Data Processor For You
When you are the data controller who has permitted us to process personal data held by you, then you shall ensure that you have the full consent/rights of the data subject that their personal data being passed to us. You are fully responsible for ensuring that the personal data processed by you and passed to us complies with all principles of GDPR and you fully indemnify us for any damages or claims against us for your failure to comply with this provision.
If you are a business or organisation then by signing this policy your business / organisation is committed to being GDPR compliant and has taken all reasonable actions to achieve this.
5. Changes To This Policy
We may update this privacy notice from time to time as necessary.