DATA PROTECTION POLICY
At RSFIT LTD, we respect the privacy of the all our clients attending there sessions or using our online services at ww.rsfit.co.uk. Our aim is to ensure that all those using and working at RSFIT LTD can do so with confidence that their personal data is being kept secure.
Our Data Controller is Rajif Sadikovic. The Data Controller ensures that the RSFIT LTD meets the requirements of the General Data Protection Regulation (GDPR), liaises with statutory bodies when necessary, and responds to any subject access requests.
Within RSFIT LTD we respect confidentiality in the following ways;
• All personal data is stored securely in a lockable file or on a password protected computer or
• Information provided is not shared or discussed with anyone unless permission is give i.e. transformation pictures uploaded on social media, results etc
Information That We Keep
The items of personal data that we keep about individuals are documented on our personal data matrix. The personal data matrix is reviewed annually to ensure that any new data types are included.
We hold only the information necessary to provide our services for each client. This includes PAR Q, registration information, medical information, emergency contact information, attendance records, incident and accident records and so forth. Once a client leaves RSFIT LTD we retain only the data required by statutory legislation and industry best practice, for the prescribed or recommended periods of time. Electronic data that is no longer required is deleted and paper records are disposed of securely.
We keep information about employees to meet HMRC requirements, and to comply with all other areas of employment legislation. We retain the information after a member of staff has left our employment for the recommended period of time, then it is deleted or destroyed as necessary.
Sharing information with third parties
We will only share client information with outside agencies on a need-to-know basis and with consent from clients, except in cases relating to criminal activity, or if required by legally authorised bodies (e.g. Police, HMRC, etc). If we decide to share information without client consent, we will record this in the clients file, clearly stating our reasons.
We will only share relevant information that is accurate and up to date. Our primary commitment is to the safety and well-being of the client.
Some limited personal information is disclosed to authorised third parties we have engaged to process it, as part of the daily operation of our business, for example to run our payroll and accounts, to process on-line bookings and payments, for debt recovery. Any such third parties comply with the strict data protection regulations of the GDPR.
Subject access requests
• Clients can ask to see the information and records relating to them.
• Staff can ask to see any information that we keep about them.
• We will make the requested information available as soon as practicable and will respond to
the request within one month at the latest.
• If our information is found to be incorrect or out of date, we will update it promptly.
• If any individual about whom we hold data has a complaint about how we have kept their
information secure, or how we have responded to a subject access request, they may complain to the Information Commissioner’s Office (ICO).
We comply with the requirements of the General Data Protection Regulation (GDPR), regarding obtaining, storing and using personal data.