What is GDPR?
‘GDPR’ stands for the General Data Protection Regulation. It is an European Union (EU) data privacy law that has been in force since 25 May 2018. Although this law was passed by the EU, it also applies to organizations anywhere in the world so long as that organization targets or collects data related to people residing in the EU.
One of the key objectives of the GDPR is to protect the fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.
Some Key Definitions of the GDPR
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
To view the full GDPR resolution including all of its definitions, you can visit this page: https://gdpr.eu/tag/gdpr/
Do note that the full GDPR resolution has 11 Chapters, 99 Articles and 173 Recitals, so the information provided on this page is an ‘in a nutshell’ summary. The purpose of which is to provide you with an essence of what the resolution entails and how CoachVantage has aligned with the GDPR.
How the GDPR Applies to You, Your Clients and to CoachVantage
Let’s examine how the GDPR applies in the context of you functioning as a coach, to your coaching clients and to CoachVantage.
If you’re a coach located in the EU or if your clients are located in the EU (even though you may not be located in the EU), the GDPR applies to you.
Your clients are the ‘data subjects’.
If you collect personal data from your clients, you are the ‘data controller’.
If you use CoachVantage and provide your clients’ personal data to us, we are the ‘data processor’.
When you as a coach sign up to the CoachVantage SaaS application, you are our client (data subject), and CoachVantage is the ‘data controller’. The sub-processors we use to provide our service (such as our cloud hosting provider) are the ‘data processors’.
The following personal data is protected by the GDPR:
- Basic identity information such as name, address and ID numbers;
- Web data such as location or movements, IP address, cookie data and RFID tags;
- Health and genetic data;
- Biometric data;
- Racial or ethnic data;
- Political opinions;
- Sexual orientation;
- Data on person’s performance at work;
- Economic information;
- Personal preferences and interests;
- Other personal metrics such as reliability, behaviour patterns, etc.
The privacy rights of a data subject are:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
GDPR Best Practices with CoachVantage for Your Coaching Business
Replace your insecure paper client records and coaching notes
Paper client records, coaching notes and coaching logs can be easily opened by anyone in your office if they are left on your desk without proper security.
Coaches use CoachVantage to ensure that their session notes, client information and coaching logs are kept securely electronically, accessible only from their accounts with complex log-in credentials.
Manage your client information with ease
CoachVantage allows you to ‘archive’ your client Information at a click. You’ll also be able to export your client information easily, or update their information so that it’s always accurate and up to date.
If you give your clients access to a CoachVantage client account portal, they will be able to access and update their personal information.
Secure data processing
CoachVantage processes data on your behalf and uses sub-processors that are GDPR compliant.
Your legal requirements are covered
We have comprehensive Terms of Service, Privacy Policy and an EU Data Protection Addendum (DPA) that you can enter into with us. Links to these legal documents are found at the bottom of this page.
How CoachVantage is Aligned with the GDPR
To ensure that you fulfil your GDPR obligations and remain compliant as a data controller, one of the requirements is that you sign a Data Processing Addendum (DPA) with your third party processors, i.e. CoachVantage, who is processing data on your behalf.
You can access and download our DPA here.
Likewise, as a data controller, CoachVantage must do the same with its sub-processors, and make these sub-processors known to you.
You can view our sub-processors here.
We’ve also implemented appropriate technical and organizational security measures that are an ongoing facet of our GDPR compliance.
You can read more about these security measures on our Security page.
In addition, we’ve made it easy to see all the relevant legal documents here: