The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a new regulation which replaces the Data Protection Directive (Directive 95/46/EC).
The General Data Protection Regulation builds on previous legislation but enhances privacy rights for individuals. The GDPR will apply in the UK from 25th May 2018.
Despite the UK’s intention to leave the European Union in March 2019 the GDPR will still apply in accordance with the Information Commissioner’s Office (ICO) guidance to continue a similar level of regulation post March 2019 together with a new Data Protection Act.
We at Outside In Coaching & Communications Ltd are committed to safeguarding the privacy of visitors to our website www.walkingcoach.co.uk and users of our coaching and consulting services through the Walking Coach and Outside In brand offerings, in line with the regulations laid down by GDPR. (In this privacy notice, "we", "us" and "our" refer to Outside In Coaching & Communications Ltd.)
This privacy notice provides you with details of how we collect and process your personal data through your use of our website and of our services.
Outside In Coaching & Communications Ltd is the data controller with respect to the personal data of our website visitors and service users - in other words, where we determine the purposes and means of the processing of that personal data.
If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).
We should be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you. Our contact details can be found at the end of this notice.
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at firstname.lastname@example.org
What Data Do We Collect About You?
Personal data means any information capable of identifying an individual. It does not include anonymised data.
We may process certain types of personal data about you as follows:
- Identity Data may include your first name, maiden name, last name, username, marital status, title, date of birth and gender. This may also include photography and video featuring your image.
- Contact Data may include your billing address, personal and/or office address, email address and telephone numbers.
- Transaction Data may include details about payments between us and other details of purchases made by you.
- Profile Data may include your username and password, purchases or orders, your interests, preferences, feedback and survey responses. We will also record any other professional or personal information which is relevant to your situation and how we might help you.
- Service Data may include records of our coaching conversations and any reflection or fieldwork notes that you submit as part of the coaching process. This may also include recordings of our coaching conversations which are conducted over webcam platforms such as Zoom.
- Usage Data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.
- Marketing and Communications Data may include your preferences in receiving marketing communications from us and your communication preferences.
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver our services to you). If you don’t provide us with the requested data, we may have to cancel a service you have ordered but if we do, we will notify you at the time.
How We Collect Your Personal Data
We collect data about you through a variety of different methods including:
Direct interactions: You may provide data by filling in forms on our site (or otherwise) or by communicating with us by post, phone, email or otherwise, including when you:
- contract our services;
- subscribe to our service or publications;
- request resources or marketing be sent to you;
- enter a competition, prize draw, promotion or survey; or
- give us feedback.
Cookies: Like most websites, our Walking Coach website uses ‘cookies’, small packets of data that are stored in your web browser. Cookies help us to identify information such as how many people are using our site and what devices they’re using.
We also use Google Analytics and our website content platform Squarespace to analyse data and aggregate patterns of use. This allows us to tailor our service to best meet the needs of the people using it.
You can manage how your browser handles cookies, or refuse them altogether, by changing your settings. www.aboutcookies.org has useful information on how to manage cookies in your browser.
How We Use Your Personal Data
We will only use your personal data when legally permitted. The most common uses of your personal data are:
- In order that we can provide our services and communicate with you.
- Where we need to perform a contract between us, or take steps at your request to enter into such a contract.
- Where it is necessary for our legitimate interests (or those of a third party) namely the proper administration of our website and our business, and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation, or take steps to proper protection of our business from risk.
Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via email or text message. Exceptions are noted below.
You have the right to withdraw consent to marketing at any time by emailing us at email@example.com
From time to time we may arrange a meeting with you via a Webcam video calling package, such as Zoom or Webex. The agreed package will not collect your personal information and sessions are not recorded unless express agreement is obtained from you.
When sessions are recorded, we retain a copy of the audio recording only. All other media files relating to the session are deleted.
Video calls take place using Secure Socket Layer (SSL) encryption to ensure they remain confidential. You will be sent details about your session by email or via calendar invitation.
If you want to keep these details private please use an email address that only you have access to.
The software that we use may remain on your device once the session has finished, it may also leave cookies. However, these will not contain identifiable information about you or your meeting.
Images and films
During group events, retreats or workshops we may photograph or film individuals; however this will always be with the express permission of those involved and is for the purpose of capturing and celebrating the work we do. We will never use images or footage of an individual in any of our marketing material or on our website without first having received written agreement to the usage of their image in this way.
Providing your personal data to others
We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We may disclose service data, enquiry data and correspondence data to our subcontractors or associates insofar as reasonably necessary for the performance of a contract between you and us.
Financial transactions relating to our website and services may be handled from time to time by our payment services provider, PayPal. We will share transaction data with payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services provider’s privacy policies and practices at www.paypal.com
In addition to the specific disclosures of personal data set out in this Section 3, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person
International transfers of your personal data
There are certain circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).
Our supplier of email distribution services is situated in USA. The European Commission has made an "adequacy decision" with respect to the data protection laws of USA.
You acknowledge that personal data that you submit for publication through our website, such as contribution to our blog, may be available via the internet, around the world. We cannot prevent the use or misuse of such personal data by others.
Retaining and deleting personal data
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Coaching and development related data is retained for a minimum period of five years following the commencement of contract, and for a maximum period of six years following the commencement of contract. These are the timelines required by our Professional Indemnity Insurance.
Account data and Transaction data will be retained for a minimum period of six years from the end of the last company financial year they relate to, or longer if they show a transaction that covers more than one of the company's accounting periods or if required to do so by the relevant tax authorities.
In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the need, use and application of the data, in accordance with Article 5(1)(e) of the 2018 General Data Protection Regulation (GDPR).
Notwithstanding the other provisions of this Section 5, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy. We may notify you of changes to this policy by email.
You may instruct us to provide you with any personal information we hold about you by emailing us firstname.lastname@example.org . Please note there may be a delay of up to two weeks to cover the time needed to access our archives.
We may withhold personal information that you request to the extent permitted by law.
You may instruct us at any time not to process your personal information for marketing purposes. In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes.
Queries and complaints
Any comments or queries on this policy should be directed to the Company via email@example.com