Peer 2 Peer Mindfulness (including its trustees, employees, advisors, self-employed contractors and volunteers) will to the best of its ability adhere to the data protection principles of the General Data Protection Regulation (GDPR) which came into force on 25 May 2018, which are:
Personal data shall be processed fairly and lawfully.
Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
Personal data shall be accurate and, where necessary, kept up to date.
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Personal data shall be processed in accordance with the rights of data subjects under this Regulation.
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Use of personal data
The records we use that contain personal data are hosted by the following GDPR compliant software providers:
These records are used solely for the purposes of administering course attendance and supporting continued engagement by individuals with the work of the Peer 2 Peer Mindfulness. The personal data typically includes name, address, email address, payment card details (not accessible to Peer 2 Peer Mindfulness employees), emails sent to individuals via the CRM, courses attended and other engagement with the work of the Peer 2 Peer Mindfulness (eg. being a member, on email list, etc.) for the purposes of administering attendance on Peer 2 Peer Mindfulness courses and supporting continued engagement with the work of the Peer 2 Peer Mindfulness.
Individual emails to and from the Peer 2 Peer Mindfulness email addresses are hosted by our GDPR compliant email provider MailChimp and Gmail, for the purposes of administering attendance on Peer 2 Peer Mindfulness courses and supporting continued engagement with the work of the Peer 2 Peer Mindfulness CIC, and will be reviewed and if no longer needed for these purposes will be deleted after a period of 1 year.
Personal data will be shared only with Peer 2 Peer Mindfulness trustees, employees, volunteers and tutors delivering the courses participated in and only to the extent necessary for administering the attendance of individuals on Peer 2 Peer Mindfulness courses and supporting engagement with the work of the Peer 2 Peer Mindfulness.
Personal data will not be shared with third parties.
Collection of data
When an individual’s data is initially collected, eg. via an online booking or by being inputted manually on HubSpot, the individual will be made aware of the use which will be made of their information, by using the ‘Privacy Notice’ below and of this data protection policy.
Deletion of data
At any time you can request that your records on HubSpot be deleted by contacting us at: [email protected]
Records on HubSpot will be deleted, where an individual has opted out of email communication and has not done any prerequisite courses with the Peer 2 Peer Mindfulness CIC.
Paper or electronic copies of documents held by the Peer 2 Peer Mindfulness and which contain personal information will be destroyed or deleted on request.
Emails to and from Peer 2 Peer Mindfulness course participants or other individuals making enquiries to the Peer 2 Peer Mindfulness will be reviewed after a period of 3 years and if no longer necessary for the purposes will be deleted. Paper records will be destroyed by shredding or burning.
Right to a copy of information held
On request an individual will be provided with a copy of the information comprising their personal data and held by Peer 2 Peer Mindfulness, within 40 days of the request. All such requests should be sent via email to [email protected]
Information security
Personal data is hosted by the following data processors, who are compliant with GDPR:
merchant account provider Stripe, bank account provider Bank of Scotland; CRM provider HubSpot, email provider MailChimp & Gmail, website provider Weebly, and document storage provider DropBox accessible by Peer 2 Peer Mindfulness employees and authorised IT support contractors.
The data security arrangements of these providers have been reviewed to ensure that they meet the requirements of GDPR.
The Peer 2 Peer Mindfulness trustees and authorised IT support contractors will review information security on an annual basis and review this with all Peer 2 Peer Mindfulness employees on or around 25 May each year.
No personal data will be passed to an individual who is not the individual concerned. Personal data passed on to the individual concerned will be sent to their own email address only. If an email list is to be created by and for course members so that they may contact one another, this will always be done by an opt-in to the shared list by those who will be the members of that list only.
On receiving or making a phone call Peer 2 Peer Mindfulness employees will establish the identity of the caller before amending any of their personal data, by asking for their postcode and details of the most recent course they attended or registered to attend. All Peer 2 Peer Mindfulness employees and authorised IT support contractors work from home and will ensure that all computers used for processing personal data are password protected, that the password is changed every three months and that home computers are securely stored when not in use. Computers will be screen locked or logged out of when employees are away from their desks. Any personal or other sensitive information securely stored in a locked environment. Computer screens should be positioned facing away from windows. Care will be taken to prevent virus attacks by ensuring computers have virus protection software and undergo regular software updates and care should be taken when opening email attachments and when visiting new websites.
Contacting our mailing list
We will continue to send you the regular upcoming courses email and other emails promoting courses to you that you may be interested in as a way of supporting your continued engagement with Peer 2 Peer Mindfulness.
Our aim is to make these emails engaging and supportive for your ongoing mindfulness practice. These emails contain an unsubscribe button at the bottom that, if chosen, changes your email status on MailChimp so that you will no longer receive emails from us.