background

mindflowyoga Data Protection

Mindflowyoga Data protection policy
Introduction

The Data Protection Act 1998 (the Act) regulates the way in which all personal data is held and processed. This is a statement of the data protection policy adopted by Mindflowyoga. It applies to all Mindflowyoga staff. In order to operate efficiently mindflowyoga needs to collect and use information about the people with whom we work. This includes current, past and prospective staff, reviewers, professional experts, stakeholders, delegates, students, trainees and others with whom we communicate.
Mindflowyoga regards the lawful and correct treatment of personal information as integral to our successful operation, and to maintaining the confidence of the people we work with. To this end we fully endorse and adhere to the principles of the Act.

Purpose

The purpose of this policy is to ensure that everyone handing personal information at Mindflowyoga is fully aware of the requirements of the Act and complies with data protection procedures and that data subjects are aware of their rights under the Act.

Scope: information covered by the Act

The purpose of this policy is to ensure that everyone handing personal information at Mindflowyoga is fully aware of the requirements of the Act and complies with data protection procedures and that data subjects are aware of their rights under the Act.

Responsibility for Mindflowyoga's compliance with the Act

The Faculty Administrator has overall responsibility for compliance with the Act but individual members of staff are responsible for the proper use of the data they process

Policy statement

The principles of the Act require require that personal information must:

  • • be processed fairly and lawfully.
  • • not be used for a purpose for which it was not collected 
.
  • • be adequate, relevant and not excessive for the purpose 
.
  • • be accurate and up-to-date 
.
  • • not be kept longer than necessary 
.
  • • be processed in accordance with the data subject's rights 
.
  • • be kept secure and protected from unauthorised processing, loss or destruction 
.
  • • Must be transferred only to those countries outside the European Economic Area that provide 
adequate protection for personal information.



In order to meet the requirements of these principles Mindflowyoga will: 


  • • fully observe conditions regarding the fair collection and use of information 
.
  • • meet its legal obligations to specify the purposes for which information is used 
.
  • • collect and process appropriate information, and only to the extent that it is needed to 
fulfil operational needs or to comply with any legal requirements 
.
  • • ensure the quality of the information used 
.
  • • hold personal information on Mindflowyoga systems for as long as is necessary for the relevant 
purpose, or as long as is set out in any relevant contract held with Mindflowyoga or Mindflowyoga's Records Retention Schedule (this is a database that defines which documents should be kept and for how long) or the retention attached to the record's content type 
.
  • • ensure that the rights of people about whom information is held can be fully exercised under the Act (these include: the right to be informed that processing is being undertaken; the data subject's right of access to their personal information; the right to prevent processing in certain circumstances; the right to correct, rectify, block or erase information which is regarded as wrong information) 
.
  • • take appropriate technical and organisational security measures to safeguard personal information .
  • • ensure that personal information is not transferred outside the EEA without suitable safeguards. Mindflowyoga's responsibilities for data protection and confidential information Mindflowyoga will ensure that there is someone with specific responsibility for data protection in the organisation. The nominated person is currently the Faculty Administrator.

Contact Faculty Administrator

Mindflowyoga will ensure that:

  • • everyone managing and handling personal information understands that they are responsible for following good data protection practice 

  • • this policy is available to each member of staff.
  • • everyone managing and handling personal information is appropriately trained and 
supervised.
  • • queries about handling personal information are promptly and courteously dealt with and 
clear information is available to all staff 

  • • the Information and Records Manager reports to the Information Governance Group, 
which approves all changes to policy and procedure. 
Staff responsibilities for data protection and confidential information 

  • • All staff should be aware of the requirements of the Act and how the rules apply to them.
  • • All staff must complete data protection induction and annual training.
  • • All staff have a responsibility to ensure that they respect confidential information in their 
possession and maintain information security. Disclosure of confidential information gained as part of your employment to a third party, or assisting others in disclosure, will be viewed by Mindflowyoga with the utmost seriousness.
  • • All staff are responsible for ensuring personal information is kept no longer than is necessary. 
For further advice, please contact the Faculty Administrator.


