I understand that your personal data is entrusted to me and appreciate the importance of protecting your privacy. I comply fully with UK-GDPR (United Kingdom General Data Protection Regulation).
For the purpose of Data Protection Laws, the Data Controller is Rebecca McHale, Trading as Clear Journeys, at: 3B The Mall, Park Street, St Albans, Herts, AL2 2HT.
What I Do:
I provide psychology services to clients, including the following modalities: Developmental Psychology, Emotional Freedom Technique, Clinical Hypnosis, Mindfulness and Life Coaching.
What personal data may I collect from you?
By the term ‘personal data’ in this policy, I refer to information that can or has the potential to identify you as an individual. Accordingly, I may hold and use personal data about you as a client or in any other capacity, for example, when you visit my websites, complete a form, access our services or speak to me. If you book an Initial Consultation with me, or engage in 1-1 or group sessions, this may include sensitive personal data such as information relating to your physical and mental health.
Personal data I collect from you may include the following:
Where you use any of my websites, I may automatically collect personal data about you including:
When do I collect personal data about you?
I may collect personal data about you if you:
What personal data I may receive from third parties and other sources?
I may collect personal data about you from third parties such as:
How do I use your personal data?
I act as a data controller in regard to the processing of your personal data in order to provide direct psychology services. I also act as a controller and processor in regard to the processing of your data from third parties, such as a referral. Additionally, I act as a data controller and processor in regard to the processing of payments.
I undertake to ensure that personal data will be kept confidential and secure and will, unless you agree otherwise, only be used for the purpose(s) for which it was collected and in accordance with both UK-GDPR law and also regulatory guidance pertaining to clinical data retention, erasure and clinical confidentiality.
Sensitive personal data related to you will only be disclosed in accordance with UK-GDPR laws and the guidance of professional bodies. I may use your personal data where there is an overriding public interest in using the information e.g. in order to safeguard an individual, or to prevent a serious crime, or where there is a legal requirement such as a formal court order.
Further details on how I use personal data are given below. Please note that, although I have set out the purposes for which I may use your personal data below, I will not use your sensitive personal data for those purposes unless you have given us your explicit consent to do so.
I may use your personal data to:
The security of your personal data
I protect all personal data I hold about you by ensuring that I have appropriate organisational and technical security measures in place to prevent unauthorised access or unlawful processing of personal data and to prevent personal data being lost, destroyed or damaged. I conduct assessments to ensure the ongoing security of my information systems.
Any personal data you provide will be held for as long as is necessary in accordance with all applicable UK GDPR laws.
The transmission of information via the internet cannot be guaranteed as completely secure. However, I ensure that any information transferred to my websites is via an encrypted connection. Once I have received your information, I will use strict procedures and security features for prevention of unauthorised access.
At your request, I may occasionally transfer personal information to you via email, or you may choose to transfer information to me via email. Email is not a secure method of information transmission; if you choose to send or receive such information via email, you do so at your own risk.
Disclosure of your personal data
In the usual course of my business I may disclose your personal data (to the extent necessary) to certain third party organisations that we use to support the delivery of my services. This may include the following:
I will seek your express consent to share your information with your GP or other healthcare providers. You can ask me not to do this, in which case I will respect that request if I am legally permitted to do so, but you should be aware that it can be potentially very dangerous and/or detrimental to your health to deny your GP full information about your history.
In all cases, where I believe that your life is in danger then I may pass your information onto an appropriate authority (such as the police, social services in the case of a child or vulnerable adult, or GP in case of self-harm) using the legal basis of vital interests
Where a third party data processor is used, I ensure that they operate under contractual restrictions with regard to confidentiality and security, in addition to their obligations under Data Protection Laws.
I will never disclose your personal data to third parties other than where we are required by law to do so.
Information collected during provision of services or services
Information I Collect and How I Use It
I collect certain information from and about its users three ways: directly from our Web Server logs, the user, and with Cookies. When you visit my websites, I may track information to administer the site and analyse its usage for the purpose of serving visitors and clients better.
I will not disclose personally identifiable information I collect from you to third parties without your permission except to the extent necessary including:
Third Party Websites
Related services and offerings with links from this website, including all other websites, have their own privacy statements that can be viewed by clicking on the corresponding links within each respective website. I am not responsible for the privacy practices or contents of third-party or client websites. I recommend and encourage that you always review the privacy policies of merchants and other third parties before you provide any personal information or complete any transaction with such parties.
If you no longer wish to receive web based marketing information you can unsubscribe by emailing email@example.com
Accessing and updating your information
Under UK GDPR law, subject to some exemptions, you may request access a copy of the personal data that I hold about you via a Subject Access Request (SAR). I will comply with the information request, as UK-GDPR requires, within one month from the day that I receive the SAR. I am within my rights, under UK-GDPR guidance, to extend this response period to 2 months where the information request is complex or where I have received a number of requests from the same individual simultaneously. I may ask for further clarification about the information that you require, in which case the one month response period will begin once I have received the necessary clarification.
You have the right, subject to exemptions, to ask to:
Information or Complaints:
If you want to exercise your rights in respect of your personal data, the best way to do so is to contact me by email on firstname.lastname@example.org, or to write to me for the attention of the data protection officer at the address below. In order to protect your privacy, I may ask you to prove your identity before I take any steps in response to such a request.
Data Protection Officer, Clear Journeys, 3B The Mall, Park Street, St Albans, Herts, AL2 2HT.
If you are not satisfied with how I handle your request, you can contact the Information Commissioner’s Office on 0303 123 1113 or visit their website (http://www.ico.org.uk).