Privacy Policy

Introduction

The purpose of this document is to ensure that I am Emma Robinson (“I am Emma Robinson” hereinafter referred to as “Emma Robinson”) has a framework that ensures the freedom and rights of individuals in relation to their personal data and adheres to industry practice when managing client information and business records.

As a coach, consultant and trainer, there is an obligation to keep your affairs confidential. However, Emma Robinson is also subject to the General Data Protection Regulation. This notice is to help you understand how and why we collect your information and what we do with that information; it also explains the decisions that you can make about your own
information.

Governance surrounding information processing sets out the way in which information collected by an organisation is managed and ensures that all information collected is:

Correct information at the time of collection
Stored in the correct location
Collected when needed for necessary purposes
For legitimate purposes.

Right to complain to the Information Commissioner’s Office	You have the right to complain to the ICO if you have concerns about how we handle your data. The ICO contact details can be obtained online.
Generally	We hope that this information is clear and “jargon free”. Please let us know if you have any difficulty in understanding it so that we can consider revising it to make it clearer.
Right to access your data	Should you wish to access the data we hold in relation to you, please e-mail us and we will respond as soon as possible and in any event within 28 days
Right to restrict processing and right to object to processing	You are free at any time to request that we cease processing your personal data or that we take different measures to those we already have for processing your data. If you request that we cease processing your personal data, we will do so immediately and that will mean we can no work with you. In regard to any request that we adopt different measures as to how your data is processed, we will deal with any such request as soon as possible and in any event within 28 days.
Right to rectification	If you believe that any of the information we hold in relation to you is wrong, please do not hesitate to contact us providing us with details and if you are correct, we shall amend that information within 7 days
The lawful basis for the processing	The processing is necessary for the performance of the agreement we have with you
Purpose for which we process your data	Emma Robinson processes personal information to enable the provision of coaching, consultancy and training, to advertise services and to maintain accounts and records.
Name and contact details of our representative	Emma Robinson emma@iamemmarobinson.com
Our name and contact details	Emma Robinson c/o I am Emma Robinson emma@iamemmarobinson.com

Using your Information

Personal information is information that Emma Robinson holds about you which identifies you as an individual.

All personal information stored will be deleted upon confirmation that it is no longer required, or its purpose of processing is no longer valid. On some occasions, anonymised personal data will be retained whereby a client has provided a testimonial for use on the organisations website. If data is non-identifiable, this data will not be subject to GDPR legislation and thus means that there is no expiration date.

Under the General Data Protection and Retention (GDPR) legislation, individuals whom have personal data held on them have:

The right to be informed
The right of access
The right of rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
The right not to be subjected to automated decision-making

o Emma Robinson does not use automated decision-making utilities such as profiling.

Mailchimp

Emma Robinson uses a third-party provider, Mailchimp, to manage newsletters which are subscribed to through the subscription form on this website. The below provides further information on how Mailchimp complies with the GDPR:

Right of Access
o Mailchimp provides the ability to export data about individual contacts so

that data may be provided if requested
Right to be Forgotten

o Mailchimp allows for contacts to be deleted at any time, this anonymises any data in further reports so that compliance is retained without losing insight
Right to Object
o If an individual objects to having their personal data processed, they can be

removed from the mailing list at any time
Right to Rectification

o Contact lists may be corrected or updated at any time, it is also possible for subscribers to update their own details where necessary
Right of Portability
o It is possible to export audiences, or selected information within any

audience, at any time. Any change to email provider will be updated within this statement.

Wix

Wix is a third-party service which is used to host the Emma Robinson website. Wix collects anonymised data surrounding how long an individual remains on a page, and their path through the website. Since no personally identifiable information is collected by Wix, this is not subject to the GDPR regulation.

Should a user have any concerns that their data is being processed by Wix, they should get in touch using the Contact Form provided on this website, or contact emma@iamemmarobinson.com.

Some plugins installed within the Wix website are provided by a third-party to provide non-essential functionality to the website. All plugin providers are compliant with the GDPR regulations, and do not hold any personal information upon the users of the website.

Wix is not a tool which provides personally or legally sensitive details on visitors by default.

Google Analytics

Upon visiting www.iamemmarobinson.com, Google Analytics (a third-party provider) are used to collect information about what visitors do when they enter the website. For example, Google Analytics identifies the most visited page, how long visitors spend on a site, the region visitors are located and the general flow of visitors throughout the site. Google Analytics collects non-identifiable data, meaning that Emma Robinson nor Google can identify who is visiting.

