The General Data Protection Regulations (GDPR) came into force on 25th May 2018 and requires that all businesses issue a privacy statement to all clients and contacts, regarding the data held about the individual.
What information is held
The information held comes from you as the parent and your child.
Information held may include
I only hold the data needed to provide the services you engage me to provide. Contact information is used for scheduling, invoicing, and communicating my services.
Data will not be shared unless there is a legal obligation to do so.
All reasonable steps are taken to ensure your data is processed and stored securely. This information is usually stored on a password protected computer. Names, contact numbers and email addresses are also stored in my email contacts on my password protected computer.
Consent
It is assumed that when you pay for the services , you consent to me holding the information about your child on file. It is assumed that consent to communicate via GoogleMeet/Zoom/Skype and other online platforms is given by parents for the online session.
Data Breaches
The GDPR introduces a duty on all organisations to report certain types of data breach to the Information Commissioner’s Office (ICO), and in some case, to individuals. In the event of a data breach, I will notify the ICO of a breach where it is likely to result in a risk to the rights an freedoms of individuals – if, for example, it could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage.