Your privacy is important to me.
Your continued use of my website will be regarded as acceptance of my practices around privacy and personal information and that you are agreeing to be bound by my terms and conditions, all applicable laws and regulations, and agree that you are responsible for compliance with any applicable local laws. For the purposes of the General Data Protection Regulations (GDPR) May 2018, the data controller is Sarah Webb. I am registered with the ICO: #ZA543291.
1. Right to be informed: I am required to inform you how this website, stores and disposes of your data in the form of written documents, client notes, emails, contact forms, cloud-based client data storage, text messages, voicemails, website visits and appointment updates through text or email. Data, collected with your knowledge and consent, is collected solely to provide an appropriate service. Personal information provided by you is for referral and commencement of the service only. Emails are processed by Microsoft and hence subject to their privacy policies. I recommend that no sensitive information be shared via email.
Your personal information will be used only to provide you with my services and to give you information relating to my services. I will not share your personal details with any other person or organisation without your knowledge and permission, except where required by law.
If there is a safeguarding issue, or a perceived risk of harm to self or others, personal information may be shared with relevant third parties.
Personal data or personal information means any information about an individual from which that person can be identified, such as your name and contact details. It does not include data where the identity has been removed (anonymous data). Basic written contact details such as Name, Age, Address, GP information will be stored securely. Written notes will be coded with your initial and date of first session. (e.g LC2104) and kept separate to your contact details. Written notes will be kept secure for 5 years after your last therapy session in line with my insurance policy. After such time they will be shredded. Emails, texts, voicemails will be kept for up to 7 days after your sessions have ended, after which time I will delete them.
All electronic devices which hold personal data are password protected and stored securely with reasonable measures to prevent loss and theft, as well as unauthorised access, disclosure, copying, use or modification. Please note I may retain your personal data for a longer period than set out above in the event of a complaint or dispute.
If you have any questions about how I handle user data and personal information, please feel free to contact me via the ‘contact’ section of my website. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (). I would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact me in the first instance.
2. How your data will be used: I will only use your personal data when the law allows me to. Most commonly, I will use your data in the following circumstances:
Where I need to perform the contract we are about to enter into or I have entered into with you.
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; or
Where we need to comply with a legal obligation.
Your data will be used, for example, to register you as a new client and in the course of performance of my contract with you.
I will only use your personal data for the purposes of which I collected it, unless I reasonably consider that I need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact me.
If I need to use your personal data for an unrelated purpose, I will notify you and I will explain the legal basis which allows me to do so.
Please note I may process your personal data without your knowledge or consent in compliance with the above rules, where this is required or permitted by law.
3. Right to access: You have the right to request a copy of the information held on you. I may need to request specific information from you to help me confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
4. Right to rectification: You have the right to correct any inaccurate or incomplete data.
5. Right to be forgotten: In certain circumstances, you can ask for the data I hold on you to be erased from my records, unless I have a legal obligation to retain the information.
6. Right of portability: You can request that I transfer any data I hold on you to another company.
7. Right to restrict processing: You can request that I limit the way I use your personal data.
8. Right to object: You have the right to challenge certain types of processing, such as direct marketing.
9. Right related to automated decision-making including profiling: You are free to request a review of automated processing if you believe the rules aren’t being followed.
I reserve the right to update this document and terms and conditions at any time without prior notice.
Should you choose to engage my services, I will ask you to sign a copy of this Privacy Statement to confirm you have read and understood this statement and that you consent to your personal information being collected, stored and used in this way.
This policy is effective as of 13 December 2020.