GDPR and Wing Chun Street Defence
As our original data protection systems were already more robust than required, few WCSD clients will notice any change at all.
How does the GDPR define WCSD’s role?
When an individual purchases products or services from Wing Chun Street Defence, some personal data will need to be shared between the individual and WCSD. GDPR defines BOTH the purchaser and WCSD as “Joint Data Controllers”.*
Written Contract? Not required with WCSD.
This page on the ICO website states that a written contract is needed in some circumstances:
“Whenever a controller uses a processor it needs to have a written contract in place.”
WCSD is defined as a Data Controller” rather than a “Data Processor”.
What is the difference between a “Data Controller” and a “Data Processor”?
- a) A “Data Controller” has responsibility for how any data is processed and stored (including selecting any software used), how long that data is kept and how the data should be disposed of when that period expires.
- b) A “Data Processor” has none of these responsibilities. Therefore a written contract is required to guarantee that the “Data Processor” behaves entirely in accordance with the instructions of the “Data Controller”.***
WCSD is committed to protecting the privacy of customers. WCSD complies with GDPR and the Data Protection Act 1998, and does not share data with third parties except where required by law.
This privacy notice sets out how WCSD uses and protects any information that customers give WCSD when using any of the company’s services.
Purpose of data processing
The overriding principle for WCSD in processing data is that is done fairly, lawfully and transparently. The purpose of Data Processing by WCSD is to undertake its legitimate business interest to provide martial arts training services.
We will treat any personal information by which a customer can be identified (i.e. name, address, email etc.) in accordance with the provisions of General Data Protection Regulations (GDPR) and the Data Protection Act 1998; and will not share information with any third party, except where required by law. Rigorous procedures have been established by WCSD to reduce risk of compromise and ensure data is processed lawfully.
WCSD Key Roles
The Data Controller is – Barry Holland, Director, WCSD
The Data Protection Officer is – Barry Holland, Director, WCSD
They can be contacted at –
61 Union Street East
WCSD – Legitimate Interest
Legitimate Interest is the primary basis on which WCSD processes data. This is necessary to enable the effective and safe provision of WCSD’s services. The data WCSD processes, as part of its business operations, has minimal impact on customer’s privacy. The principle beneficiaries of WCSD processing data on this basis are customers who wish to utilise our services.
WCSD will only use individuals’ data in ways they would reasonably expect, unless we have a very good reason not to, such as an overriding duty to ensure a person’s safety. Data will only be shared with third parties in order to process the legitimate interest.
Individuals who are contacted by WCSD as part of any marketing initiative will be given clear information about how to ‘opt out’ of future contact should they wish to (see ‘Consent’)
WCSD has undertaken an assessment of its data processes to ensure that our Legitimate Interest is necessary and proportionate and is the least intrusive basis for processing our customer’s data.
In circumstances where Legitimate Interest is not the most proportionate basis to process data we will seek the consent of the person concerned. Personal data will be processed by WCSD employees, contracted staff and volunteers in accordance with this Privacy Notice
Data Subject Rights
Data Subjects have the following rights –
- Right to be Informed
- Right of Access
- Right to Rectification
- Right of Erasure
- Right to Restrict Processing
- Right to Data Portability
- Right to Object
- Rights related to Automated Decision Making and Profiling
WCSD will ensure that the rights of data subjects are complied within in accordance with guidance provided by the Information Commissioners Office under GDPR –
Data Protection Impact Assessment (DPIA)
WCSD has not undertaken a DPIA as our processing is not likely to result in a high risk to individuals’ interests or their privacy. This decision will be reviewed on a quarterly basis to consider any change in circumstances which mean that a DPIA will be appropriate.
No sensitive personal data is obtained or retained by WCSD
Consent will be used on a limited basis by WCSD in respect of consent to receive marketing information, newsletters and training updates. Any consent request will be unambiguous and involve a clear affirmative action (an opt-in). It will be separate from other terms and conditions and will not be a precondition of signing up to a service. Any personal data obtained through consent will be retained securely, will be used solely by WCSD and will not be passed to third parties except where required by law
How we check that the information we hold is accurate and up to date
WCSD has completed an Information Asset Register (IAR) to enable assessment of data processing procedures. This will be reviewed, as a minimum, on a quarterly basis to ensure that processes, and data retained, are accurate and up to date.
Data Retention Periods
Data retention periods are 60 months and will be reviewed subject to need and any changes in legislation.
Disclosure of personal information
In most circumstances we will not disclose personal data without consent unless it is outlined in this notice. However, in some circumstances we can pass on personal data without consent, for example to prevent and detect crime and to produce anonymised statistics.
Any suspected data breaches should be reported to the Data Controller who will assess impact and consider further action in accordance with statutory guidance issued by the Information Commissioners Office.
Controlling customers’ personal information
Customers may choose to restrict the collection or use of their personal information and if they have previously agreed to us using their personal information for direct marketing purposes, they may change their mind at any time by writing to or emailing us
We will not sell, distribute or lease any personal information to third parties unless we have permission or are required by law to do so. Data will only be shared with third parties in order to process the legitimate interest.
Access to personal information
WCSD tries to be as open as it can be in terms of giving people access to their personal information. Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about an individual we will:
- give them a description of it;
- tell them why we are holding it;
- tell them who it could be disclosed to; and
- let them have a copy of the information in an intelligible form.
