Privacy Policy
This policy outlines what data I hold about you and your dog, why and how I will use it.
According to new Government legislation, The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union.
Under the new GDPR, companies are required to ensure transparency on the way they collate, store and use any personal data pertaining to their services. You have the right to ask that personal data is destroyed or deleted once your dog has left the setting, providing that deleting the material will not impact on legal regulations. Please refer to my GDPR Guidelines document.
Collation, Storage and Usage of Data:
In this setting, a vast majority of information collated is paper based. All protected data documents are stored in a secure filing cabinet within the setting, with no unauthorised access given.
Initial contact information - when discussing potential training solutions for your dog, this will involve my noting down your contact information. This will be stored either on paper (as above) or on my mobile phone/ business email/ Facebook accounts (as below), depending on contact method.
Personal laptop - to create, send and store computer-generated documents. This laptop is password protected and files are stored on a password protected cloud-based platform. Documents will be sent to you using my business email account, which is also password protected. These passwords will never be shared with anyone else.
Mobile phone - to take photographs of the dog/s attending my setting, and these may be used in a dog’s Training Plan/ Behaviour Modification Plan. These photographs/ videos may be used on my business’ website and/ or social media accounts, where permission has been granted. These files will be stored as above and deleted from the laptop as soon as they are no longer needed.
I also use my mobile phone to store your contact information, for emergencies and quick contact during the day. I use Whatsapp to communicate at your request, or simply text message or email. My mobile phone is password protected.
Facebook Page/ Groups - As of 2021, I operate a Facebook page for promotion purposes and a Facebook Secret Group for existing clients, should they wish to use it. Permissions will be sought for use of each individual dog’s photos/ videos on either of these platforms. The Facebook page will be public. The secret group for existing clients only, will be private and not visible to non-members. Any dogs for whom permission hasn’t been granted will not be included in photographs shared.
Why do I collect and store data?
I collect and store personal data for legal reasons or to support my role as Behaviourist/ trainer for your dog, and you. Data is stored under the following Lawful Bases, according to the GDPR:
How do I use your personal data?
I use the data in a variety of ways provide a childminding service. A child’s data will be used in various forms on documents such as listed below (this list is not exhaustive):
An Owner’s personal data will be used in such documents as (this list is not exhaustive):
Welfare concerns are the only occasion for which I may need to share personal data without permission. Please refer to my Welfare policy for more information.
To comply with GDPR, I must inform you that you may access any personal data I hold on your dog or your family upon request, and I agree to hold this information securely until such time as you request deletion - providing this does not compromise HMRC, welfare or legal regulations or requirements.
Any data relating to safeguarding/ accidents/ incidents/ first aid must be retained as required by law. This means this data is exempt from the privacy laws, as safeguarding concerns override any other requirements or regulations.
Retention of Data
For information on the storage retention rules, please see my Data Retention Policy.
ICO
I am registered with the Information Commissioner’s Office for collating, storing and using data.
This policy outlines what data I hold about you and your dog, why and how I will use it.
According to new Government legislation, The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union.
Under the new GDPR, companies are required to ensure transparency on the way they collate, store and use any personal data pertaining to their services. You have the right to ask that personal data is destroyed or deleted once your dog has left the setting, providing that deleting the material will not impact on legal regulations. Please refer to my GDPR Guidelines document.
Collation, Storage and Usage of Data:
In this setting, a vast majority of information collated is paper based. All protected data documents are stored in a secure filing cabinet within the setting, with no unauthorised access given.
Initial contact information - when discussing potential training solutions for your dog, this will involve my noting down your contact information. This will be stored either on paper (as above) or on my mobile phone/ business email/ Facebook accounts (as below), depending on contact method.
Personal laptop - to create, send and store computer-generated documents. This laptop is password protected and files are stored on a password protected cloud-based platform. Documents will be sent to you using my business email account, which is also password protected. These passwords will never be shared with anyone else.
Mobile phone - to take photographs of the dog/s attending my setting, and these may be used in a dog’s Training Plan/ Behaviour Modification Plan. These photographs/ videos may be used on my business’ website and/ or social media accounts, where permission has been granted. These files will be stored as above and deleted from the laptop as soon as they are no longer needed.
I also use my mobile phone to store your contact information, for emergencies and quick contact during the day. I use Whatsapp to communicate at your request, or simply text message or email. My mobile phone is password protected.
Facebook Page/ Groups - As of 2021, I operate a Facebook page for promotion purposes and a Facebook Secret Group for existing clients, should they wish to use it. Permissions will be sought for use of each individual dog’s photos/ videos on either of these platforms. The Facebook page will be public. The secret group for existing clients only, will be private and not visible to non-members. Any dogs for whom permission hasn’t been granted will not be included in photographs shared.
Why do I collect and store data?
