General Data Protection Regulation
As a current, future or former client of Marbles Movement and Learning, we would like to advise on how we will be handling your data to comply with the new General Data Protection Regulation (GDPR).
New Data Protection Legislation is coming in to force in the UK on 25th May 2018. The General Data Protection Regulation (GDPR), is EU wide legislation, and is currently being enacted into UK law and will become the 2018 Data Protection Act.
This legislation will affect every business that handles personal data for clients, customers or staff. Personal data has been defined by the act as ‘any information relating to an identifiable person who can be directly or indirectly identified’.
The data we collect on you
The personal data we collect will include information relating to you/your child's name, address, date of birth, and wider contact details. We will also collect data relating to your therapy plan with us which may include information about any relevant health, disability or learning issues.
This data might be shared with a school your child attends or representatives of any local authorities during annual review meetings or similar meetings. However, you will be informed in advance should we need to share any data. We will only use your data for the purpose for which it was collected, to enable us to provide professional services or to administer any trainings internally within Marbles Movement and Learning Ltd..
We will retain your data for 7 years following the end of your assignment with us. If you wish to remove your data from our database, please let us know by May 24th, 2018. Please note this will unable us to contact you in relation to any therapy offer we communicate towards our clients.
You have the Individual Rights under the Data Protection act 2018
To be informed about the personal data we hold on you
To object to the processing of your personal data
Restrict the processing of your personal data
To rectify your personal data
To erase your personal data
You can exercise your Individual Rights at any time without charge. However, if your request is considered repetitive, unfounded or excessive a reasonable administration fee can be charged.
We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data.
The data you collect on your clients
If you have clients whose personal data you collect and store you will need to ensure you comply with GDPR. To do this you must make available to them a notice that informs them about:
What information you collect
What you use it for
Who you might share it with
How long you keep it for
You must also inform them of their Individual Rights under the Data Protection Act 2018 (shown above)
Record Keeping and the GDPR
Personal data should not be kept for longer than is necessary. In the case of a client’s treatment notes, where claims for damages may occur some time after an event, we recommend that records should be kept for 7 years after the last treatment.
Kind regards,
Marbles Movement and Learning Ltd.