For the purpose of the General Data Protection Regulation (the “GDPR”), which applies in the UK on May 25, 2018, and other data protection laws applicable in the UK, the data controller is Four Sides London Ltd, whose registered office is 179 Northcote Road, London, SW11 6QF. Our company is registered in England and Wales and the company registration number is 08534407.
INFORMATION WE MAY COLLECT
We may collect personal data that can be used to contact or identify you. This personal information may include, but is not limited to, your name, email address, phone number, postal address, clinical history including past medical history and Private Medical Insurance details plus any other contact information.
We may collect the following data about you:
- Information you provide when you use our website, Mindbody’s website or any other processor service (for example, Paysafe). This includes information you provide when you book an appointment, class or workshop, purchase any other product or service or enter a competition or promotion. We may also ask you for information if you report a problem with our website
- Information you provide when you contact us by email, through our contact forms on our website or social media platforms, by telephone, in writing or in person. We may keep a copy of that correspondence or communication
Client notes and GP/consultant correspondence
When you visit us at Four Sides London, it will be recorded and processed through MINDBODY, out booking system. Your Physiotherapist will also make a clinical record of your visit on QuickerNotes. Both systems store the information on a secure server. All our clinical notes are stored for 8 years as required by law.
These notes will collect the following details:
Name, Address, Date of Birth, Telephone Number, Email address, GP/Consultant details, Medical history, Private medical Insurance (PMI) details (if applicable)
The purpose of this information is to allow your physiotherapist to ensure they manage your case with the relevant due care and consideration for your age, your requirements and your program. The PMI details are used to bill your insurer as appropriate or to communicate directly with them if appropriate. None of your information is passed to a third party unless under your explicit consent to release details.
Your PMI may ask for reports of your sessions but this will only occur with your consent.
You may request us to write a letter to a school, a consultant or another person of interest to you. In doing so we will use your name, DOB and relevant medical details on that letter. You will also receive a copy of the letter should you so choose.
We do not store any of your browsing history when you are viewing our website, however we may use third party services such as Google Analytics to improve your experience on our site.
These third party sites may collect information about your mobile phone, computer or other device from which you access the website. Such information may include your domain name and IP address, details of your computer operating system and browser and unique number identifiers that are automatically generated by our systems when you visit our website. Some of this information is retained in “cookie” files on your computer. Cookies are small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping baskets, and provide anonymised tracking data to third party applications like Google Analytics. As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers
When you fill out the forms on our website (www.foursides.bedevious.co.uk), we store the data you send us. We may use this information to improve customer service and for marketing purposes. This data is NOT passed on to any third party organisations and resides in secure web-based database.
HOW WE MAY USE YOUR INFORMATION
We use information held about you in the following ways:
- To provide customer support e.g. responding to your enquiries
- To carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, goods and services that you request from us
- To send you a welcome email, booking confirmations, appointment reminders and invoices and other emails for the purposes of providing any services or products to you, including in relation to account management or system maintenance or setting consent preferences
- For internal record keeping and to improve our goods and services
- To notify you about changes to appointments, class and workshop schedules
- To provide you with information of product and services we offer that are similar to those that you have already purchased or other goods or services we believe may be of interest to you
- We will not share your data with third parties for marketing purposes unless we have procured your express consent to do so
- We will only use financial or credit card information to discharge our legal / regulatory duties and to process payments made by you for our products and services or due to you by agreement (e.g. refunds); or to investigate financial transactions with our bank or payment processor
You have a number of rights in relation to our use of your personal information and can request us to do various things with this information.
For example, at any time you can ask us for a copy of your personal information, ask us to correct mistakes, change the way we use your information, or even delete it. You may also instruct us not to process your personal information for marketing purposes. In practice, you will usually either expressly agree in advance to our use of your personal information for marketing purposes, or we will provide you with an opportunity to opt out of the use of your personal information for marketing purposes. In response to these requests, we’ll either do what you’ve asked, or confirm why we cannot if due to a legal or regulatory issue. Please see your full rights here.
To summarise your rights are as follows (noting that these rights don’t apply in all circumstances):
- To request access to your personal data and information about how we process it
- To correction – we will correct your personal data if it’s inaccurate and complete any incomplete personal data. It is your responsibility to ensure that you submit true, accurate and complete information to us. You have the ability to change certain information via your online account (such as email and address).
- To delete – you have the right to request that we delete personal data that we hold about you
- To stop processing – if you would like us to stop processing your personal data, you can do this by either visiting your account page on MINDBODY, or you can email email@example.com
- To data portability – move, copy or transfer your personal data
LEGAL BASIS FOR DATA PROCESSING
We can process personal data on various legal bases:
- For processing operations for which we obtain your consent for a specific processing purpose, Article 6(1)(a) of the GDPR is our legal basis. For example, purchase of block sessions or consent to marketing emails
- If the processing of personal data is necessary for the performance of a contract with yourself, for example, when processing operations are necessary to provide you with our products or services, the processing is based on Article 6(1)(b) of the GDPR. This includes processing required from your inquiries concerning our products or services
- As an entity established under the laws of England and Wales, we are obliged to comply with UK laws and guidance provided by UK regulatory bodies and where we are subject to a legal obligation by which processing of personal data is required, our processing is based on Article 6(1)(c) of the GDPR
- Finally, we can base our processing operations on Article 6(1)(f) of the GDPR: in specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests
THIRD PARTY SERVICES
We may use third party services to process your personal data, for example, our cloud-based booking software Mindbody or payment gateway PaySafe.
Certain providers may be located in, or have facilities that are located in, a different jurisdiction than either you or us for example, Mindbody which means your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
We may also disclose your personal information to third parties: in the event that we consider selling, buying or similar with any business entity; in the event of an insolvency situation or to protect our rights, our property, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection, credit risk reduction or bad debt collection.
Where you have chosen a password to access certain parts of the MindBody booking site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Our property is monitored by Verisure security and you may be recorded when you visit the space. Cameras are used to provide security and protect both our visitors and our staff. Any recording will be only be viewed when necessary (e.g. to detect or prevent crime) when the alarm is triggered. Please be assured that our security cameras do not film any of our clients whilst within the space but will take pictures of clients entering and exiting. Our cameras film only when our alarm is activated. Four Sides London Ltd complies with the Information Commissioner’s Office CCTV Code of Practice and we put up notices so you know when CCTV is used.
This Policy was last reviewed and updated on 24 May 2018.
In the event that there is a change to your personal information, for example your contact details, please ensure that your details are updated on your MindBody account so that your information is kept up to date and accurate.
If you have any concerns regarding our processing of your personal data, please contact us by emailing firstname.lastname@example.org or by writing to 179 Northcote Road, London, SW11 6QF.