The European Union General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). This article describes Drag’s GDPR compliance status.
If your company needs to ensure it is GDPR-compliant, it also needs to ensure its providers (e.g. Innovation Performance Technologies Ltd T/A Roger Gracie Bristol and Roger Gracie West Bristol) are also GDPR compliant. We are GDPR-ready, and strictly enforces the regulation as to protect users’ data we handle. The list of the users’ information we collect, as well as how we use, protect and share them is disclosed in our privacy policy, that can be accessed here.
We are committed to protecting our customers’ data and have developed processes, technologies and policies that enhance our data security. Find below 11 key points and how Innovation Performance Technologies Ltd T/A Roger Gracie Bristol and Roger Gracie West Bristol handle compliance with GDPR in each one of them.
1. Awareness of GDPR
All employees responsible for managing the club are fully aware of the GDPR requirements.
2. Information we hold
We only collect data that users share with us and we do this to improve services we offer our users. This includes 3 kinds of data:
Personal Data.
We only collect Personal Data from two sources:
– During sign up of a trial or paid membership or;
– Information users submit when visiting our website or using our services (e.g. email addresses).
General Information.
We use third party services such as Google Analytics that collect, monitor and analyze some types of information in order to increase our Service’s functionality, including your computer’s Internet Protocol (“IP”) address, browser type, browser version or specific pages accessed during your visits to our website.
Referrals information.
If you chose to tell a friend about Roger Gracie Bristol, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting him/her to visit the Site or use the Services. Roger Gracie Bristol stores this information for the purpose of sending this one-time email and tracking the success of our referral program. Your friend may submit a request at graciebarrawestbury@gmail.com to request that we remove this information from our database.
More details on the data we hold can be found at our Privacy Policy.
3. Communication on Privacy Policy
Our Privacy Policy and Terms are clearly communicated to users and customers in our Privacy Policy and terms.
We also notify all of our users by email every time that there are updates on our Privacy Policy to meet GDPR requirements and also keep an up-to-date version of our Privacy Policy permanently on our website.
4. Individuals’ rights
Your customers rights regarding to GDPR are considered and enforced, including:
– Right to be informed: we clearly inform our users about the use that will be made of their data.
– Right of access: our users can access all their data, without restriction, from our apps.
– Right of rectification: it’s as simple as contacting us, we’ll process all your rectification queries.
– Right of erasure: it’s as simple as contacting us, we’ll process all your erasure queries.
– Right to data portability: our users may contact us anytime if they wish to get an export of their data.
– Right not to be subject to automated decision-making including profiling: we don’t do that, and never will.
5. Subject access request
We reply to all access requests and offer this free of charge for our free and paid users.
6. Consent
Consent is provided by our users explicitly when signing up via a paid membership or by using our website.
7. Data breaches
If we become aware of any accidental, unauthorised or unlawful destruction, loss, alteration, or disclosure of, or access to the Personal Data that is processed by us in the course of providing our Services, we commit to, without undue delay, notify the concerned users and provide them as soon as possible with a description of the incident, investigate the incident to reasonably prevent or mitigate the effects of the incident and provide periodic updates to information about the Incident to concerned users.
8. Data Protection Officers
Drag designated a Data Protection Officer, as required by GDPR:
Name: Luke Chamberlain
Role: Head Coach
Email: graciebarrawestbury@gmail.com
Location: Bristol, UK.
9. Consent GDPR on data processor providers
All data processor providers have been checked to be all GDPR-compliant.
List of Drag’s data processor providers:
Data Processor | Country | Purpose | GDPR-compliant |
USA | Cloud Infrastructure, Logging, Analytics | Yes | |
Crisp IM | France | Helpdesk & Support | Yes |
Stripe | USA | Payment Gateway | Yes |
Sendgrid | USA | Email Delivery Service | Yes |
ActiveCampaign | USA | Email Delivery Service | Yes |
Contact Us
If you have any questions about how we handle GDPR, please contact us at graciebarrawestbury@gmail.com.