Data Protection Policy May 2021

Introduction

The Mindfulness Glasgow (MG) will to the best of its ability adhere to the data protection principles of the Data Protection Act (DPA) which comes into force on 25 May 2018, which are:

  1. Personal data shall be processed fairly and lawfully.
  2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  4. Personal data shall be accurate and, where necessary, kept up to date
  5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
  7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Use of personal data

The records we use that contain personal data are hosted by the following DPA compliant software providers:

  • Email Marketing Software provider ‘Mailchimp’

These records are used solely for the purposes of administering course attendance and supporting continued engagement by individuals with the work of the MG. The personal data typically includes name, address, email address, emails sent to individuals via the CRM, courses attended and other engagement with the work of the MG (eg. being a member, on email list, etc.) for the purposes of administering attendance on MG courses and supporting continued engagement with the work of the MG.

Individual emails to and from the @mindfulnessglasgow.com email addresses are hosted by our DPA compliant email provider Krystal, for the purposes of administering attendance on MG courses and supporting continued engagement with the work of the MG, and will be reviewed and if no longer needed for these purposes will be deleted after a period of 1 year.

Personal data will be shared only with MG employees and self-employed MG tutors (also subject to the DPA) delivering the courses participated in and only to the extent necessary for administering the attendance of individuals on MG courses and supporting engagement with the work of the MA.

Personal data will not be shared with third parties.

Collection of data

When an individual’s data is initially collected, eg. via an online booking or by being inputted manually on Mailchimp, the individual will be made aware of the use which will be made of their information, by using the ‘Privacy Notice’  below and of this data protection policy.

Privacy Notice

The data you provide to Mindfulness Glasgow (MA) will be stored securely and will be used for the purposes of administering your attendance on MG courses and supporting your continued engagement with the work of the MG in accordance with our data protection policy, which can be downloaded from the MG’s website and is in accordance with the UK Data Protection Act. To support your engagement with us we will contact you from time to time via email with guidance to support your ongoing mindfulness practice, including details of upcoming courses, which may be of interest to you. You can opt out of receiving emails from the MG, at any time, by clicking the ‘Unsubscribe’ link at the bottom of our emails or by contacting Chloe@mindfulnessglasgow.com

Deletion of data

At any time you can request that your records on Mailchimp be deleted by contacting Chloe@mindfulnessglasgow.com

Records on Mailchimp will be deleted, where an individual has opted out of email communication and has not done any prerequisite courses with the MG.

Paper or electronic copies of documents held by the MG and which contain personal information will be destroyed or deleted when a course ends.

Emails to and from MG course participants or other individuals making enquiries to the MG will be reviewed after a period of 1 year and if no longer necessary for the purposes will be deleted.

Paper records will be destroyed by shredding or burning.

Right to a copy of information held

On request an individual will be provided with a copy of the information comprising their personal data and held by the MG, within 40 days of the request. All such requests should be sent via email to Chloe@mindfulnessglasgow.com

Information Security

Personal data is hosted by the following data processors, who are compliant with the new Data Protection Act:

  • and Email Marketing Provider provider Mailchimp, email provider Krystal and  authorised IT support contractors.

The data security arrangements of these providers have been reviewed to ensure that they meet the requirements of the Data Protection Act.

The Mindfulness Glasgow authorised IT support contractors will review information security on an annual basis and review this with all MG employees on or around 25 May each year.  No personal data will be passed to an individual who is not the individual concerned. Personal data passed on to the individual concerned will be sent to their Infusionsoft registered email address only. On receiving or making a phone call MG employees will establish the identity of the caller before disclosing or amending any of their personal data, asking for their postcode and details of the most recent course they attended.

All MG employees and authorised IT support contractors work from home and will ensure that all computers used for processing personal data are password protected, that the password is changed every three months and that home computers are securely stored when not in use. Computers will be screen locked or logged out of when employees are away from their desks. Desks will be cleared at the end of each day and any personal information or other sensitive information securely stored in a locked cabinet. Computer screens should be positioned facing away from windows.

Care will be taken to prevent virus attacks by ensuring computers have virus protection software and undergo regular software updates and care should be taken when opening email attachments and when visiting new websites.

Contacting Our Mailing Lists

We will continue to send you the monthly upcoming courses email and other emails promoting courses to you may be interested in as a way of supporting your continued engagement with the MA. Our aim is to make these emails engaging and supportive for your ongoing mindfulness practice. If you are a member the weekly membership emails will continue as they are now. These emails contain an unsubscribe button at the bottom that changes your email status on Mailchimp so that you will no longer receive emails from us.