Introduction

General Data Protection Regulation (GDPR) comes into force on 25th May 18.  It concerns every company who processes the personal data of EU citizens. The regulation builds on existing data protection laws and broadens citizens power’s to access, remove, update and control how their data is processed by companies such as Excel Gymnastics. Companies such as Excel Gymnastic have extra responsibilities to protect this data under GDPR and within this statement, we clarify our position on the key points.

For more information about the GDPR, please see https://www.dataprotection.ie/docs/GDPR/1623.htm and http://gdprandyou.ie/. These websites have both been produced by the Data Protection Commissioner of Ireland.

Definitions:

Personal data is described as “any information that relates to a living individual”. It also includes any data that can be used with other sets of data to identify an individual. Examples of personal data are name, PPS number, home or business address, online customer number or email address.

“Processing” relates to operations carried out on personal data including collection, organising, recording, storing, structuring and using. Processing does not entail automated or computerised methods only, but includes non-digital, paper-based systems or processes for data processing.

A “Data Subject” is the individual whose personal data is being processed

A “Data Controller” is the organisation which determines how personal data is processed. Excel Gymnastics is a data controller.

A “Data Processor” is an organisation which processes data on behalf of a Controller. This typically means a third party who is used by the Controller to process their data (for example, a third party company used to send out marketing materials or a courier service sending parcels on behalf of an online shop.

Excel Gymnastics as a Data Controller

A data controller according to the GDPR is “the natural or legal person, public authority, 
agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law”

Excel Gymnastics collects information from all clients at sign-up for the sole purpose of provisioning the service selected and providing means to bill on a recurring basis. Excel Gymnastics does not collect any data on individuals which is not required for the provision of these services and actively works to minimize the information we store which is classified as “personal data”. Excel Gymnastics seeks to be transparent with our customers with respect to the personal data we collect at all times.

What we collect as part of our service:

Name, Postal Address, Email address, Phone number, Childs Date of Birth and any medical allergies/conditions. This is solely to deal with any emergency issues that arise and for Gymnastics Ireland Insurance purposes only.

·         Phone Calls

Excel Gymnastics does not collect metadata around telephone calls including caller number and call duration. Excel Gymnastics do not record telephone conversations.

·         Other

From time to time Excel Gymnastics may request personal data from you as part of your relationship with Excel Gymnastics and the services we provide. When we do ask for this information, we will inform you in clear terms why we are requesting this and will inform you of relevant retention periods for this information. In some cases, such as compliance with Irish revenue, some information must be kept for a period of 7 years. Put simply, Excel Gymnastics do not want to store your personal data any longer than we must.

Our GDPR Promise

As an Irish company, Excel Gymnastics are committed to ensuring our business and processes are compliant with the new data protection rule.

Before the GDPR implementation date, we will have in place:

·         Data protection training for Excel Gymnastics employees, to ensure they understand their role in data protection compliance.

·         Revised internal policies relating to data protection and responsibilities within our organisation for ongoing GDPR compliance.

·         Comprehensive review all our systems, processes and services to ensure they meet the requirements of GDPR.  Particular focus on the security of data and our use of any external third-party services

·         Procedures to ensure compliance after the GDPR deadline. Scheduled Reviews.

·         Updated terms and conditions of services that meet the contractual requirements of GDPR in the Data Controller – Data Processor relationship

We are compliant because:

·         We have fully reviewed our GDPR compliance both regarding the services we offer our customers and our internal policies and procedures

·         We have implemented technical and personnel protocols to ensure the security of your data

·         We carry out ongoing due diligence against our sub-processors or other third party processors we use to ensure their GDPR compliance (e.g. EZFacility, Gymnastics Ireland).

Maintaining Security

Excel Gymnastics employees are kept fully up to date with all aspects of business security and ensure the ongoing security of our information. Updates are applied to our systems regularly and any changes or updates to our own systems are done so with data protection and data privacy in mind.


 

Data Breaches

In the unlikely event of a breach (as defined by the GDPR) we will notify you within 48 hours of the breach coming to our attention. As required by the GDPR, we will also report relevant breaches to the office of the Irish data protection commissioner.

GDPR / Data Protection Contact for Excel Gymnastics

If you require any further information about Excel Gymnastic’s GDPR compliance or wish to make a request under the GDPR, please use the details below and we will assist with your query.

General Queries: email  This email address is being protected from spambots. You need JavaScript enabled to view it.

For access requests, please write to us at:

GDPR Requests, Excel Gymnastic, Unit 6 Celbridge Industrial Estate, Celbridge, Co. Kildare. W23 PX95

·         Access requests do not carry a fee and will be replied to within 30 days.

·         Should we refuse your request, we will outline in detail why this is the case

·         Should you wish to update any element of the data we have on file, you can do this through the functions available to you or as part of that request.

·         Should you wish to request your data be deleted, you can do this through the functions available to you

 

     Regards

     Excel Gymnastics

 


 

Please Note : One of the more commonly known elements of the GDPR is  The right to be forgotten. We have outlined this below.

 

GDPR – The right to erasure

Under article 17 of the GDPR a data subject has the right to be forgotten:

“The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay…”

Exceptions to these requests can be found here: https://gdpr-info.eu/art-17-gdpr/

These exceptions allow for Excel Gymnastic as the data controller to refuse such a request under certain circumstances. Per our GDPR statement, we are required to maintain some data for revenue reporting for a period of approx 7 years. We can also retain data where there is an outstanding legal issue.

Please email us at This email address is being protected from spambots. You need JavaScript enabled to view it. if you wish to action your rights under article 17

 

Go to top