Privacy

We respect your privacy and are committed to protecting your personal information, which we call “personal data”. This privacy notice will tell you how we look after your personal data and about your privacy rights. Muddy Feet Training is committed to protecting the privacy of its users. This Privacy Policy is designed to help you understand what information we gather, how we use it, what we do to protect it, and to assist you in making informed decisions when using our Service. Muddy Feet Training will adhere to the Principles of Data Protection, as detailed in the GDPR
We have tried to be brief and clear. We are happy to provide any additional information or explanation.
- General information
Data Controller (referred to as “we/us/our”) |
Muddy Feet Training |
Name or title of Data Protection Manager:
|
Alexandra Williams |
Email:
|
|
|
Registered with the Information Commissioner's Office under registration reference: ZA334478 |
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO) (www.ico.org.uk). We would appreciate the chance to deal with your concerns first.
- HOW WE COLLECT YOUR PERSONAL DATA
You may give us data orally or by filling in forms or by corresponding with us by post, phone, email, web or otherwise, for example when you:
• enter into a contract with us or contact us about doing so;
• contact us about any contract we have with you;
• request marketing to be sent to you;
• book on to an event, party or training course
• We may also receive personal data about you from third parties and public sources, including other customers when they interact with us)
- HOW WE USE YOUR DATA
We will only use your personal data when the law allows us to. We have set out below how and why we plan to use your personal data.
Purpose/Activity
|
Lawful basis for processing including basis of legitimate interest
|
To register you with our business including booking on to events and training courses |
Performance of a contract with you |
Sharing personal data for qualification or safeguarding checks |
This will not occur without the express permission of the person whose data must be shared. |
There are circumstances where the law allows us to disclose data (including sensitive data) without the data subject’s consent. |
These are: Carrying out a legal duty or as authorised by the Secretary of State Protecting vital interests of a Individual/Service User or other person The Individual/Service User has already made the information public Conducting any legal proceedings, obtaining legal advice or defending any legal rights Monitoring for equal opportunities purposes – i.e. race, disability or religion Providing a confidential service where the Individual/Service User’s consent cannot be obtained or where it is reasonable to proceed without consent: e.g. where we would wish to avoid forcing stressed or ill Individuals/Service Users to provide consent signatures. Muddy Feet Training intends to ensure that personal information is treated lawfully and correctly. |
To perform any contract with you including: Managing payments, fees and charges Collecting and recovering money owed to us Addressing any breach |
Performance of a contract with you Necessary for our legitimate interests (to recover debts due to us) Necessary for our legitimate interests (to ensure compliance with contract terms)
|
To manage our relationship with you which will include: Notifying you about changes to our terms or privacy policy Notifying you about changes to our business which are relevant to you
|
Performance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests (to keep our records updated and to study how people use our business)
|
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
|
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) Necessary to comply with a legal obligation
|
To make suggestions and recommendations to you about goods or services that may be of interest to you
|
Necessary for our legitimate interests (to develop and grow our business)
|
Asking you to partake in a review |
Necessary for our legitimate interests (to study how people use our business, to develop and grow our business)
|
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
|
Necessary for our legitimate interests (to study how people use our business, to develop and grow our business and to inform our marketing strategy)
|
To use data analytics to improve our website, products/services, marketing, relationships and experiences
|
Necessary for our legitimate interests (to define types of people for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
|
|
|
PROMOTIONAL OFFERS FROM US
We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you.
We may then use your personal data to send you marketing communications from us if you have requested information from us or purchased goods or services from us in each case, you have not opted out of receiving that marketing.
OTHER MARKETING
We will get your express opt-in consent before we use your personal data for any other marketing purpose, we do not share your details with third parties for marketing purposes.
OPTING OUT
You can ask us or third parties to stop sending you marketing messages at any time by contacting our DPM.
CHANGE OF PURPOSE
Please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.
However, if we need to use your personal data for a new purpose and the law allows us to do so, we will notify you and explain the legal basis for our actions.
VISITORS TO OUR WEBSITE
If we want to collect personally identifiable information through our website, we will be up front about this.
When someone visits our website, we may use a third-party service to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone.
THIRD-PARTY LINKS
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
- OUR RESPONSIBILITIES
We shall ensure data :
- Shall be processed fairly and lawfully and, in particular, shall not be processed unless specific conditions are met,
- Shall be obtained only for one or more of the purposes specified in the Act, and shall not be processed in any manner incompatible with that purpose or those purposes,
- Shall be adequate, relevant and not excessive in relation to those purpose(s)
- Shall be accurate and, where necessary, kept up to date,
- Shall not be kept for longer than is necessary
- Shall be processed in accordance with the rights of data subjects under the Act,
- Shall be kept secure by the Data Controller who takes appropriate technical and other measures to prevent unauthorised or unlawful processing or accidental loss or destruction of, or damage to, personal information,
- Shall not be transferred to a country or territory outside the European Economic Area.
To do this we will :
- Observe fully conditions regarding the fair collection and use of information
- Meet its legal obligations to specify the purposes for which information is used
- Collect and process appropriate information, and only to the extent that it is needed to fulfill its operational needs or to comply with any legal requirements
- Ensure the quality of information used
- Ensure that the rights of people about whom information is held, can be fully exercised under the Act.
These include:
The right to be informed that processing is being undertaken,
The right of access to one’s personal information
The right to prevent processing in certain circumstances and
The right to correct, rectify, block or erase information which is regarded as wrong information)
Take appropriate technical and organisational security measures to safeguard personal information
Ensure that personal information is not transferred abroad without suitable safeguards
Treat people justly and fairly whatever their age, religion, disability, gender, sexual orientation or ethnicity when dealing with requests for information
Set out clear procedures for responding to requests for information
- DATA COLLECTION
Informed consent is when
An Individual/Service User clearly understands why their information is needed, who it will be shared with, the possible consequences of them agreeing or refusing the proposed use of the data
And then gives their consent.
Muddy Feet Training will ensure that data is collected within the boundaries defined in this policy. This applies to data that is collected in person, or by completing a form.
When collecting data, Muddy Feet Training will ensure that the Individual/Service User:
- Clearly understands why the information is needed
- Understands what it will be used for and what the consequences are should the Individual/Service User decide not to give consent to processing
- As far as reasonably possible, grants explicit consent, either written or verbal for data to be processed
- Is, as far as reasonably practicable, competent enough to give consent and has given so freely without any duress
- Has received sufficient information on why their data is needed and how it will be used
- DATA STORAGE
Information and records relating to service users will be stored securely and will only be accessible to authorised staff and volunteers.
Information will be stored for only as long as it is needed or required statute and will be disposed of appropriately.
It is Muddy feet Training responsibility to ensure all personal and company data is non-recoverable from any computer system previously used within the organisation, which has been passed on/sold to a third party.
- DATA ACESS AND SECURITY
All Individuals/Service Users have the right to access the information that we holds about them. We will also take reasonable steps to ensure that this information is kept up to date by asking data subjects whether there have been any changes.
We have a Data Protection Officer with specific responsibility for ensuring compliance with Data Protection Everyone processing personal information understands that they are contractually responsible for following good data protection practice
- PROCEDURE FOR REQUESTING ACCESS TO
Applications to access or erase data held by us must be made in writing by the person whose information is being requested. We will respond to the written request as soon as possible and and complete the request within one calendar month. Where data will be erased, and we will inform the subject that the information has been erased.
This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the GDPR.
In case of any queries or questions in relation to this policy please contact the Data Protection Officer