Who we are
www.mindbydesign.co.uk
Our website address is: https://box5156/cgi/addon_GT.cgi?s=GT::WP::Install::EIG+%28lmfhnlmy%29+-+10.24.48.80+[WordPress%3b+/var/hp/common/lib/WordPress.pm%3b+294%3b+Hosting::gap_call].
Privacy Statement
What personal data we collect and why we collect it
The basis on which I keep client data is that of “Legitimate Interests”. This means that the data is necessary for me to fulfil the contract that we have together (ie to provide therapy) and that it is data that you would reasonably expect me to hold and use.
Your Personal Information:
1. Basic information such as name, email address, phone number
2. Information that you give me as part of the work we do together
Additional Information:
1. Records of what interventions that I use (or potentially do not use) in our sessions
2. Emails, texts and/or messages that are sent between us
3. Information sent from any third party, eg GP, insurance company,
4. Audio recordings of sessions (if and when deemed appropriate)
5. Some of the information that you give me may fall under the definition of special category of data as defined by the General Data Protection Regulation. The condition for processing this special data is “processing is necessary for medical diagnosis, the provision of health care or treatment pursuant to contract with a health professional”. However, data on any criminal offences (including allegations, proceedings and convictions) is even more tightly controlled and so I need your specific consent in order to hold any such information.
Comments:
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
Visitor comments may be checked through an automated spam detection service.
Contact forms:
Information to be confirmed.
Cookies:
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites:
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics:
Information to be confirmed.
Details of where data is held:
1. Any emails sent between us are held on my website hosting server, Bluehost who uphold the privacy laws stated in the GDPR and is password protected. Broadband is supplied to Mind by Design through Vodafone enabling syncing of email between devices. Vodafone maintain GDPR compliance.
2. Any texts via the business phone number and messenger sent between us are held on O2’s server.
3. Your notes are held in a locked safe at the home address of the director of Mind by Design.
4. Any session recordings are stored in Apple Music, labelled with coded information so as not to be identified and kept on a password protected iMac.
How Long the Information Is Kept:
Your data is kept for 7 years. The length of time is based on my liability insurance provider policy. After this time any paper records are shredded and computer records permanently deleted.
How we protect your data:
Mind by Design takes the security of data seriously and as such:
1. Emails on Bluehost webmail are password protected.
2.Texts are password or fingerprint protected.
3. Client notes are kept in a safe for 7 years.
4. Session recordings are secure on a password protected iMac and have encoded labels.
5. References of BACS payments are requested in an encoded format for anonymity.
What data breach procedures we have in place:
If there is any breach of data security Mind by Design will give full details to the Information Commissioners Office and any person affected within 72 hours of the breach and do all possible to minimise any potential impact.
What rights you have over your data:
1.The right of access. I will provide you with all data I hold on you as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness).
2.The right to rectification. If any data I hold is incorrect, just let me know and I will correct it as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness).
3. The right to erasure. If you wish me to erase your data just let me know and I will delete any computer records and shred any paper records as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness). NB: data may be retained for scientific research, historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing but this would never include case notes or data such as address/email/phone
4. The right to restrict processing. This would usually be a stop-gap measure before correction of any errors or before erasure
5. The right to data portability. This might apply if you want your notes sent to another therapist for example, but it is likely that the easiest solution would come under the right to access, ie I would send the data to you.
6. The right to object to:
A. processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling). Mind by Design does not engage in these things.
B. direct marketing. Emails sent to you offering therapy information and/or therapy session discounts.
C. processing for purposes of scientific/historical research and statistics. For this, you must provide grounds for your objection.
D. automated decision making and profiling. Mind by Design does not engage in automated decision making or profiling.
Who we share your data with:
1. In exceptional circumstances, I may be required to provide legal or regulatory authorities with your personal data in order to comply with legal requirements or regulations. Whilst I will be required to comply with any such request, I will use reasonable endeavours (if allowed by law) to ensure that you are first informed about this.
2. Personal data that I hold about you will not be distributed or processed outside of England and Wales.
3. If you have any doubts or concerns over the way that I hold or process your personal data you have the right to complain to the ICO, I would however hope that you would contact me first with any complaint, and I will use my best endeavours to address this promptly.
4. This disclosure statement and any non-contractual obligations arising out of or in connection with this disclosure statement will be governed by the law of England and Wales. You and I both consent to submit to the exclusive jurisdiction of the courts of England and Wales. 5. Data is not shared with anyone, except possibly your GP (details collected in the client contract). However, if you were to make a complaint about me to my professional body, I would be entitled to share your notes with any investigation procedures.