Version 0.1 – Dated 01.06.2017 until superceded.
Our policy is versioned and dated so our clients (Data Subjects) have full Transparency over the Privacy, Data Protection & Processing terms in which they will have engaged with at the time of their interaction. Policies are not static and need to be updated as and when legal and business needs arise. However, this does not mean that the obligations and rights confided in those historical policies should be forgotten for the Data Subject and TeresaBrooksCoaching as the Data Controller
Purpose
This document sets out the way TeresaBrooksCoaching( Data Controller) and any 3rd parties we engage with (Data Processors) will collect, process and handle your Personal Data and your rights in that relationship as Data Subjects.
Basis in Law
This Policy is written to align with the General Data Protection Regulation (GDPR) Legislation, enacted in April 2016 for EU Member states, and to be enforced as of 25th May 2018. The UK will replace / repeal the Data Protection Act (DPA) and replace it with the GDPR version.
Whilst the UK is currently under the regulation of the DPA, this policy goes much further than is currently required under the obligations of the DPA.
Principles
We will adhere to the following principles of the GDPR with respect to this Policy and our behaviours in which we are Guardians, not owners, of your personal data. These are:
- Lawfulness, Fairness & Transparency
- Purpose Limitation
- Data minimisation & Proportionality
- Data Quality & Accuracy
- Storage Limitation
- Integrity & Confidentiality
- Accountability
Direct / Active Personal Data Collection
Information Provision by you directly, by being aware of the act of doing so, that contains Personal Data.
We will, where possible BEFORE we collect your data, always notify you of:
- the Purpose of Data Collection and Processing.
- the Legal Basis of Data Collection and Processing.
- the intention to transfer (or not) of Personal Data to a 3rd party or organisation.
- the intention to transfer (or not) of Personal Data to a 3rd country and the legal basis of that.
- the duration / time we will store your information.
- your rights as a Data Subject in terms of your personal data:
♣ Right of Access
♣ Right to Object
♣ Right to Portability
♣ Right of Restriction
♣ Right to Erasure
♣ Right to be Forgotten
Passive / Indirect Personal Data Collection
Information Provision by you, indirectly collected by not necessarily being aware of the act of doing so, that contains your Personal Data.
We will, where possible before we collect your data or within 1 month, always notify you of:
- the Source of the Personal Data collected.
- the Data Protection Officer (DPO) of DAMM Solutions Ltd and ICO registration.
- the Purpose of Data Collection and Processing.
- the Legal Basis of Data Collection and Processing.
- the intention to transfer (or not) of Personal Data to a 3rd party or organisation.
- the intention to transfer (or not) of Personal Data to a 3rd country and the legal basis of that.
- the duration / time we will store your information.
- your rights as a Data Subject in terms of:
♣ Right of Access
♣ Right to Object
♣ Right to Portability
♣ Right of Restriction
♣ Right to Erasure
♣ Right to be Forgotten
3rd Party Indirectly Acquired Personal Data Collection
Information Provision to us about you indirectly collected whereby you are not aware of the act of doing so, that contains your Personal Data.
We will, as soon as possible and within 1 month, always notify you of:
- the Source of the Personal Data collected.
- the Data Protection Officer (DPO) of DAMM Solutions Ltd and ICO registration.
- the Purpose of Data Collection and Processing.
- the Legal Basis of Data Collection and Processing.
- the intention to transfer (or not) of Personal Data to a 3rd party or organisation.
- the intention to transfer (or not) of Personal Data to a 3rd country and the legal basis of that.
- the duration / time we will store your information.
- your rights as a Data Subject in terms of:
♣ Right of Access
♣ Right to Object
♣ Right to Portability
♣ Right of Restriction
♣ Right to Erasure
♣ Right to be Forgotten
Term | Definition |
---|---|
Teresa Brooks Coaching | ‘us’ ‘the company’ ‘Data Controller’ |
3rd Party | ‘Data Processor’ / ‘Contracted Entity’ / ‘Indirect Source’ |
Personal Data | Any information relating to and identified or identifiable natural person |
Data Collection | Method of Personal Data acquired by the Data Controller about the Data Subject. |
Data Processing | Method by which Personal Data may be manipulated. |
Data Subject | The natural person for which personal data applies to and is processed |
Data Controller | The legal entity or person that processes personal data on behalf of the data controller. ‘3rd Party’ ‘Contracted Entity’ |
3rd Party Indirectly Acquired Personal Data Collection | Information Provision to us about you indirectly collected whereby you are not aware of the act of doing so, that contains your Personal Data.e.g Bought in marketing details |
Passive / Indirect Personal Data Collection | Information Provision by you indirectly collected by not necessarily being aware of the act of doing so, that contains your Personal Data.e.g Cookies via our website |
Direct / Active Personal Data Collection | Information Provision by you directly by being aware of the act of doing so, that contains your Personal Data.e.g Contact Us website form |