Privacy policy
Claire Pickman Forest School respects your privacy and is committed to protecting your personal data. This privacy policy tells you how your personal data is used when you visit my website, interact with me and buy my services. It also tells you about your privacy rights and how the law protects you. It is important that you read this privacy policy so that you are fully aware of how and why your data is used.
This Policy was last updated in March 2024
1. This Policy sets out my commitments to you, in compliance with and beyond the General Data Protection Regulation (commonly known as the GDPR) and explains how your personal information is stored, collected and used. Collecting specific, relevant personal information is a necessary part of being able to provide you with any services you may request from me and managing my relationship with you. As a data processor this privacy notice sets out in detail what information may be held about you (such as your contact details, medical information, dietary requirements, etc.), how your personal information may be used and the reasons for these uses, together with details of your rights.
2. Data Protection principles: I will always comply with data protection law. This states that personal information that we hold about you must be: i) Used lawfully, fairly and in a transparent way ii) Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with these purposes. iii) Relevant to the purposes that we have informed you about and limited to only those purposes. iv) Accurate and kept up to date v) Kept only as long as is necessary for the purposes we have informed you about. vi) Kept securely.
3. The kind of information I may hold about you: Personal data or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). Depending on the circumstances (see section 4 – how your personal information is collected), I may collect, store, and use the following categories of personal information about you: i) Personal contact details such as name, title, telephone numbers and e-mail addresses ii) Medical information
4. How your personal information is collected. I may collect personal information about users of the platform in a number of different ways. i) Directly from you - for example, through the booking of a term of sessions, an event or birthday party. ii) From someone else acting on your behalf – for example where a parent or guardian has purchased a membership or course for a child.
5. My basis for processing personal data and the purposes for which it is used. When you purchase a product or service, that is a contract. Where it is necessary for legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, for example when carrying out fraud screening as part of the check-out process. Where I need to comply with a legal or regulatory obligation. For example, keeping records of our sales for tax compliance. Generally, I do not rely on consent as a legal basis for processing your personal data other than where the law requires it, for example in relation to sending certain direct marketing communications. Where the legal basis is consent, you have the right to withdraw consent at any time.
In some cases, I may need to process your personal data in order to comply with my legal obligations. For example, we may need to process personal data in order to comply with health and safety legislation, link to suppliers for Disclosure and Barring Services (criminal records) to obtain checks on assistant and volunteer roles (where relevant) for safeguarding purposes, report certain tax information about our financial arrangements with third parties to HM Revenue & Customs and assist with investigations by police and/or other competent authorities.
6. How special categories of personal information may be used. Special categories of sensitive personal data such as medical information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. The provision of relevant medical information is optional, and we only process this personal information where it is required but not providing relevant medical information may result in us not being able to accept a booking.
7. Who your data and personal information may be shared with. Your personal data may be shared with the parties set out below for the purposes set out in this privacy policy. Your personal data may be shared with the following categories of third parties: suppliers and service providers (such as technology service providers, payment processing and fraud prevention providers, recognised educational settings and post and courier services); auditors and professional advisers like bankers, lawyers, accountants and insurers; and government, local government, regulators and law enforcement.
We use specific third parties as service providers that store personal data:
● Acuity (owned by Squarespace)
● Stripe for payment processing purposes
8. Cookies Information may be sent to your computer in the form of an Internet "cookie" to allow our servers to monitor your requirements. The cookie is stored on your computer. Our server may request that your computer return a cookie to it. These return cookies do not contain any information supplied by you or any personally identifiable information about you. Such measures are necessary to allow us to measure the usability of the systems, which will help in its continuing development to ensure that we understand the requirements of our users. Your browser software should however enable you to block cookies if you wish to. For more information about cookies, please visit www.allaboutcookies.org.
9. The period for which your information will be kept. Your information will be kept only for as long as is necessary for me to fulfil the purposes described in this policy. I will only retain your personal information for as long as necessary to fulfil the purposes it was collected for, including for the purposes of satisfying any legal, accounting, or reporting requirements of the data controller. To determine the appropriate retention period for personal data, I consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which I process your personal data and whether I can achieve those purposes through other means, and the applicable legal requirements. In some circumstances I may anonymise your personal information so that it can no longer be associated with you, in which case I may use such information without further notice to you.
10. Rights of access, correction, erasure, and restriction. i) It is your duty to inform me of changes. It is important that the personal information held about you is accurate and current. Please update your personal records for any changes on a timely basis. . ii) Your rights in connection with personal information Under certain circumstances by law you have the right to: • Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information I hold about you and to check that I am lawfully processing it. • Request correction of the personal information that is held about you. This enables you to have any incomplete or inaccurate information about you corrected. • Request erasure of your personal information. This enables you to ask me to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask me to delete or remove your personal information where you have exercised your right to object to processing (see below). • Object to processing of your personal information where legitimate interest is being relied upon and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. •Request the restriction of processing of your personal information. This enables you to ask me to suspend the processing of personal information about you, for example if you want me to establish its accuracy or the reason for processing it. •Request the transfer of your personal information to another party. If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to another party, please write to me at pickmanclaire@gmail.com . You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, I may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, I may refuse to comply with the request in such circumstances. I may need to request specific information from you to help me confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
11. Data security I have put in place measures to protect the security of your information, for example to backup and protect the integrity of my electronic communications and data storage systems. Details of these measures are available upon request. I have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. I have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where I am legally required to do so.
12. Transferring of data internationally Typically, Claire Pickman Forest School will not transfer your personal data to countries outside the European Economic Area (EEA) with the exception of those clients based outside of the EEA where I will comply with local data protection laws. On the limited occasions when this does occur (for example, because your personal data is stored on an IT system hosted outside of the EEA), I ensure that any such transfer meets the requirements of GDPR, for example because it is necessary for the provision of our products or services to you or for the establishment, exercise or defence of legal claims; or is otherwise subject to prescribed safeguards such as 'model clauses' approved by the European Commission. You can obtain more details of the protection given to your personal data when it is transferred outside the EEA by contacting me at pickmanclaire@gmail.com .
13. Right to withdraw consent In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent please write to Claire Pickman at pickmanclaire@gmail.com . Once I have received notification that you have withdrawn your consent, I will no longer process your information for the purpose or purposes you originally agreed to, unless there is another legitimate basis for doing so in law.
14. Changes to this privacy notice I reserve the right to update this privacy notice at any time, and will provide you with a new privacy notice when I make any substantial updates. Please check the privacy policy regularly for updates and amendments. If you have any questions about data protection or this privacy notice, please contact me at pickmanclaire@gmail.com .