This notice explains when, how and why I collect, use and store your personal data. This privacy notice also includes an explanation of your rights with regard to the processing of your personal data.
The data controller for Mind for Wellbeing is Michelle Audouard, telephone 01525 591011, email firstname.lastname@example.org
I reserve the right to amend this privacy notice from time to time without prior notice. I will not contact individuals or organisations to advise of any changes so please check this notice regularly for any amendments. This privacy notice was last updated 16th April 2019.
What type of data I collect
I currently collect and process the following information:
• Your identity: Your first name/s and last name/s
• Your contact details: Address, telephone, email address
• Emergency contact details: Next of Kin or GP
• Special category data: Sensitive information, such as health details, which is usually obtained directly from the client either verbally or in written form
How and why I obtain and process your data
Most of the personal information I process is provided directly by you. This includes the data you provide when:
• You apply for any of my services, including private sessions, workshops, courses, programmes and events
• You subscribe to my newsletter
• You provide a testimonial
• You request marketing correspondence to be sent to you
• You make an enquiry
I may also receive your personal information indirectly, for example, from a co-trainer with whom I am running a joint event which you are attending.
Under the General Data Protection Regulation (GDPR), the lawful bases I rely on for processing this information is:
a. Your consent. You are able to remove your consent at any time. You can do this by emailing email@example.com
b. I have a contractual obligation.
c. I have a legal obligation.
d. I have a vital interest.
e. I need it to perform a public task.
f. I have a legitimate interest.
How I use your data
I may use your personal information for any of the following reasons:
• Your name and contact details: To respond to your enquiry, to register you as a new private client, to register you as a workshop/course/programme/event attendee, to take steps to enter into a contract with you or to manage a contract with you
• Your emergency contact details: So that I may contact a relevant person in the event of accident, incident, injury or illness
• Your GP details: So that I may contact your GP in the event of serious concerns for the well-being of yourself or others
• Special category data: To perform a contract/s with you as a provider of wellbeing services, in compliance with GDPR Articles 6 and 9
• Technical data: To administer my site and allow you to interact with my site; for troubleshooting purposes, statistical analysis and to enable me to understand how you use my website in order to make improvements where necessary; to understand my business development and marketing needs.
Any personal information you may provide to me will not normally be shared with any third parties without your prior consent, except where:
• required to share by law
• there is a risk to your own safety or the safety of others, in which case I may contact your GP or other relevant authorities
• a named third party is involved with me in the provision of services to you, for example, a co-trainer at an event or workshop
I receive regular supervision and may discuss anonymised session notes or conversations with my supervisor for the purpose of good practice and in support of the therapeutic process and service excellence.
Please note, your personal data may be processed without your knowledge or consent where required or permitted by law.
Storage of personal data
The security of your personal information is of the utmost importance. I use appropriate procedures and security features to process and protect your personal data. All your data is held within the EU or in the USA under the auspices of the EU-US Privacy Shield.
I presently use Mailchimp to manage my email newsletter. Mailchimp is based in the USA and is EU-U.S Privacy Shield compliant. When you subscribe to my email newsletter, the personal data you submit is automatically stored in Mailchimp’s database and will remain there for as long as I continue to use Mailchimp or until you specifically request removal from the list via the ‘unsubscribe’ button at the bottom of the newsletter, or by emailing firstname.lastname@example.org to request removal.
Retention of personal data
I retain your personal data only for as long as necessary to provide you with contracted services, or when required for legal, tax, insurance or reporting purposes.
For those for whom I have not yet provided a contracted service, the retention period for storage of your personal data is normally 6 months after it was last processed. This retention period may be longer if required for legal, tax, insurance or reporting purposes.
For those for whom I have provided a contracted service, the retention period for storage of your personal data is a minimum of 7 years after it was last processed, and may be longer in order to comply with legal, tax, insurance or reporting purposes.
At the end of the retention period, all data is securely destroyed.
Third party links
My website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. I do not have any control over third-party websites, plug-ins or applications and they are not governed by this privacy notice. I therefore cannot be responsible for the protection of your personal information when you visit or interact with them. I encourage you to exercise caution and read third party privacy notices.
Under data protection law, you have rights including:
Your right of access: You have the right to ask me for copies of your personal information.
Your right to rectification: You have the right to ask me to rectify information you think is inaccurate. You also have the right to ask me to complete information you think is inaccurate.
Your right to erasure: You have the right to ask me to erase your personal information in certain circumstances.
Your right to restriction of processing: You have the right to ask me to restrict the processing of your information in certain circumstances.
Your right to object to processing: You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability: You have the right to ask that I transfer the information you gave to me to another organisation, or to you, in certain circumstances
You are not required to pay any charge for exercising your rights. If you make a request, I have one month to respond to you. Please email email@example.com if you wish to make a request. For your security, I will request evidence of your identify in order to proceed with your request.
At any time you have the right to take any complaints about how I process your personal information to the Information Commissioners Office (ICO), the authority responsible for data protection issues in the UK. However, before you approach the ICO I would appreciate the opportunity to try to resolve your concerns first. The ICO’s contact details are: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, telephone helpline number 0303 123 1113.