Journal

Cyclefit GDPR Statement of Compliance

Cyclefit GDRP Statement of Compliance

Posted by Philip Cavell

24th May 2018

Jp New

CYCLEFIT GDPR STATEMENT OF COMPLIANCE 

We are fully committed to compliance with the letter and the spirit of the GDPR and other relevant UK data protection law. Where you entrust Cyclefit with personal information, we take our responsibilities as a data processor and trusted custodian very seriously.
 
1. ORGANISATIONAL MEASURES 
 
1.1. We are contractually bound to keep personal information confidential.  The importance of this is regularly reiterated in our company policy and processes. 
 
1.2. We are taking constant advice and training in respect of ensuring that data subject rights are protected and that any breaches are reported without delay.  We will record all breaches, however minor, and near misses and we review this information to help us to continually improve our service. 
 
2. TECHNICAL MEASURES 
 
2.1. By the nature of Cyclefit's work with clients, we do collect data and metrics that is relevant to helping clients function better on their bicycles. Most of this is collected in the interview phase of the Cyclefit session and also in the measuring of a client's existing bike position, and their new position on the jig. Please let us know if you would like these files to be deleted after the session has finished, and you have your copy for your records. 
 
2.2. All systems containing personal information are protected by (at least) strong passwords and protection from brute-force attacks.  Users are not permitted to share login credentials and are obliged to change credentials whenever they suspect another person may have learned them. 
 
2.3. Where appropriate and feasible, additional security measures such as multi-factor authentication, activity alerts and audit logs are also employed.  
 
2.4. All transfers of personal information over the Internet use encryption unless you have specifically asked us to use email (which is not inherently secure). 
 
2.5. We do not not share your information or files with anyone unless directed by you. An example of this may be an onward referral to a medical professional, in which case we would always seek your explicit permission.
 
2.6. We are continually reviewing and improving our technical security measures in line with industry best practices and published guidance from the UK Information Commissioners Office (ICO). 
 
3. PROCESS AND POLICY 
 
3.1. We have carried out a data protection audit and maintain records in accordance with Article 30.  We have adopted a general statement of policy which sets out our company commitment and the responsibilities that we have. 
 
3.2. We are taking advice from a certified practitioner in data protection and cyber security with many years of experience in this field. 
 
3.3. We have carried out due diligence on all suppliers, professional advisers and service providers that we share personal information with.  We are also in the process of checking that all mandatory provisions for data processors are in place and negotiating new agreements or seeking satisfactory assurances where they are not. 
 
3.4. We have reviewed our existing policies and processes with regard to data protection to ensure they comply with the new requirements and we have updated our privacy notice accordingly.  We are also introducing robust processes to deal with data subject requests and breach notifications within the required time frames. 

A Personal Note

Cyclefit is a tiny company with a very personal approach to everything that we do. We get urgent communications daily from clients, from the remotest corners of the planet, who for one reason or another, need their Cyclefit data to very urgently set up their own bike, or maybe a borrowed/rented one. We have never failed to dig into our archives to recover their metrics and get them back on the road. That data is precious to us because it is precious to you. it always gives us a kick when we get it to you in seconds so your fun can resume. Please let us know if you no longer want us to store your Cyclefit metrics and we will destroy your files immediately. In the future we may ask for additional validation and identification to fulfil such requests.

In addition our Cyclefit Newsletters we try and make informative around the subject of cycling performance and biomechanics. Please feel free to unsubscribe at any point if you do not want to receive them anymore. 

Yours
Phil and Jules. 

About the Author

Philip Cavell

Co-founder, bike fitter and bike designer. Phil rides a Seven titanium disc bike. He likes dogs and fine wine. - Cyclefit Store