Retention Schedule

Information Asset	Information Owner	Retention
Subject Access Request	Director	3 years alongside session notes, or plus 2 years following case closure if request is made after 1 year of storing data
Complaints	Director	3 years following resolution of complaint case
Insurance Policies	Director	10 years from the date of policy expiry
Tax Returns	Director	6 years from the end of the financial period for which they represent
Sat Nav Records (from travel to locations)	Director	Entries to be deleted prior to disposal of device
Promotional Materials	Director	Until agreed notice superseded, consent to be rechecked before reusing
Client records such as consultation or session notes	Director	3 years after final session concludes
Contact Details held on Devices	Director	Entries to be deleted prior to disposal of device
Email (including sent items)	Director	Although the GDPR does not dictate how long emails should be kept for, Emma Robinson will retain emails for a period of 3-6 years with the exception of emails containing personal data, which will be removed 3 years following the final session

Data Processing

It is required that the individual must provide clear consent for their data to be processed for the specific purpose detailed in the consent form for the corresponding processing. Processing must be necessary for the purposes of the contract.

The above means that Emma Robinson does not require consent to hold your data to provide a service, however consent is required to contact you for specific purposes. Participating in the service by attending more than one appointment means that you agree with the Terms and Conditions provided to you at the beginning of service delivery.

Emma Robinson processes personal information to enable the provision of coaching, consultancy and training, to advertise services and to maintain accounts and records. Information may only be collected which is relevant to the aforementioned processing:

Personal Details (including Addresses)
Family Circumstances
Lifestyle and Social Circumstances
Summary of Financial Details
Employment / Education Details
Physical / Mental Health Details
Religious or other beliefs
Offences and alleged offences
Organisation Intellectual Properties
Organisation Partners / Client Databases
Organisational Structures
Organisation Financial Information
Organisation Strategies & Roadmaps.

Emma Robinson processes personal information about Clients, Business Contacts and Suppliers.

Data Breach Procedure

All personal data / information held by Emma Robinson is stored securely. Physical records are held securely in a locked cabinet behind a locked door. Electronic data is stored on a computer secured using BitLocker and a Password within the C Drive of the device or other compliant cloud service.

In the unlikely event of a data breach, Emma Robinson will comply with the regulations defined under Article 33 of the GDPR:

“In the case of a personal data breach, the data controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the ICO, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of the individual. Where the notification to the ICO is not made within 72 hours, it shall be accompanied by reasons for the delay.”

The notification to the Information Commissioners Office (ICO) shall at least include:

A description of the nature of the personal data breach including where possible, the approximate number of data subjects, the categories and approximate number of personal records concerned
Communication of the name and contact details of the data controller where more information can be obtained
A description of the likely consequences of the personal data breach
A description of the measures taken or proposed to be taken by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

Right to Erasure

Any person whom has personal data stored by Emma Robinson may put in a request for their personal data to be removed, thus exercising “the right to be forgotten” or “the right to erasure” as defined by the GDPR regulation.

When a request is received, hard copy data will be shredded using an organisation-owned shredding machine, and all electronic data will be permanently deleted. The individual should be notified upon completion of the erasure, with the request for erasure being held for 3 years following its receipt.

Subject Access Request

A Subject Access Request (SAR) permits individuals to request a copy of their personal information.

A SAR must be actioned within one month, at most within two months; a delay of longer than two months requires a reason for delay to be provided. There should be no fees for a SAR, unless there is a disproportionate fee to Emma Robinson for sending out the information. A SAR request regarding information held will result in:

A description of the data held
A reason for the data being held
Information of who the data is disclosed to
A copy of the information being provided.

SAR requests should be provided in writing to Emma Robinson – a response will be confirmed formally by letter or email. If any information held is deemed to be incorrect, the individual can request this be corrected in writing to Emma Robinson.

Complaints or Enquiries

Emma Robinson welcomes any enquiries related to this privacy policy, or its storage and processing of sensitive data or information. Complaints regarding this policy, or identifying areas for improvement, will help drive improvement of this policy.

We hope that this information is clear and “jargon free”. Please let us know if you have any difficulty in understanding it so that we can consider revising it to make it clearer.