The UK Government introduced the EU’s General Data Protection Regulation (GDPR) on the 25th of May 2018.
Fundamental Life are dedicated to meet these obligations and protect your personal data. We are aware of the liability we have to ensure that all our suppliers and staff meet GDPR mandates, regardless of their location.
Fundamental Life have committed to meet the industry standards for ISO 2001: 2015 and are externally audited each your for compliance to ensure we meet the necessary standards. We are committed to protect the privacy of all our clients, staff and suppliers.
Fundamental Life are committed to review and update our processes to ensure we comply with our GDPR obligations on an ongoing basis and will advise all stakeholders of any changes we make to the data we manage.
In the event of a data breach we commit to advise the affected individuals within 72 hours of our discovering the breach and we will investigate the matter and take necessary action to ensure the breach does not reoccur. The affected individuals will be advised of any action and where necessary we will advise the appropriate authority (ICO).
A log of breaches is also kept within the office and any action taken.
We always ask forum members how they would like their data presented. We will also require permission to use any delegate images when photographs or videos are taken at Fundamental Life
New staff will be GDPR trained on induction and coaching will be repeated for existing staff annually.
Personally Identifiable Information (PII)
We have identified the minimum personal data we should request and retain. Data is collected online via our website and App, in written format, verbally over the telephone and face to face.
To run Fundamental Life, data is held in hard copy and in electronic formats on our websites and digitally at the suppliers listed below under Business Partners and Suppliers.
Providing visibility and transparency
We commit not to pass any data to a third party, other than those suppliers detailed in this Policy, without permission. We will provide details of data retained only to the supplier, customer or member of staff to whom the data relates. We shall provide this data within 7 working days of receiving a verified written request to ensure visibility and transparency. Requests for details of data held should be emailed to firstname.lastname@example.org. Emails will be verified before data is sent out.
Enhancing data integrity and security
Data privacy and data security are equally important. Bank and payment details taken for payment purposes are deleted or shredded immediately after use. All data kept in hard copy format is in filing cabinets located in our offices which are not open to the public. Cloud based data is controlled by our suppliers below.
Portability and transferability of data
All the data provided and processed by Fundamental Life can be transferred to another company depending on technical feasibility. Fundamental Life provide such data on request in basic Microsoft formats (Word and Excel). Email email@example.com if you would like your data transferred to one of our competitors. Data will not be transferred until the email request has been verified.
Business Partners and Suppliers
To run Fundamental Life we use software provided by suppliers from across the globe. These are our suppliers and business partners: Microsoft Office , Xero accounting software, Capusle CRM software, Google Documents, Business On-Demand, Mobile Applications, Surveymonkey, Mailchimp, Eventbrite, Facebook, LinkedIn, Twitter, WordPress, Framptons, ESCC, Paypal, Go-Cardless, PaymentSense, Barclays Bank. For full details of the data held about you at any of these business partners please email your request to firstname.lastname@example.org. We will verify that you have requested this information before replying with your data by email.
All these suppliers have committed not to use our data for any other reason and will not pass it on to a third party.
Should the needs of the business dictate that we change or add a supplier, we commit to ensure that any new supplier is also committed to observe GDPR.
The GDPR rights we will observe
- The right to be informed. An individual can ask for details of the data we hold about them and how it is held. We commit to give them this detail within 72 working hours of receiving a verifiable email from them to email@example.com.
- The right of access. An individual wishing to understand the data held about them can request details of that data by email. We commit to provide the information within 72 working hours.
- The right to rectification. If we hold incorrect personal data about an individual, on receipt of a verifiable email we commit to put it right within 72 working hours.
- The right to erasure. If an individual would like us to remove data about them we will remove it within 72 working hours on receipt of a verifiable email. This will exclude any financial data we are required to keep for six years by law.
- The right to restrict processing. If an individual objects to any data held about them, they have the right to restrict any further processing of that data.
- The right to portability. We will provide any personal data held electronically to any third party on receipt of a verifiable email request from the individual to whom the data refers.
- The right to object. An individual can object at any time to any personal data we hold about them. They must email the details to us and we will amend it or delete it within 72 working hours (subject to financial regulations and legal considerations).
- The right to understand any automated decision making. Fundamental Life does not use automated decision making.
Responses to data requests will be provided only on request of the person to whom the data relates or an authorised third party with power of attorney. Requests should be made by email to firstname.lastname@example.org where they will be considered and responded to as above. Verification will be made by telephone to a previously known telephone number.
Please note that emails will be verified before data is adjusted in any way.
GDPR privacy statements from our suppliers
We have checked the privacy policies and GDPR statements of our suppliers. (See links below). We will also request signed statements from smaller, more local suppliers to ensure that they protect the personal data they hold on our behalf and do not pass it on to any third party.
Microsoft GDPR Statement
Xero Privacy Statement
Google GDPR Statement
SurveyMonkey GDPR Statement
Mailchimp GDPR Statement
Payment sense Privacy Statement
WordPress GDPR Statement
Eventbrite GDPR Statement
Fundamental Life Consultant Trainer Declaration
We understand and agree to the General Data Protection Regulations which came into effect on May 25 th 2018.
Under GDPR we commit to use data provided by Fundamental Life according to their GDPR policy above.
We will not pass any data they provide to a third party.
We will destroy any personal data once it is no longer in use.
In the event of a data breach we will advise all the individuals affected by the breach within 72 hours of the breach occurring.
We will observe all the GDPR rights detailed in the policy.
Signed By (Name) ______________________________________________________
For (Company Name) ______________________________________________________
Fundamental Life Staff Declaration
I understand and agree to the General Data Protection Regulations which came into effect on May 25 th 2018 as set out in this policy document.
Under GDPR I commit to use data provided to Fundamental Life according to the GDPR policy above.
I will not pass any data provided to any third party other than the authorised suppliers detailed in this policy. I understand that any new suppliers who handle personal data will be required to sign the Suppliers Declaration above.
I will destroy any client personal data once it is no longer in use after six years.
Bank, debit and credit card data will be shredded immediately after it has been used.
In the event of a data breach I will make the Company aware immediately so that we can advise all the individuals affected by the breach within 72 working hours of the breach occurring.
I will observe all the GDPR rights detailed in this policy.
Signed By (Name) ______________________________________________________