Privacy Policy

GDPR Policy for Prestige Martial Arts

 

Introduction

 

Prestige Martial Arts is committed to protecting the privacy and security of the personal data of our students, staff, and partners. This policy outlines how we ensure compliance with the General Data Protection Regulation (GDPR), detailing how personal data is collected, processed, stored, and secured.

 

1. Definitions

    •    Personal Data: Any information relating to an identified or identifiable individual.

    •    Data Subject: The individual whose personal data is processed.

    •    Processing: Any operation performed on personal data (e.g., collection, storage, use, sharing).

    •    Data Controller: Prestige Martial Arts, responsible for determining the purposes and means of processing personal data.

    •    Third Parties: External organisations or individuals with whom personal data may be shared.

 

2. Principles of Data Processing

 

Prestige Martial Arts commits to processing personal data in accordance with GDPR principles:

    1.    Lawfulness, fairness, and transparency:

    •    Data will be processed lawfully, fairly, and in a transparent manner.

    2.    Purpose limitation:

    •    Data will be collected for specific, explicit, and legitimate purposes and not used for unrelated purposes.

    3.    Data minimisation:

    •    Only data that is necessary for the intended purpose will be collected.

    4.    Accuracy:

    •    All reasonable steps will be taken to ensure data is accurate and kept up-to-date.

    5.    Storage limitation:

    •    Personal data will not be retained longer than necessary.

    6.    Integrity and confidentiality:

    •    Appropriate security measures will be implemented to protect data.

 

3. Types of Personal Data Collected

 

We collect and process the following categories of personal data:

    •    Identity Data: Name, date of birth, and gender.

    •    Contact Data: Address, phone number, and email address.

    •    Health Data: Relevant medical information (e.g., allergies, injuries) necessary for safety during training.

    •    Payment Data: Bank details or other billing information for processing payments.

    •    Attendance Data: Records of attendance and participation in classes or events.

    •    Emergency Contact Data: Name and contact information of a designated person in case of emergencies.

 

4. Legal Basis for Processing Personal Data

 

Personal data is processed only when there is a valid legal basis, including:

    •    Consent: Data subjects provide explicit consent for specific purposes.

    •    Contractual obligations: Processing is necessary for the performance of a contract (e.g., membership agreements).

    •    Legal obligations: Compliance with legal or regulatory requirements (e.g., accounting).

    •    Legitimate interests: Processing is necessary for legitimate business purposes, provided it does not override the rights of the data subject.

 

5. Consent Requirements

 

In accordance with GDPR, Prestige Martial Arts ensures that:

    •    Consent is freely given, specific, informed, and unambiguous.

    •    Consent is obtained through a clear affirmative action (e.g., signing a form or checking a box).

    •    Individuals are informed of their right to withdraw consent at any time without affecting the lawfulness of processing based on prior consent.

 

6. Rights of Data Subjects

 

Under GDPR, individuals have the following rights:

    1.    Right to Access:

    •    Request a copy of their personal data and information on how it is processed.

    2.    Right to Rectification:

    •    Request corrections to inaccurate or incomplete data.

    3.    Right to Erasure (“Right to be Forgotten”):

    •    Request deletion of their personal data, subject to legal or contractual obligations.

    4.    Right to Restrict Processing:

    •    Request that data processing be restricted under certain circumstances.

    5.    Right to Data Portability:

    •    Request their personal data in a structured, commonly used, and machine-readable format.

    6.    Right to Object:

    •    Object to data processing based on legitimate interests or for direct marketing purposes.

    7.    Rights Related to Automated Decision-Making and Profiling:

    •    Not be subject to decisions based solely on automated processing.

 

7. Data Security Measures

 

Prestige Martial Arts takes the following measures to ensure data security:

    •    Encryption of sensitive data.

    •    Access controls to limit data access to authorised personnel.

    •    Regular data protection training for staff.

    •    Use of secure systems for data storage and processing.

    •    Regular audits to identify and mitigate security risks.

 

8. Data Sharing and Third Parties

 

Personal data may be shared with third parties only when necessary, and safeguards are in place to protect the data. This includes:

    •    Payment processors.

    •    IT service providers.

    •    Emergency services (in case of health or safety emergencies).

 

9. Data Retention Policy

 

We retain personal data only for as long as necessary for the purposes it was collected or as required by law. Retention periods are reviewed regularly, and unnecessary data is securely deleted.

 

10. Complaints and Breaches

 

If a data breach occurs, Prestige Martial Arts will notify the affected individuals and relevant authorities (e.g., the Information Commissioner’s Office) within 72 hours, if required.

 

11. Policy Review and Updates

 

This policy is reviewed annually or when significant changes in data processing activities or GDPR regulations occur.

 

Contact Information

 

If you have any questions or concerns regarding this policy, please contact:

Prestige Martial Arts

Email: prestigemartialart@icloud.com