To make a request to WCSD for any personal information we may hold under the Data Protection Act 1998, anyone may request details of personal information which we hold about them . A small fee will be payable. If they would like a copy of the information held on them they can write to The Data Controller, WCSD, 61 Union Street East, Stowmarket, Suffolk. IP14 1HP
If they believe that any information we are holding on them is incorrect or incomplete, they should write to or email us as soon as possible, at the above address. We will promptly correct any information found to be incorrect. If they agree, we will try to deal with their request informally, for example by providing the specific information needed over the telephone. If we do hold information anyone can ask us to correct any mistakes by contacting the Data Controller.
We undertake to protect and respect individual disclosures by any staff or organisation on any subject, except where required by law; or unless we have significant concern about the safety or security of a child, young person or adult at risk. In this event we will raise our concern directly with the individual (although there may be exceptional circumstances in which this may not be appropriate) and negotiate a mutually agreed plan of action.
People who use our Services
This privacy notice relates only to WCSD web sites. Links to other web sites are not covered by this privacy statement. Should we ask customers to provide certain information by which they can be identified when using this website, then they can be assured that it will only be used in accordance with this privacy statement. WCSD may change this policy from time to time and customers should check the privacy notice web page from time to time to ensure that they are happy with any changes.
What we collect
We may collect the following information:
- name and job title
- contact information including email address
- demographic information such as postcode, preferences and interests
- IP address of device used to access our websites
- other information relevant to customer surveys and/or offers
What we do with the information we gather
We require this information to understand customers needs and provide a better service, and in particular for the following reasons:
- internal record keeping.
- we may use the information to improve our products and services.
- we may periodically send promotional emails about new products, special offers or other information which we think customers may find of interest using the email address which they have provided.
- from time to time, we may also use customer information to contact them for market research purposes. We may contact customers by email, phone or mail. We may use the information to customise the website according to customers’ interests.
We are committed to ensuring that customers’ information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.
Visitors to WCSD’s Websites
A cookie is a small file which asks permission to be placed on devices used to access WCSD’s websites. Once they agree, the file is added and the cookie helps analyse web traffic or lets them know when they visit a particular site. Cookies allow web applications to respond to customers as an individual. The web application can tailor its operations to their needs, likes and dislikes by gathering and remembering information about their preferences.
We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
Overall, cookies help us provide customers with a better website, by enabling us to monitor which pages they find useful and which they do not. A cookie in no way gives us access to their computer or any information about them , other than the data they choose to share with us.
They can choose to accept or decline cookies. Most web browsers automatically accept cookies, but they can usually modify their browser setting to decline cookies if they prefer. This may prevent them from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once customers have used these links to leave our site, they should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which customers provide whilst visiting such sites and such sites are not governed by this privacy statement. They should exercise caution and look at the privacy statement applicable to the website in question.
WCSD employs contracted staff to undertake IT support for the maintenance, development and security of the WCSD website. This includes the provision of security systems to reduce the risk of a data breach through an external third party. IT support staff do not retain personal data and act in accordance with the WCSD Data Protection Policy.
People who contact us via social media
WCSD uses social media to promote its services and public information relating to safeguarding. Any private or direct message via social media the message will be stored under the terms and conditions of the relevant social media service provider. Data obtained by WCSD will not be shared with any other organisations except where required by law.
People who email us
All WCSD email traffic is encrypted in line with government guidance. If a customer’s email service does not support encryption, they should be aware their emails may not be protected in transit. We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Customers should be aware that they have a responsibility to ensure that any email they send is within the bounds of the law.
Our email server runs cPanel and WHM (currently version 6.9). The configuration of our email server ensures encryption and decryption in line with or exceeding government guidance and is kept updated to the latest reliable configuration.
Newsletter Subscription and Marketing
WCSD will contact clients who use our services from time to time to provide them with information about developments in our offering and about future offerings related to training. This will be undertaken with the consent of the individual concerned (see Consent). No data will be shared with third parties and on notification of withdrawal of consent any personal data will be destroyed (unless retained as part of training databases). In order to support our marketing operations and customer newsletter distribution we use third party emailing software programs in accordance with this Privacy Notice and our Data Protection Policy
People who Attend Face to Face Training
WCSD administers face to face training on hard copy paper. WCSD retains trainee lists of names and attendance records. Students may request inclusion on WCSD’s newsletter database and give their email address; and can also opt out at any time. WCSD also keeps collated students insurance cover and membership details on an Excel spreadsheet. All training records are kept for ten years due to the possibility of queries about an individual’s training should an issue arise regarding that delegate’s training. Any personal details given to WCSD solely for the purpose of training will be held securely, will not be used for marketing purposes and will not be shared with any third party (unless required by law).
People who make a complaint to us
When we receive a complaint from a person we will record details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint. We will only use the personal information we collect to process the complaint and to check on the level of service we provide.
We usually have to disclose the complainant’s identity to the member of staff the complaint is about. This is inevitable where, for example, it relates to the service provided by one of our staff or trainers. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
We may anonymously use information obtained as part of the complaint process to improve performance where appropriate. Complaints about use, storage and retention of data by WCSD can also be made to the Information Commissioners Office
Under the Data Protection Act 1998, applicants, staff, workers and contractors all have rights as individuals which they can exercise in relation to the information we hold about them in line with the Information Commissioners Office guidance
Complaints or queries
WCSD tries to meet the highest standards when collecting and using personal information. For this reason, we take any complaints we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures.
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of WCSD’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to the address below.
If anyone wants to make a complaint about the way we have processed their personal information please see contact details below.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 18 May 2018.
How to contact us: Email: email@example.com