Who we are

Our website address is: https://elitefitnesseducation.co.uk.

Data Protection Policy

 

Introduction

Elite Fitness Education is fully committed to compliance with the requirements of the Data Protection Act 1998 (“the Act”), which came into force on the 1st March 2000.  EFE will therefore follow procedures that aim to ensure that all employees, elected members, contractors, agents, consultants, partners or others who have access to any personal data held by or on behalf of the company, are fully aware of and abide by their duties and responsibilities under the Act.

Statement of policy

In order to operate efficiently, Elite Fitness Education has to collect and use information about people with whom it works.  These may include members of the public, current, past and prospective employees, clients and customers, and suppliers.  In addition, it may be required by law to collect and use information in order to comply with the requirements of central government.  This personal information must be handled and dealt with properly, however it is collected, recorded and used, and whether it be on paper, in computer records or recorded by any other means, and there are safeguards within the Act to ensure this.

Elite Fitness Education regards the lawful and correct treatment of personal information as very important to its successful operations and to maintaining confidence between the company and those with whom it carries out business.  EFE will ensure that it treats personal information lawfully and correctly.

To this end the company fully endorses and adheres to the Principles of Data Protection as set out in the Data Protection Act 1998.

The principles of data protection

The Act stipulates that anyone processing personal data must comply with Eight Principles of good practice.  These Principles are legally enforceable.

The Principles require that personal information:

 

Shall be processed fairly and lawfully and in particular, shall not be processed unless specific conditions are met;

  1. Shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes;
  2. Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed;
  3. Shall be accurate and where necessary, kept up to date;
  4. Shall not be kept for longer than is necessary for that purpose or those purposes;
  5. Shall be processed in accordance with the rights of data subjects under the Act;
  6. Shall be kept secure i.e. protected by an appropriate degree of security;
  7. Shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection.

The Act provides conditions for the processing of any personal data.  It also makes a distinction between personal data and”sensitive” personal data.

Personal data is defined as, data relating to a living individual who can be identified from:

  • That data;
  • That data and other information which is in the possession of, or is likely to come into the possession of the data controller and includes an expression of opinion about the individual and any indication of the intentions of the data controller, or any other person in respect of the individual.

Sensitive personal data is defined as personal data consisting of information as to:

  • Racial or ethnic origin;
  • Political opinion;
  • Religious or other beliefs;
  • Trade union membership;
  • Physical or mental health or condition;
  • Sexual life;
  • Criminal proceedings or convictions.

Handling of personal/sensitive information

Elite Fitness Education will, through appropriate management and the use of strict criteria and controls:

  • Observe fully, conditions regarding the fair collection and use of personal information;
  • Meet its legal obligations to specify the purpose for which information is used;
  • Collect and process appropriate information and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements;
  • Ensure the quality of information used;
  • Apply strict checks to determine the length of time information is held;
  • Take appropriate technical and organisational security measures to safeguard personal information;
  • Ensure that personal information is not transferred abroad without suitable safeguards;
  • Ensure that the rights of people about whom the information is held can be fully exercised under the Act.

These include:

  • The right to be informed that processing is being undertaken;
  • The right of access to one’s personal information within the statutory 40 days;
  • The right to prevent processing in certain circumstances;
  • The right to correct, rectify, block or erase information regarded as wrong information.

In addition, Elite Fitness Education will ensure that:

  • There is someone with specific responsibility for data protection in the organisation;
  • Everyone managing and handling personal information understands that they are contractually responsible for following good data protection practice;
  • Everyone managing and handling personal information is appropriately trained to do so;
  • Everyone managing and handling personal information is appropriately supervised;
  • Anyone wanting to make enquiries about handling personal information, whether a member of staff or a member of the public, knows what to do;
  • Queries about handling personal information are promptly and courteously dealt with;
  • Methods of handling personal information are regularly assessed and evaluated;
  • Performance with handling personal information is regularly assessed and evaluated;
  • Data sharing is carried out under a written agreement, setting out the scope and limits of the sharing. Any disclosure of personal data will be in compliance with approved procedures.

All elected members are to be made fully aware of this policy and of their duties and responsibilities under the Act.

All managers and staff within the company directorates will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure and in particular will ensure that:

  • Paper files and other records or documents containing personal/sensitive data are kept in a secure environment;
  • Personal data held on computers and computer systems is protected by the use of secure passwords, which where possible have forced changes periodically;
  • Individual passwords should be such that they are not easily compromised.

All contractors, consultants, partners or agents of the Company must:

  • Ensure that they and all of their staff who have access to personal data held or processed for or on behalf of the council, are aware of this policy and are fully trained in and are aware of their duties and responsibilities under the Act. Any breach of any provision of the Act will be deemed as being a breach of any contract between the council and that individual, company, partner or firm;
  • Allow data protection audits by the council of data held on its behalf (if requested);
  • Indemnify the council against any prosecutions, claims, proceedings, actions or payments of compensation or damages, without limitation.

All contractors who are users of personal information supplied by the company will be required to confirm that they will abide by the requirements of the Act with regard to information supplied by the company.

Implementation

The company has appointed a Corporate Information Officer.  Designated officers have also been identified in all directorates.  These officers will be responsible for ensuring that the Policy is implemented.  Implementation will be led and monitored by the Information Officer.  The Corporate Information Officer will also have overall responsibility for:

  • The provision of cascade data protection training, for staff within the company.
  • For the development of best practice guidelines.
  • For carrying out compliance checks to ensure adherence, throughout the authority, with the Data Protection Act.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Contact information

info@elitefitnesseducation.co.uk
07540 163273