I collect and store personal data for legal reasons or to support my role as Behaviourist/ trainer for your dog, and you. Data is stored under the following Lawful Bases, according to the GDPR:
- Legal Obligation
- Legitimate Interest
- Vital Interest
How do I use your personal data?
I use the data in a variety of ways provide a childminding service. A child’s data will be used in various forms on documents such as listed below (this list is not exhaustive):
- Individual Dog Training Documents and Records
- Training Agreements & legal documents
- Medical, emergency, accident forms
- Behaviour Modification Plan documents
- Invoices
- Observations/ Assessments
An Owner’s personal data will be used in such documents as (this list is not exhaustive):
- Individual Dog Training Documents and Records
- Medical Forms
- Any form of communication
- Contact Information on Mobile/ email devices
- Permission forms
- Agreements & legal documents
- Invoices
Welfare concerns are the only occasion for which I may need to share personal data without permission. Please refer to my Welfare policy for more information.
To comply with GDPR, I must inform you that you may access any personal data I hold on your dog or your family upon request, and I agree to hold this information securely until such time as you request deletion - providing this does not compromise HMRC, welfare or legal regulations or requirements.
Any data relating to safeguarding/ accidents/ incidents/ first aid must be retained as required by law. This means this data is exempt from the privacy laws, as safeguarding concerns override any other requirements or regulations.
Retention of Data
For information on the storage retention rules, please see my Data Retention Policy.
ICO
I am registered with the Information Commissioner’s Office for collating, storing and using data.
Retention Policy
According to new Government legislation, The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union.
To comply with this legislation, this policy outlines what data I will hold about your dog and their family and how long I am required to hold it for.
Policy:
Under the new GDPR, companies are required to ensure transparency on the way they collate, store and use any personal data. Owners have the right to ask that personal data is destroyed or deleted once they have left a setting, providing that deleting the material will not impact on legal regulations. Please refer to my GDPR Guidelines document.
Procedure:
Data required by myself to ensure I follow all GDPR and legal requirements, are as follows:
Any hand-written data documents are stored in a secure filing cabinet within the premises, with no unauthorised access given.
Initial contact information - when discussing potential future dog training/ boarding will involve my noting down owners’ contact information. This will be stored either on paper (as above) or on my mobile phone/ business email (as below), depending on the contact method.
Personal laptop - to create, send and store computer-generated documents. This laptop is password protected and files are stored on a password protected cloud-based platform. Documents will be sent to owners using my business email account, which is also password protected. These passwords will never be shared with anyone else.
Mobile phone - to take photographs/ videos of the dog/s during training/ boarding, and these may be used in each dogs’ Training Plan or Behaviour Modification Plan. These files will be stored as above and deleted from the laptop/ phone as soon as they are no longer needed.
I also use my mobile phone to store owners’ contact information, for emergencies and quick contact during the day. I use Whatsapp to communicate at the owners’ request, or simply text message or email. My mobile phone is password protected.
Retention Timescales:
Personal Information - Kept for 6 years
Any data relating to safeguarding/ accidents/ incidents/ first aid must be retained, as required by law. This means this data is exempt from the privacy laws, as safeguarding concerns override any other requirements or regulations.
According to new Government legislation, The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union.
To comply with this legislation, this policy outlines what data I will hold about your dog and their family and how long I am required to hold it for.
Policy:
Under the new GDPR, companies are required to ensure transparency on the way they collate, store and use any personal data. Owners have the right to ask that personal data is destroyed or deleted once they have left a setting, providing that deleting the material will not impact on legal regulations. Please refer to my GDPR Guidelines document.
Procedure:
Data required by myself to ensure I follow all GDPR and legal requirements, are as follows:
- Personal Information
- Owner’s names
- Dog’s names
- Microchip number (boarding only)
- Address
- Contact details
- Vet’s name, address and contact number
- Medical information
- Signatures
- Permissions
Any hand-written data documents are stored in a secure filing cabinet within the premises, with no unauthorised access given.
Initial contact information - when discussing potential future dog training/ boarding will involve my noting down owners’ contact information. This will be stored either on paper (as above) or on my mobile phone/ business email (as below), depending on the contact method.
Personal laptop - to create, send and store computer-generated documents. This laptop is password protected and files are stored on a password protected cloud-based platform. Documents will be sent to owners using my business email account, which is also password protected. These passwords will never be shared with anyone else.
Mobile phone - to take photographs/ videos of the dog/s during training/ boarding, and these may be used in each dogs’ Training Plan or Behaviour Modification Plan. These files will be stored as above and deleted from the laptop/ phone as soon as they are no longer needed.
I also use my mobile phone to store owners’ contact information, for emergencies and quick contact during the day. I use Whatsapp to communicate at the owners’ request, or simply text message or email. My mobile phone is password protected.
