I have prepared this policy for you to understand how and why I handle personal data. Under the General Data Protection Regulations, I am a “data controller”, as I collect and use personal data. I also use “data processors” who handle some of our data. I therefore have a number of responsibilities to protect customers.

Note that I use Squarespace as my website platform who have their own privacy policy.

What personal data is held? 

I collect and retain personal data for individuals who use services. 

What type of data is held? ​

• Contact data for customers.

• Details of bookings for services, and a record of previous services used. 

• Sensitive data related to bookings (such as health or personal circumstances) that may be relevant to attendance at events. 

  
  Banking or credit card data for clients unless given for a purpose (e.g. a reimbursement) is not held.

Where is personal data stored? 

Personal data, including sensitive data, for clients is stored on a secure server, password protected that meets the highest standards. Personal data is available for admin purpose for routine processing.

Data is held within Squarespace, the website platform within which this site is create.

​I use Monzo bank for financial transactions. You can read their own privacy policy.​

I use Dockwray Accounting for accountancy services.

Who can see the data? 

Personal data (not including sensitive data) may be viewed by: 

• Myself for the purposes of administering a service. 

• Third parties for the purposes of processing payments. 

• Third parties for the purposes of accounting. 

Personal sensitive data may be viewed by: 

• Michael Atkinson who is trained to assess individuals prior to acceptance on an event. 

• Michael Atkinson who needs to know of any relevant issues for an attendee on an event. 

Personal sensitive data may not be viewed by Michael Atkinson or any associated teacher:

• For any purpose other than the above. 

• If the individual is known personally as a friend, family member of in another social context, unless express permission has been granted by individual for the staff member to see that information.

Who is data shared with? 

• I comply with all legal and legislative obligations on personal data. 

• I will not share personal sensitive data with any third party – unless this is a Safeguarding issue.

How do I communicate with people? 

• When people enquire or apply for a service, I will restrict communications to that service. 

• People will be offered the option to sign up to the newsletter service, and I will email those who do from time to time to advise of activities and of other related activities that may be of interest. 

• I use social media to reach out to the general public. I do not harvest personal data from my social media sites.

How long do I hold data? 

• I hold personal data for the minimum amount of time necessary. 

• Unless there is a need to retain the data for longer, sensitive data will be deleted within three years of its use. During that period it will not be accessed without permission of the individual concerned. 

• I will delete data about an individual on request from that person, unless there is some legal obligation to retain that data. 

Questions

• If you have any questions or comments about this privacy policy, please email me at michael@mamindfulness.co.uk