General Data Protection Compliance
Who, Where and What
Sportive Cycle Coaching (SCC) is a limited company registered at 2 Pavilion Court, 600 Pavilion Drive, Northampton, NN4 7SL and provides specialist services to cyclists in the form of:
Conversational Coaching
Training Plans
Mobile Bike Fittings
In order to provide these services to you, we inherently rely on your implicit consent as they are always conducted on a 1:1 basis. The GDPR, however, is rightly concerned with how businesses handle, use and protect the personal data that they will acquire from the delivery of services or sale of goods.
GDPR In A Nutshell
Personal data is a complex category of information but it broadly means a piece of information that can be used to identify a living EU citizen*. This can be your name, home address, IP address... you name it, there a lots of ways to identify a person. GDPR differentiates between Personal Data and Sensitive Personal Data, which encompasses genetic data, medical details, your religious and political views, sexual orientation and more.
In GDPR, all organisations must be able to show a clear lawful basis to obtain and process an individual’s personal data.
The personal data that SCC collects is limited but depends on the service that you have asked us to deliver. It will always include your Contact Information (address, email, phone number) and the other personal information that we might need to collect are
Biomedical Metrics (including heart rate, power output, bodily measurements)
Medical History (if you chose to share your history that is relevant to cycling)
Videos (motion capture from bike fittings)
SCC’s lawful basis is for the performance of the contract – i.e. the service – that we have agreed to deliver..
For example, if we do not measure your Biomedical Metrics, then we cannot help improve certain cycling capabilities such as your Functional Threshold Power, which determines how fast you can ride (and for how long!)
Data Security
All personal data from SCC customers is stored on an encrypted hard-drive and copied on a daily basis to an additional encrypted hard drive for backup purposes.
Personal data stored in analytics software such as Training Peaks and Garmin Connect is stored and protected by their own regimes and procedures. Please contact your analytics software provider directly, if you require more details.
Data Retention
We will store your personal data for 1 year after the last day in a training plan has been completed or a bike fitting was performed. If you ask us to do so, then we will remove your data before the end of one year. You can ask us to delete any motion capture videos at the end of the fitting session, if you prefer. SCC recommends against this, however, as such videos are a useful reference point to assess the effectiveness of the fitting procedures.
Data Sharing
We will only ever share your personal Contact Information with one of our partners if you have expressly given us permission to do so.
There are training advantages for your Biomedical Metrics to be stored in approved 3rd party analytics software, including Training Peaks and Garmin Connect. If you already use such software, or plan to do so, then access to that data by SCC will be by your invitation only. SCC cannot be accountable for any loss of data that is managed by 3rd party cloud software providers.
Under no circumstances** will we ever share your Medical History
Data Accuracy
If you believe that any of the data that SCC holds about you is incorrect, you have the right to request that it is rectified. We will begin to amend any errors as soon as we become aware of them.
Data Access
You have the right to ask for copies of any, all, or some of the personal data that we hold about you.
Complaints Procedures
The Independent Commissioner’s Office is the UK government’s department specifically tasked to oversee the implementation of the General Data Protection Regulation. If you wish to make a complaint about the way SCC handles your data then you are entitled to contact them at any time. However, please talk to us first – there may be simple misunderstandings or things that are easy to correct, before you go bringing in the “big guns”!
Confirmation
Please print this page and sign the declaration below to confirm your understanding of our lawful basis to process personal data, as well as the rights that you have under GDPR.
Name: Date:
Signature:
* Brexit does not exonerate us from the need for GDPR compliance – the UK government has committed to the principles of GDPR
** Unless requested by an appropriate law enforcement agency, which we hope will never be the case!