Retention Timescales:
Personal Information - Kept for 6 years
- Permission Forms
- Accounts
- Attendance Registers
- Accident Records
- Incident Records
- First Aid Records
- Existing Injuries Records
- Safeguarding/ Welfare Records
- Photographs/ videos - Deleted as soon as dog leaves the training program, unless written permission is obtained from owners, in which case they will be kept securely and only used for agreed use
- Training Records - Deleted or kept with owner’s permission
Any data relating to safeguarding/ accidents/ incidents/ first aid must be retained, as required by law. This means this data is exempt from the privacy laws, as safeguarding concerns override any other requirements or regulations.
GDPR Guidelines
What is GDPR?
GDPR is a regulation by the European Parliament which adds to the UK’s data protection laws, and gives people more rights over their own information (or data).
When will it come into effect?
GDPR came into effect on Friday 25 May 2018.
What remains the same?
· Organisations that hold data (information) about people need to handle it in a fair and lawful manner.
· You can only keep personal data if people know it is being held and why, if it is for lawful purposes, and when informed consent is gained. You cannot just gather lists of people’s personal information for no particular reason.
· Any personal data stored must be for the reason people are given – in other words you can’t collect email addresses to send out eNewsletters and then use the same list to send out something quite different.
· Personal data must be accurate and kept up to date.
· Personal data must not be stored for longer than necessary. Keeping details of people that you no longer need or use is against the law.
· Personal data must be kept securely.
· Personal data can only be handled in a way that respects the rights of individuals.
What has GDPR changed?
· GDPR gives people more rights to know how their personal data is being used.
· The right to be ‘forgotten’ and their personal data deleted if they wish.
· To be able to see what personal data is being held about them, and to make sure their personal data is correct.
· Increased importance for the protection of children.
· Increased importance for not allowing people without permission to see or use others’ personal data.
· If someone’s personal data has been used by people without permission, they have to be told what happened. What are the lawful bases for processing?
At least one of these must apply whenever you process personal data:
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Right To Erasure
Article 17 of the GDPR states that data subjects have the right to have their personal data removed from the systems of controllers and processors under a number of circumstances, such as by removing their consent for its processing.
Data Subjects have the right to obtain erasure from the data controller, without undue delay, if one of the following applies:
Data might not have to be erased if any of the following apply:
What is GDPR?
GDPR is a regulation by the European Parliament which adds to the UK’s data protection laws, and gives people more rights over their own information (or data).
When will it come into effect?
GDPR came into effect on Friday 25 May 2018.
What remains the same?
· Organisations that hold data (information) about people need to handle it in a fair and lawful manner.
· You can only keep personal data if people know it is being held and why, if it is for lawful purposes, and when informed consent is gained. You cannot just gather lists of people’s personal information for no particular reason.
· Any personal data stored must be for the reason people are given – in other words you can’t collect email addresses to send out eNewsletters and then use the same list to send out something quite different.
· Personal data must be accurate and kept up to date.
· Personal data must not be stored for longer than necessary. Keeping details of people that you no longer need or use is against the law.
· Personal data must be kept securely.
· Personal data can only be handled in a way that respects the rights of individuals.
What has GDPR changed?
· GDPR gives people more rights to know how their personal data is being used.
· The right to be ‘forgotten’ and their personal data deleted if they wish.
· To be able to see what personal data is being held about them, and to make sure their personal data is correct.
· Increased importance for the protection of children.
· Increased importance for not allowing people without permission to see or use others’ personal data.
· If someone’s personal data has been used by people without permission, they have to be told what happened. What are the lawful bases for processing?
At least one of these must apply whenever you process personal data:
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
Right To Erasure
Article 17 of the GDPR states that data subjects have the right to have their personal data removed from the systems of controllers and processors under a number of circumstances, such as by removing their consent for its processing.
Data Subjects have the right to obtain erasure from the data controller, without undue delay, if one of the following applies:
- The controller doesn’t need the data anymore
- The subject withdraws consent for the processing with which they previously agreed to (and the controller doesn’t need to legally keep it [N.B. Many will, e.g. banks, for 7 years.])
- The subject uses their right to object (Article 21) to the data processing
- The controller and/or its processor is processing the data unlawfully
- There is a legal requirement for the data to be erased
- The data subject was a child at the time of collection (See Article 8 for more details on a child’s ability to consent)
Data might not have to be erased if any of the following apply:
- The “right of freedom and expression”
- The need to adhere to legal compliance, e.g. a bank keeping data for 7 years.
- Reasons of public interest in the area of public health
- Scientific, historical research or public interest archiving purposes
- For supporting legal claims, e.g. PPI offerings.
- Non-electronic documents which are not (to be) filed, (i.e. it’s data you can’t search for), e.g. a random piece of microfiche, or a paper notepad, are not classed as personal data in the GDPR and are therefore not subject to the right to erasure.
