College of Body Science

Your privacy and your confidence in us to maintain it is important to us!

We want everyone who interacts with us to feel confident and comfortable with how any personal information you may share or have shared with us will be used, and to know how we look after it. The requirements are that this is in a 'concise, fair, open and transparent manner'. If you have any concerns that we are not delivering on this then please do get in touch.

Our policy has been developed in line with GDPR (General Data Protection Regulation) requirements needed from 25 March 2018, as well as the Data Protection Act and the Privacy and Electronic Communications Regulation.

We are committed to treating you with respect and openness.  

Here goes...

1. How we collect information about you

We want to make sure you receive the communications that are most relevant to you, be it through visiting our website or receiving emails, post or phone calls. We need to make sure we share the information that you need to know when you book on and/or attend a course and that you understand why we may ask for certain pieces of information.

When you call us to find out more about the courses we offer: if you ask us to call you back, send you course details or go on our email list, we will ask you for relevant info so we can do what you have asked of us. 

When you book on a course: either on the website or over the phone. We will ask for relevant details including name, address, email, phone number, current therapy, what previous A&P study you may have done. 

When you visit our website: you can sign up for our free content or just subscribe to our newsletter.

We gather general information which might include which pages you visit most often and which services, events or information is of most interest to you. We may also track which pages you visit when you click on links in emails from us. We also use "cookies" to help our site run effectively. The first time you visit the site there should be a pop up that asks if you are OK with this (if you have not seen that recently it is likely because you have already agreed to this on a previous visit to the site). You are able to clear your cookies at any point or you can decline to accept them. There is a chance the website may then work slightly differently in places. There are more details below – see 'Cookies'.

We do use Google analytics on our website which will track things like when visits are made to the website, the pages people land on and then click to and how long people stay on there (please see Google analytics if you want more information about this). This does not store your personal data, other than noting your IP address. We do this so we can get an idea of the sort of information people generally are looking for so we can optimise our site. In truth, we rarely have time to actually do all that much with all this information and it is also true that you can sidestep this by using private browsers or declining cookies.

2. What we collect and why

Personal information we collect includes details such as your name, date of birth, email address, postal address, telephone number and credit/debit card details (if you are making a purchase), as well as information you provide in any communications between us.  You will have given us this information on registering for an event, ordering something on the website or over the phone or in some instances in person. We will mainly use this information:

• To process any payments and provide the services or goods that you have requested.
• To update you with important administrative messages about a class or services or goods you have requested.
• To keep a record of your relationship with us.
• To contact you about our work and any other products or classes you may be interested in.

We will not pass on your details to anyone else. There has never yet been an occasion where we have even contemplated this – if there ever was please rest assured we would ask your permission first.

3. How we store your data

We have a couple of places where your information may be stored:

1. Office database: we have a database that was designed and written for us specifically for the things that we need to do. This includes things like printing out participants lists for classes (we always ask if you want to go on this first), getting the name you want on any certificates issued and preparing invoices, etc. This is password protected and held password protected in the cloud. 
2. Dotmailer: this is the emailing service we use to send bulk emails (much easier, prettier and more efficient than sending them one at a time). In here, if you have signed up to an online course or mailing list from the website, done a course, or talked to us in person or on the phone and given us permission to contact you, via an intro class or something other, then we store your email address, first and sometimes (not always) your last name, and occasionally particular courses you have done, so we do not repeat marketing about them, or if there is a follow on to that particular level of course. You can unsubscribe at any time. This button is on every email we send.
3. Thinkific: this is our ecommerce website. If you have signed up for a course online and therefore opened an account, then your info will be stored on their servers so that you can come back to access the course and possibly buy other things again in the future. They also have a privacy policy which you can find here. https://www.thinkific.com/privacy-policy
4. If we take payment details from you they are shredded as soon as they have been processed by our small but perfectly formed cross shredder and then used as bedding by Milo the hamster (information correct as at 25 May 2018).  Payment information online is taken either via Thinkific, if you choose to pay by card, or you can send a BACS or possibly even a cheque (go on... its been ages since we've had one of those!); the online booking process on Thinkific will record this so we know who to chase and who to thank. We do not store anything except the amount you paid and the way you paid it. 

