Personal data or information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed.
For general website traffic, we may collect the following information:
For our Consultancy and Professional Business services we may hold many types of data about you, including:
There are “special categories” of more sensitive personal data which require a higher level of protection, such as information about a person’s health or sexual orientation. We do not hold any of this information. This would include details of your:
Special categories of data must be processed in accordance with more stringent guidelines and the following will apply:
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public. As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.
We require this information to understand your needs and provide you with a better service.
We collect data about you in a variety of ways and this will usually start when you make an enquiry to the Company and continue when you attend your first and subsequent meetings. The Company keeps electronic records used via emails and smart phone communications. Personal data, paper consent forms and contractual records are stored in a locked, secure records room. Access to this room is secure and is accessible only to Company Managing Director.
The law on data protection allows us to process your data for certain reasons only, these are classified as legitimate interests. Most commonly, we will use your personal information in the following circumstances:
We may use your personal information in these rare situations:
One of the reasons for processing your data is to allow us to carry out our duties in line with your contract with us. If you do not provide us with the data needed to do this, we will be unable to perform that care to ensure your best interests are being maintained.
We will only use your personal information for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
No decision will be made about you solely on the basis of automated decision making (where a decision is taken about you using an electronic system without human involvement) which has a significant impact on you.
Your data will be shared with colleagues within the Company but only where it is necessary for them to undertake their duties. This includes, for example, employees and other consultants working for, or on behalf of the Company in the future.
In line with data protection principles, we only keep your data for as long as we need it for. To determine any appropriate retention period for personal data beyond eight years we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.
Once we no longer have a lawful use for retaining your information, we will dispose of it in a secure manner that maintains data security. In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. YOUR DUTY TO INFORM US OF CHANGES It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your time as a patient with us. YOUR RIGHTS IN RELATION TO YOUR DATA The law on data protection gives you certain rights in relation to the data we hold on you.
The Company Managing Director is the company data controller, meaning that he determines the processes to be used when using your personal data.
His contact details are shown on the contact page of our website.
In relation to your personal data, we will comply with data protection law. This says that the personal information we hold about you must be:
We have put in place measures to protect the security of your information against accidental loss or disclosure, alteration, unauthorised access, destruction or abuse. We have implemented processes to guard against such. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Data Security Measures include:
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
We use a standard Joomla/Google Analytics services to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. Joomla requires visitors that want to post a comment to enter a name and email address.
For more information about how Joomla or Google processes data, please see their privacy notice.
We may also share your data with third parties as part of a business sale or restructure, or for other reasons to comply with a legal obligation upon us. We would always keep you informed of these situations.
We may use a third party provider, such as Mailchimp, to deliver our e-newsletters. We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter. For more information, please see Mailchimp’s privacy notice.
You may choose to restrict the collection or use of your personal information in the following ways:
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee for a second or subsequent copy of information or if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Where you have provided consent to the collection, processing and transfer of your data, you have the right to withdraw that consent at any time.
There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate legal reason for doing so. To withdraw consent, contact the Company Managing Director
If you have any questions about this Privacy Notice or how we handle your information, please contact the Company Managing Director.
You have the right to make a complaint at any time to the supervisory authority in the UK for data protection matters, the Information Commissioner’s Office (ICO).