Privacy statement

Mindflowyoga respects your privacy. The information that you provide us with, or that is gathered automatically, helps us to monitor our services and provide you with the most relevant information. More information on how Mindflowyoga safeguards your privacy in relation to websites, email, voicemail, social media, testing and training can be found on our website: www.Mindflowyoga.com/privacy.

Access Requests

Under the Act individuals have the right to access personal information Mindflowyoga may hold about them. 
If you wish to request such information please email below.

Contact Data Protection Admin


Data Protection Complaints Procedure

Mindflowyoga aims to comply fully with its obligations under the Act. If you have any questions or concerns regarding Mindflowyoga's management of personal data, including your right to access data about yourself, or if you feel Mindflowyoga holds inaccurate information about you, please contact Mindflowyoga's Faculty Administrator (details above). If you feel that your questions or concerns have not been dealt with adequately or that a subject access request you have made to Mindflowyoga has not been fulfilled you can use QMindflowyogaAA's complaints procedure. Contact the Faculty Administrator for a copy. If you are still dissatisfied, you have the right to contact the office of the Information Commissioner, the independent body overseeing compliance with the Act: http://ico.org.uk/.


GDPR 2018 Policy statement

In May 2018, the EU General Data Protection Regulation (GDPR) replaces the existing 1995 EU Data Protection Directive (European Directive 95/46/EC).

Mindflowyoga training currently complies with applicable data protection regulations and is committed to GDPR compliance across its relevant services, users, staff and students when the GDPR takes effect May 25, 2018. Mindflowyoga training's administrative team of cross-functional stakeholders oversees Mindflowyoga's GDPR readiness. Mindflowyoga's ongoing compliance efforts include:

ASSESSMENT

Mindflowyoga training is reviewing where and how our relevant services collect, use, store and dispose of personal data and updating policies, standards, governance and documentation as needed.

CONTRACTUAL COMMITMENTS

Working in conjunction with our partners and customers, Mindflowyoga training is reviewing our contractual commitments and updating as needed to directly address GDPR requirements. In the coming weeks, Mindflowyoga training will release a Data Processing Addendum with provisions to assist our partners and customers with their GDPR compliance. Mindflowyoga is also reviewing its supplier contracts to ensure GDPR compliance throughout its supply chain.

CROSS-BORDER DATA TRANSFER

In addition to ensuring Mindflowyoga's contractual commitments meet the requirements to legally transfer data from the EU to the rest of the world under applicable law, Mindflowyoga plans to certify under the EU-US Privacy Shield Framework when and if this is applicable.

EMPLOYEE TRAINING AND AWARENESS

All Mindflowyoga employees full or part time must complete data privacy and security training. Mindflowyoga will supplement existing training modules with GDPR-specific content. In addition to these training requirements, Mindflowyoga conducts ongoing awareness initiatives on a variety of topics, including data protection, security and privacy. This includes user and student awareness on an annual basis.

PARTNERS and CUSTOMERS

Compliance with the GDPR requires a partnership between Mindflowyoga and our partners and customers in their use of applicable Mindflowyoga services or courses. In this context, Mindflowyoga generally acts as a data processor and our partners and customers, users and students generally will act as data controllers. Working together, we hope to explore opportunities within our relevant service offerings to assist our partners and customers and students meet their GDPR obligations. In the meantime, Mindflowyoga encourages partners and customers to independently familiarize themselves with the GDPR.

BREXIT

The UK is drafting a new Data Protection Bill which in the main includes all the provisions and legislation of GDPR. There will be some smaller changes and the Mindflowyoga policies and procedures will be updated in accordiance with this as more is known.

More information may be found here :

A well written article covering what you need to know:
Wired Magazine's Guide For Consumers & Businesses

A series of in-depth articles from the Information Commissioner relating to GDPR:
UK Information Commissioner