Legal Notice and GDPR
With the introduction of the General Data Protection Regulation (GDPR) on 25 May 2018, it is important to us, that you can get a better understanding of what’s happening with the data Patricia Lubeck holds of you – and opt out if you feel that’s necessary. The data we hold is minimal and falls under ‘legitimate interest’. This means that we have no agenda other than keeping you updated or correspond with you regarding classes and events you are part of. The following brief will outline how Patricia Lubeck complies with GDPR regulations.
WHAT DATA DOES PATRICIA LUBECK CURRENTLY STORE?
Newsletter contacts such as email addresses and names are securely stored in Mailchimp. If you have completed Reiki training through Reiki@Maitri, we hold a copy of your certificate in a Dropbox account. For projects involving international collaborations (such as Rites of Passage), any data which needs to be accessed amongst all collaborators is stored through Google.
WHAT ARE YOUR RIGHTS?
The right to be informed:
All data held of you ensures smoothness of day-to-day business. Therefore, I don’t keep any forms or details after your sessions. In rare cases, consent forms or action plans are stored securely at Patricia Lubeck’s home in paper form. For international collaboration, the data you volunteer to us is held in Google documents. The only reason I gather data is to ensure classes, sessions, and work together suits you and honors your needs.
The right of access:
If you like, you can ask us about your data either verbally or in writing. We will respond within 1 month and can only refuse your request if there is a lawful obligation to retain data. We always inform you of the reasons, should we be forced to reject your request.
The right of rectification:
We gladly correct any mistakes we hold in your data or update it. Just let us know.
The right to erasure:
Currently, we are not bound to store your data (consent or enrolment forms), though that may change based on insurance policies. We will amend this part accordingly. For all other cases, you have the right to ask us to delete your data and you can do so without any reason at all.
The right to restrict processing:
All records held are used for ongoing communications and the third parties we work with (Google, Mailchimp, Dropbox) also comply with GDPR legislation. If you wish for us not to process your data in the newsletter, please let us know.
The right to data portability:
You have the right to request a copy of your data. Please do so in writing and Patricia Lubeck will provide this to you within 1 months’ time.
The right to object:
The use and storage of data can be objected to at any time and we will comply with your wishes.
The right not to be subject to automated decision making including profiling:
Great news, we don’t do any of this.
When we collect your data, you are always made aware of how we store it and why we are gathering it in the first place. This has been the case for the existing contacts in our newsletter. Clients have either opted in through a sign-up form on website or Facebook page, or as part of a raffle at an event. In either case, you have the choice to unsubscribe from any of our communications at the bottom of each email. Therefore, Patricia Lubeck deems it unnecessary to refresh consent for existing data as it was collected rightfully and as part of ‘legitimate interest’ (including Recital 47 of the GDPR).
MOVING FORWARD WITH DATA PROTECTION
A breach in data protection is unlikely, however, should that be the case, we will contact the ICO and let all of our clients know to assure transparency.
This policy was issued by Patricia Lubeck on 23 May 2018 and will be reviewed in April 2019. If you have any questions, or would like us to take further steps, please get in touch through the website: www.patricialubeck.com