1. Introduction Welcome to Meraki Movement’s Privacy Notice. At Meraki Movement, we want you to know that we have your best interests at heart and in this Privacy Notice, we give you information on how we collect and process your personal data when you use our website, take part in any of our competitions, sign-up as a client with us (and purchase any of our products and/or services) or are a service provider to us.As data protection is really important to Meraki Movement, we may provide you with additional data privacy notices or information that is specific to your situation – and if we do, you need to read that additional information alongside this Privacy Notice (which is our key document and will always apply).
2. Privacy Notice Meraki Movement is a data controller of your data and has implemented a privacy by design approach when creating its business in order to ensure compliance with data protection principles that are enshrined within legislation. Meraki Movement does the following:
(a) What personal data do we collect on you?
Personal data, or personal information, means any information about you from which you can be identified. It does not include data where your identity has been removed (and therefore would be anonymous data).
We may (contingent on our relationship with you) collect, use, store and transfer different kinds of personal data about you and have grouped it together below:
Identity Data includes first name, maiden name, last name, username or similar identifier.
Contact Data includes email address and telephone numbers.
Technical & Usage Data includes internet protocol address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use (e.g. to access this website).
Transaction Data includes details about payments made from you to us for our services.
Medical Data includes health information (and any medical conditions that you suffer).
The only special category of personal data that Meraki Movement may collect about you is Medical Data. This, however, is only in the situation where you have chosen to provide it to us and give us your explicit consent to record this data. If you do give us this explicit consent, we will treat your Medical Data very seriously and will ensure that appropriate technical and organisational measures are put in place to ensure that it is fully protected.
(b) How is your personal data collected?
The only way in which we collect your personal data is through our direct interactions and when you choose to give us feedback and/or contact us (such as via our website or social media channels).
(c) How do we use your personal data?
The personal data that we collect from you depends on our relationship with you. If you choose to contact us through our website or social media channels, we will use your Identity Data and Contact Data to engage with you. If you’ve subscribed and joined the Meraki Movement, we will have your Identity Data, Contact Data, Technical & Usage Data and Transaction Data.
The legal bases for which we collect your personal data are as follows:
As it’s important that any personal data that we hold about you is accurate, we would be grateful if you would please keep us informed if any of your personal data changes during our relationship.
(d) What happens if you to fail to provide your personal data?
Where we need to collect personal data by law, or under the terms of a contract that we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into (for example, for you to join our Meraki Movement sessions). In this case, we may have to cancel our contract with you, but we will notify you if this is the case at the time.
(e)Do we disclose your personal data to others and if so, who?
The only situation in which we would ever share your personal data with others would be with the following parties:
We require all third-parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions, except for when such third-parties are regulators and other governmental organisations.
(f) Is your data ever transferred outside of the European Economic Area (“EEA”)?
When sharing your personal data with our third-party suppliers (outlined above), this may
include transferring your data outside of the EEA. Whenever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to it. Please contact me on firstname.lastname@example.org if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
(g) How long do we retain your data?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe that there is a prospect of litigation in respect of our relationship with you.
By law, in some circumstances, we have to keep basic information about our clients (including Contact Data, Identity Data and Transaction Data) for 6 years after they cease being clients for tax purposes.
In other situations, and in order to determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data. We do not hold Medical Data for longer than absolutely necessary in order to provide you with our services.
In some circumstances you can ask us to delete your data: see “what are your legal rights?” below for further information.
(h) What are your legal rights?
|Legal right||What is it all about?|
|Request access to your personal data (commonly known as a “data subject access request”)||This enables you to receive a copy of the personal data that we hold about you and to check that we are lawfully processing it.|
|Request correction of the personal data that we hold about you||This enables you to have any incomplete or inaccurate data that we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.|
|Request erasure of your personal data||This enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable at the time of your request.|
|Object to processing of your personal data||This applies when we are relying on our legitimate interest(s) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.|
|Request the restriction of processing of your personal data||This enables you to ask us to suspend the processing of your personal data such as if you want to establish the accuracy of the data that we are processing.|
|Request the transfer of your personal data to you or a third-party||We will provide to you, or a third-party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use and where we used the information to perform a contract with you.|
|Withdraw consent||This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw consent.|
If you wish to exercise any of the rights set out above, please contact us on email@example.com.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We will try to respond to all legitimate requests within 1 month. Occasionally, it could take longer than 1 month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
(i) Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We have also put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.
(j) Third-Party links and social plugins
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third-parties to collect or share data about you. We do not control these third-party websites and we are not responsible for their Privacy Notices. When you leave this page, we encourage you to read the Privacy Notice of every website you visit.
3. Contact us If you would like to get in touch with this team, please kindly contact firstname.lastname@example.org.
We also need to let you know that if you have any concerns and/or you’re not happy with our approach, you have the right to make a complaint at any time to your local data protection regulator. The data protection regulator in England is the Information Commissioner’s Office (“ICO”) and you can find out about it by clicking here.This Privacy Notice is kept under regular review and was last updated in January 2020.