I am committed to protecting your privacy and being transparent about the type of personal information I hold about you.
This policy details how I collect and process information. It is important that you read and understand this policy, as well as any subsequent or additional policies that are bespoke to a particular programme or activity that I am working on, in order to understand how and why I am using your data.
This policy has been written with reference to the General Data Protection Regulation (2018).
This policy explains:
- The nature of my work
- Information I may hold about you
- How I collect your data
- How I may use your information
- Disclosure of details to third parties
- Security of your personal information
- Personal data breaches
- Data retention and your legal rights
- Contact details for further information
1. The nature of my work
I am self-employed with a portfolio career. My work spans the following (non-exhaustive) list of activities:
- Action Learning
- Programme and project management
- Voluntary work as a trustee
I work with individuals and with organisations on both a one off, short term (over a number of months) and longer-term (over a number of years) basis.
The majority of my work is within the subsidised arts and culture sector or the education sector though I do, on occasion, work within and across other sectors.
I maintain membership of People Dancing and the Association for Coaching, am signed up to the update service of the Disclosure and Barring Service, have appropriate insurance and keep my practice up to date with regular training.
2. Information I may hold about you
Trust is of utmost importance in my work. I am therefore keen that you understand the personal information that I may hold about you. Personal information relates to information from which a person is identifiable. It does not include data that is depersonalised.
I will collect, store and process information about you only where I have legal basis for doing so. The information this relates to is explained as follows:
- Identity data – name, title, date of birth, gender
- Contact data – address, email address, telephone numbers, social media accounts/profiles
- Financial data – account details and payment card details
- Transaction data – details of products, services and transactions you contacted me about or purchased from me
- Marketing and communications data – information about the marketing you want to receive from me and the way in which you’d like to do so
- Usage data – how you use my website, engage with my social media, products and services
- Technical data using analytics – internet protocol (IP) address, login data, browser type/version, length of visit to pages on my website, page views, navigation paths, number of times you used my website, time zone settings and other technology on the devices you use to access my website
- Health data – next of kin and doctor details (for coaching, mentoring and action learning clients only in order to fulfil my moral obligations and duty of care)
- Sensitive data – information about criminal convictions and offences related to the Disclosure and Barring Service (when managing work with children and young people and vulnerable adults on behalf of clients. Once collected this information is immediately passed onto the client and becomes their responsibility).
- Record keeping – brief, password protected, notes recording key themes of discussions and basic actions agreed (coaching, mentoring and action learning only)
- Evaluation data – quantitative and qualitative feedback on activities, including written testimonials
In addition to the above I may collect, use and share aggregated data – statistical or demographic data which is derived from your personal information but does not reveal your identity – e.g. percentages of clients who engaged with my work in a particular way. I may also share the themes of any coaching, mentoring and action learning session with my supervisor. My work with a supervisor is covered by a confidentiality clause.
3. How I collect your data
I collect information about you in a number of different ways. This includes:
- Information you give me – when approaching me about work, when requesting or confirming my services, when registering for an event, activity or project or when signing up to my mailing list. Privacy and confidentiality will be discussed and negotiated at the outset of my work with all clients and with specific consideration given to those engaging my services for coaching, mentoring or action learning due to the nature of the data obtained and records kept
- Information from third parties – when analytics providers may collate information
In relation to the above, I have carefully selected the third party providers that I use to support my work and believe that they have policies for how they treat their data. These consist of the following (non exhaustive):
- WordPress (website hosting)
- Eventbrite (event registration)
- Mailchimp (email marketing)
- Google (website analytics)
- Dropbox (file storage)
- Basecamp (file storage and team communications)
- G Suite (file storage and team communications
- Slack (file storage and team communications)
- Macmail (email services)
- Yahoo (email services)
- Facebook (social media)
- Instagram (social media)
- Twitter (social media)
- Youtube (video footage)
Please review their policies if you have any concern about how they treat their data.
In addition to the above and under the Private and Electronic Communications Regulations, if you are a limited company, I may send you marketing emails without your consent. You will be able to opt out of these at any time.
4. How I may use your information
I will only use your personal information when it is lawful to do so. The lawful ground for my data collection and usage consists of:
- Legitimate business interests, as explained below:
- To communicate with you
- To deliver a contract for you
- To keep records of our work together
- To effectively administrate, monitor and secure my digital presence
- To grow by business
- To evidence my moral and/or legal compliance and/or regulatory obligation (for some areas of my work)
- When I have your explicit consent for using your personal information in a specific situation
When communicating with you in order to promote my work I will strive to do so in ways that are respectful, relevant and time sensitive. In most cases this will be in email/digital form rather than by post.
You can opt out of postal communications by using the contact details at the end of this polity.
You can opt out of email communications by clicking the “unsubscribe” option at the bottom of every email that I send. You can opt out of other digital communications by changing your own notification settings.
5. Disclosure of details to third parties
I will never knowingly pass on your data to third company parties to use for their own gain.
However, there are circumstances when I may have to share your personal information with third parties. These consist of the following:
- Where I have chosen to work with the third party providers listed under section 3 above which provide a specific service in accordance with my instructions and with lawful respect to the privacy of your information
- Where I am seeking the professional advice of an IT support person, accountant, lawyer or insurer related to my work. Here I would ensure that they respected your personal data
- Where I have a duty to disclose your personal data to comply with any legal obligation
- Where I have a responsibility to provide funding bodies and key stakeholders with quantitative and qualitative data. This data will be anonymised unless you have given your consent for your identify to be used (e.g. for a named quote or testimonial)
6. Security of your personal information
I have put procedures in place to make sure your personal data is secure and prevent it from being accidentally lost, used, altered, disclosed or accessed without permission. This includes:
- Using password protection for information that is stored digitally
- Using anti-virus software
- Using a locked cupboard for information that is stored in hard copy format
- Ensuring any work I deliver is contracted and there are clear confidentiality clauses and data management processes
- Ensuring anyone I engage to work with me understands their responsibilities related to this policy.
7. Personal data breaches
A breach is considered any loss, alteration, unauthorised disclosure or access to personal data. I am committed to disclosing any data breach that might negatively affect you in a timely manner so that you can take appropriate action.
8. Data retention and your legal rights
The GDPR gives you the right to:
- know what data I hold about you and request access to it.
- have any data updated/corrected if it is inaccurate (I may need to see evidence to verify the accuracy of any new data)
- have any data removed entirely if you no longer consent to my use of it (though this may not always be possible if there are specific legal reasons and, if this is the case, this will be explained to you)
- object to the processing of your personal information
- request restriction to the processing of your personal information
- request to transfer of your information. We will do this in a structured community used format
- Withdraw consent
- Complain to the Information Commissioner’s Office to make a complaint (if a European citizen)
- There is no fee required for the above. However, I may charge you a reasonable fee or refuse to comply with your request if any request is unfounded, repetitive, of excessive.
In acting on any of the above I may need you to confirm your identity and ensure your right to access the data. This is a security measure to protect data.
Please use the contact details provided to make any request. I will then aim to respond within one month of receiving receipt of any request. Occasionally it may take longer it the request is complex.
This policy may change from time to time. Where I have accurate contact details I will always communicate any major change.
10. Contact details for further information
Jane Ralls (legally Keep)