4. Thinkific

Our courses and site is hosted by Thinkific Labs Inc. (“Thinkific”). They offer an amazingly functional online course creation platform that help us make our classes available to you.

Your data is stored through Thinkific’s data storage, databases and the general Thinkific application. They store your data on a secure server behind a firewall.

Payment:

If you make a purchase on our site, we use their payment gateway. Payments are encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our site and related courses and its service providers.

For more insight, you may also want to read Thinkific’s Terms of Service here https://www.thinkific.com/resources/privacy-policy/ or their Privacy Statement here https://www.thinkific.com/resources/terms-of-service/ .

5.       Marketing

While I think we are improving this gradually, I have always felt I am a bit rubbish at it. You will not get daily, weekly or even monthly emails from us. You may get a flurry when you initially sign up so we can share things we hope you will like about us, or after you have done a course (eg some reminder emails we have developed to help you remember everything in a class – we will have mentioned these to you at a course and you can opt out at any time). After that you will usually get something relevant to what you have studied with us (or not yet) in the form of general updates, new classes scheduled, blog posts etc., as often as we get round to it, probably fairly dependant on how busy we are. Dotmailer (the emailing service I mentioned) does know whether or not you open them so we can see if what we write seems to be interesting or not. We have also begun to automatically email anyone who has not opened anything in a longer period of time and see if they still want to be subscribed to our email list. 

Again, you can unsubscribe at any time. We have no wish, amazingly, even before 25 May 2018 (when GDPR came into play), to email anyone who does not want to be in touch with us. Just let us know.

We have a Facebook page, a Twitter, Instagram and Linkedin account. But you have to have signed up to them to see any of our posts and social media promotions. We do not make any record of who is using / interacting with us and do nothing with any of that possible data. I cannot speak for the apps themselves of course…

Your right to be removed:

Of course you can be removed from our email list or postal list at any point. Just let us know. What we cannot remove are details of money you have spent with us – HMRC want to know - but only for seven years right?

6.       Sharing your information

The personal information we collect about you will mainly be used by our staff or shared (with your permission) on class lists. 

We will never sell or share your personal information with organisations so that they can contact you for any marketing activities. Nor do we sell any information about your web-browsing activity.

We will only disclose your personal information if we are required by law to do so or if you violate our Terms & Conditions.

7.       Keeping your information safe

We take looking after your information very seriously. We password protect all digital information and have locks on filing cabinets for all files. 

The transmission of information via websites is beyond our immediate control but we have done all that we can to ensure we have chosen providers that have all the appropriate measures in place. If you have any concerns, please let us know. 

Our website may also contain links to other sites,. While we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites. Please be aware that this privacy statement does not cover the information practices of those websites.

8.   Your rights

You have various rights in respect of the personal information we hold about you.  If you wish to exercise any of these rights or make a complaint, you can do so by contacting us at 196 Surrenden Road, Brighton, BN1 6NN, by email at [email protected] or by phone on 0845 108 1088.  You can also make a complaint to the data protection supervisory authority, the Information Commissioner's Office, https://ico.org.uk/

You can: 

Request access to your personal information: You have the right to request access to a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge.  Please make all requests for access in writing, and provide us with evidence of your identity.

WIthdraw consent: If you have given us your consent to use personal information (for example, for marketing), you can withdraw your consent at any time.

Change/update: You can ask us to change or complete any inaccurate or incomplete personal information held about you.

Remove: You can ask us to delete your personal information where it is no longer necessary for us to use it, if you have withdrawn consent, or where we have no lawful basis for keeping it.

Restriction: You can ask us to restrict the personal information we use about you where you have asked for it to be erased or where you have objected to our use of it.

So, in short, we are doing our best to comply to all the regulations and will continue to do so.