As part of the Elite Health service we ask for personal details, the categories of your information that we collect, process, hold and share include: –
- personal information such as name, postal and email address, telephone numbers, and emergency contact details
- medical history, conditions and medications including family history
- previous and current exercise experience
- lifestyle information
- special categories of data including characteristics information such as gender, ethnicity and age
- payment details
Why we collect and use this information to:
- enable us to provide our services to you under the terms of our contract with you.
- ensure our trainers and therapists are aware of any health concerns which may be affected by treatment or training
- provide you with text and email reminders of appointments, advice on treatment and where appropriate rehabilitation exercises or training programmes
- occasionally contact you by email or telephone with staffing updates, new services and changes in tariff. We guarantee never to send more than 4 newsletters or updates per year.
- inform our own marketing, risk and diversity policies
Please be aware that our team RELY on the accuracy of the information you give to work safely and effectively with you. We also request and RELY on you to keep us advised of any changes in your health and personal information. In the event of an emergency or if we have health concerns, we will phone and/or email you to ensure we provide the utmost in client care, therefore, please ensure your details are kept up to date
The lawful basis on which we process this information
Processing is necessary
- to ensure we provide safe and effective treatment and training.
- the performance of our contract with you or for us to take steps for us to enter into a contract
- the legitimate interests of ourselves or a third party, except where such interests are overridden by your interests, rights or freedoms. Such as to enable us to run our business, make marketing and risk decisions or to enable us to comply with our compliance obligations and professional body obligations
- the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller such as our duty to identify fraud.
Collecting this information
Your preferences for communications including confirmation of appointments, marketing and newsletters can be made on this system by accessing your account through the MIndbody app or our online booking system
Log in here
Alternatively, you can let us know your preferences in person at your next appointment or by emailing email@example.com
- The information you provide to us is on a voluntary basis.
- With your express permission we may obtain data from third parties such as your medical records, X Rays, MRI scans or specialist reports.
- This data may be both personal and special personal data (such as personal data about your health or religion).
- We may obtain personal data from publicly accessible sources (such as social media).
Please note we cannot provide our services to you without processing your personal data.
Storing this information
We hold your data;
- for a minimum period of 10 years for yours and our own protection. For example, we may be asked to provide medical and treatment information post an accident or injury.
- In the case of data processed with your consent for marketing purposes your account at Mindbody is automatically deactivated after 3 years from your last contact or earlier if you request. You can request your account to be deactivated at any time.
- All data it is securely disposed of and/or deleted.
- We review our data storage every year to ensure we met our business and compliance requirements whilst retaining information for no longer than necessary.
Who we share this information with
- people in connection with the work we do for you with such as data lawyers and IT companies
- People in connection with the operation of our business such as, accountants, lawyers and regulatory bodies.
- People to whom we have a legal duty, such as the police.
- Marketing companies where your preference allows for example a company processing an information email out to our clients about our tariff, or new services
We always only share the minimum data needed for the above.
Why we share your information
We do not share information about you with anyone without consent unless the law and our policies allow us to do so.
We only share your data if it is
- Necessary for the purpose of our contract with you
- Necessary due to a legal obligation
- Necessary for a legitimate interest we have, after considering your own interests.
We have robust processes in place to ensure that the confidentiality of your personal data is maintained and there are stringent controls in place regarding access to it and its use. Decisions on whether we release your personal data to third parties are subject to a strict approval process and based on a detailed assessment of:
- who is requesting the data
- the purpose for which it is required
- the level and sensitivity of data requested; and
- the arrangements in place to securely store and handle the data
To be granted access to your personal data, organisations must comply with its strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
Sharing Your Data Outside the EU or EEA
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We may transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission, or;
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe, or;
- Where we use providers based in the US, we may transfer data to them if they are part of Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US
Keeping your personal data secure is a priority for Elite Health and any data collected is covered by the Data Protection Act. This means you can see the personal data we hold by requesting a copy in writing and we will comply with your request within one month, free of charge, unless manifestly unfounded or excessive. You also have the right to
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed
- claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, we ask that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/