Privacy Notice For Individual, Groups, Education & Organisations
Mindfully Alive: Braehead, Middleton Scriven, Bridgnorth, Shropshire. WV16 6AG
The lawful basis for processing data
The basis on which I keep client data is that of “Legitimate Interests”. This means that the data is necessary for me to fulfil the contract that we have together (i.e. to provide Mindfulness) and that it is data that you would reasonably expect me to hold and use.
For purposes of the applicable Data Protection Laws, Mindfully Alive is the “data controller”. This means that Mindfully Alive determines the purposes for which, and the manner in which, your Data is processed.
For those who enquire about Mindfullness the data I hold includes any information you have sent me
For those clients who book and attend at least one session, the data I hold includes:
· Basic information such as name, email address, phone number
· Information that you give me as part of the work we do together
· Records of what interventions that I use (or potentially do not use) in our sessions
· Emails, texts and/or messages that are sent between us
· Information sent from any third party, e.g. GP, insurance company
. IP address (automatically collected) web browser type and version (automatically collected)
Some of the information that you give me may fall under the definition of special category of data as defined by the General Data Protection Regulation. The condition for processing this special data is (précised from the Act) “processing is necessary for medical diagnosis, the provision of health care or treatment pursuant to contract with a health professional”.
Data is not shared with anyone, except possibly your GP, and for any reasons covered by the Requirements for Disclosure which are detailed and discussed when we first meet.
The data is primarily used to enable me to provide Mindfulness for you. It may also be used for scientific research purposes and statistical purposes.
Data is shared in the following situations:
· If I am required to provide data to a court of law or to your GP
· With my accountant who may see data that you submit when making payment
· With any venues that may require attendee lists for their own regulations
. With CEC (Central England College) if I require advice or guidance on a particular area with my professional advisors
Details of where data is held:
· Any emails sent between us are held on my computer, my tablet and smart phone, in cloudand also on hard drive
· Any texts sent between us are held on my smart phone
· Your notes are held in a locked filing cabinet
Data is kept for 8 years in line with the advice from my insurance company.
Mindfully Alive takes the security of data seriously and as such:
· All data is held securely (including payment systems)
However, we are not in control of any data, including emails which you may send us.
If there is any breach of data security Mindfully Alive will give full details to the Information Commissioners Office and any person affected within 72 hours of the breach and do all possible to minimise any potential impact.
You have rights with regards to the data held:
· The right of access. I will provide you with all data I hold on you as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness).
· The right to rectification. If any data I hold is incorrect, just let me know and I will correct it as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness).
· The right to erasure. If you wish me to erase your data just let me know and I will delete any computer records and shred any paper records as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness). NB: data may be retained for scientific research, historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing but this would never include case notes or data such as address/email/phone.
· The right to restrict processing. This would usually be a stop-gap measure before correction of any errors or before erasure
· The right to data portability. This might apply if you want your notes sent to another therapist for example, but it is likely that the easiest solution would come under the right to access, i.e., I would send the data to you.
· The right to object to:
. processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling). Mindfully Alive does not engage in these things
. direct marketing. I may send emails, texts about courses or offers of interest to you, If you do not wish to receive these , please inform me. You may opt out at any time.
. processing for purposes of scientific/historical research and statistics. For this, you must provide grounds for your objection.
. automated decision making and profiling. Mindfully Alive does not engage in automated decision making or profiling
In exceptional circumstances, I may be required to provide legal or regulatory authorities with your personal data in order to comply with legal requirements or regulations. Whilst I will be required to comply with any such request, I will use reasonable endeavours (if allowed by law) to ensure that you are first informed about this.
Personal data that I hold about you will not be distributed or processed outside of England and Wales.
If you have any doubts or concerns over the way that I hold or process your personal data you have the right to complain to the ICO, I would however hope that you would contact me first with any complaint, and I will use my best endeavours to address this promptly.
- Analyse our web traffic using an analytics package – this website uses Google Analytics to aggregate usage data to help us improve the website structure, design, content and features.
- Recognise you when you return to our website – to remember your preferences when returning to our site so you are not shown the email signup pop-up on return visits if you have previously dismissed this message.
Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us.
However, please note that doing this may affect how our website functions. Some pages and services may become unavailable to you.
We are currently looking at a way that you can decline cookies directly from our website, but this is currently excessively expensive when we only take data for the purposes of analyzing traffic.