Mustard Therapy & Coaching ‘Privacy Policy’
GDPR stands for General Data Protection Regulation and replaces the previous Data Protection. It came into effect on 25th May 2018.
GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individuals data is not processed without their knowledge and are only processed with their ‘explicit’ consent. GDPR covers personal data relating to individuals. Mustard Therapy & Coaching is committed to protecting the rights and freedoms of individuals with respect to the processing of clients’ personal data.
The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
GDPR includes 7 rights for individuals
1) The right to be informed
Mustard Therapy & Coaching is a company jointly owned and managed by Sharon Mustard and Stewart Mustard. We are registered UKCP hypno-psychotherapists. As accredited members of the 'UK Council for Psychotherapy', fellows of the ‘National Society of Hypnosis and Psychotherapy’, and the 'Complementary and Natural Healthcare Council', we am required to abide by their Code of Ethics and Practice.
We provide one-to-one hypnotherapy/psychotherapy services for all aspects of emotional and mental health.
The basis on which we keep client data is that of “Legitimate Interests”. This means that the data is necessary for us to fulfil the contract that we have together (ie to provide therapy) and that it is data that you would reasonably expect us to hold and use.
For those who enquire about therapy, the data we hold includes any information you have sent us by email/text/message.
For those who book and attend at least one session, the data we hold includes:
Some of the information that you give us may fall under the definition of special category of data as defined by the General Data Protection Regulation. The condition for processing this special data is (précised from the Act) “processing is necessary for medical diagnosis, the provision of health care or treatment pursuant to contract with a health professional”.
Data is not shared with anyone, except possibly your GP, and for any reasons covered by the Requirements for Disclosure which are detailed and discussed when we first meet.
The data is primarily used to enable us to provide therapy for you. It may also be used scientific research purposes and statistical purposes.
Mustard Therapy & Coaching use an accountant, who will have access only to names attached for payments and the purposes of payments. His name is Andrew Jenvey, AIMS Accountants for Business, 8 Belbins Business Park, Cupernham Lane, Romsey SO51 7JF
Mustard Therapy & Coaching uses Cookies on its website to collect data for Google Analytics, this data is anonymous. Cookies are small pieces of information that are stored by your browser on your device's hard-drive. They are used to distinguish individual users, and help us improve our website.Analytics and search engines providers that assist us in the improvement and optimisation of our site may collect data about your IP and computer set up. To read more please take a look at our Cookies Policy.
2) The right of access
Sharon Mustard, Mustard Therapy & Coaching, Office 5 Enterprise House, Boathouse Meadow Business Park, Cherry Orchard Lane, Salisbury, Wiltshire, SP2 7LD is the named data controller for Mustard Therapy & Coaching.
At any point an individual can make a request relating to their data and Mustard Therapy & Coaching will need to provide a response (within 1 month).
3) The right to erasure
You have the right to request the deletion of your data where there is no compelling reason for its continued use. However Mustard Therapy & Coaching has a legal duty to keep individual details for a reasonable time*, Mustard Therapy & Coaching obtain these records for 7 years after using our therapy services. This data is archived electronically and in paper form securely onsite and shredded after the legal retention period.
4) The right to restrict processing
Clients can object to Mustard Therapy & Coaching processing their data. This means that records can be stored but must not be used in any way, for statistical reports or for research.
5) The right to data portability
Mustard Therapy & Coaching requires data to be transferred from one IT system to another; from Mustard Therapy & Coaching to our accountant only to enable them keep a record of income. These recipients use secure file transfer systems and have their own policies and procedures in place in relation to GDPR.
6) The right to object
Individuals can object to their data being used for certain activities like marketing or research. Mustard Therapy & Coaching will only use your details with your permission as part of a secure mailing list to email you details of future Mustard Therapy & Coaching courses that may be of interest to you prior to your due date. These details will never be used for any other form of marketing nor be given to another organisation for marketing their own products and services.
7) The right not to be subject to automated decision-making including profiling.
Automated decisions and profiling are used for marketing based organisations. Mustard Therapy & Coaching does not use personal data for such purposes.
Storage and use of personal information
All paper copies of individual training records are kept in a locked filing cabinet in Mustard Therapy & Coaching offices (accessed only by Sharon Mustard and Stewart Mustard). All information is confidential and these records remain on site at all times, including for archiving. These records are shredded after the retention period.
Mustard Therapy & Coaching collects personal data every year including; names, telephone numbers and email addresses of those on the waiting list for therapy sessions.
Mustard Therapy & Coaching does notstore personal data on the website or on Mustard Therapy & Coaching’s social media sites.
Data of names, email addresses, telephone numbers is also held electronically on a computer hard drive and on a cloud storage system. Access to all office computers, cloud accounts and to websites is password protected.
GDPR means that Mustard Therapy & Coaching must;
* Manage and process personal data properly
* Protect the individual’s rights to privacy
* Provide an individual with access to all personal information held on them
If there is any breach of data security, Mustard Therapy & Coaching will give full details to the Information Commissioners Office and any person affected within 72 hours of the breach and do all possible to minimise any potential impact.
This Policy was adapted at Mustard Therapy & Coaching on 25th April 2018