At Hope Therapy we are committed to protecting and respecting the privacy of all our customers.
This policy has been prepared to take account of the changes under General Data Protection Regulations (GDPR). We may change this policy from time to time to take account of:
- changes to Data Protection Laws and other laws which may affect this policy;
- guidance issued by the ICO and others;
- issues raised by our Customers
This policy is effective from 25 May 2018.
In this policy the following words have the following meanings:
- Act means the Data Protection Act 1988.
- Customer includes customers, or potential customers, who have entered into a contract with us for the provision of Counselling, CBT or related Services at any time in the past or future.
- Data Protection Laws means the Act, GDPR, the Regulation of Investigatory Powers Act 2000, the Electronic - - Communications Data Protection Directive (2002/58/EC), the Privacy and Electronic Communications (EC Directive)
- Regulations 2003 (SI 2426/2003) and all applicable laws and regulations relating to the processing of personal data and privacy, including where applicable the guidance and codes of practice issued by the ICO or any other supervisory authority, and the equivalent of any of the foregoing in any relevant jurisdiction.
Data Controller, Data Processor, Data Subject and Personal Data all have the meaning given to them in the Act and GDPR.
- ICO means the United Kingdom Information Commissioner’s Office and any successor to it as data protection authority.
- Us, Our, We means Hope Therapy
- You, Your, or Customer means your organisation and its Staff or you as a natural person
- Staff means your and our employees, workers, agents and sub-contractors
- The Company (Hope Therapy) – as Data Controller
Where you are a Customer of Hope Therapy, we will be the Data Controller in respect of certain Personal Data which you and your Staff may supply to us or which we collect from you which relates to you (Data subject).
As Data Controller, we determine the purposes for which and the manner in which your Personal Data is, or is to be, processed. In this policy we describe the types of processing we may undertake with respect to your Personal Data.
The Kind of Information we hold
The Partnership will collect and process the following personal information you provide to us;
Personal Customer Data (customers):
Email address: and other information necessary for the operation of our Services.
This data may be supplied by you when you: Apply to use our Services; Correspond with us by phone, e-mail or otherwise; Report a problem with our Services
Personal Enquiry Data (those applying to use our services):
This is information you give to us and may include:
email address; and any other information you may supply or volunteer.
This data may be supplied by you when you: submit an enquiry to us regarding our products and/or Services whether by telephone, email, or other channel; subscribe for any newsletter or publication we may supply. This data may be processed by us for the purposes of: responding to your enquiry; marketing, offering and selling our products and services to you; or sending you publications you have requested; enabling and monitoring your use of our services.
How we will use information
The Partnership will use personal information in the following ways:
Customer Personal Data:
If you fail to provide personal information
If you, the Customer, fail to provide certain information when requested, the Company may not be able to perform the services and or any contract we have entered into with you. In which case the contract will become void.
Change of purpose
The Company will only use personal information for the purposes for which we collected it.
Please note that we may process your personal information without your knowledge or consent where this is required or permitted by law.
Disclosure of your information
You agree that the Company has the right to share Customer Personal Data with:
Selected third parties including: business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you (including third party IT providers, hosting and back-up service providers); and third party service providers who assist us with our activities, such as hosting providers, and other IT or payment service providers, may also have access to personal information held by us and may use this information on our behalf if the Company or its assets are acquired by a third party.
Other third parties: if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the Terms of Service; or to protect the rights, property, or safety of the Company, our customers, or others. This includes exchanging information with other organisations for the purposes of fraud protection and credit risk reduction; to assist us in improving our products and services. We may monitor aggregated data that is collected by our service and may share this with third parties collectively and in an anonymous way. This data will not reveal personal information.
We will not sell, rent or share Customer Data, or Usage Data with third parties in other ways without your consent unless we are entitled by law to do so;
Where the Partnership will store personal data
We may hold personal information in electronic databases, such as our customer relationship management system. We take all reasonable steps to keep any personal information we hold about you secure.
We restrict access to personal information to our who require that information in order to operate and develop the services.
All information which is provided to, or collected by, the Company is: stored on the Companies secure servers within the European Union (EU) or facilities which are subject to the EU-U.S. and Swiss-U.S. Privacy Shield.
Unfortunately, the transmission of information via the internet is not completely secure. Although the Company will do its best to protect your personal data, the Company cannot guarantee the security of your personal data transmitted via the internet; any transmission to the Company is at your risk. Once the Company has received your information, the Company will use strict procedures and security features to try to prevent unauthorised access.
How long the Partnership will store personal data
The Company will retain Customer Personal Data for: such time as this is required in connection with the services we are supplying to you; following completion of the services for a period of 6 years from the date the Services end.
We may retain Customer Personal Data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
The Partnership will retain Enquiry Personal Data for: such time as this is required in connection with the enquiry you have raised; a period of 6 years from the date of your Enquiry.
Your rights as a data subject
If you are a natural person you have the following rights. Please note that this is a summary of your rights. If you wish to understand your rights in more detail you should read the relevant laws, guidance and regulations.
Right of access to your Personal Data
You can ask us to confirm whether or not we process your Personal Data, and where we do, request a copy from us. If your request is sent to the Partnership electronically the Partnership will supply this in a commonly used electronic form, unless you specifically request this in a different format.
We will supply the data free of charge, but we reserve the right to charge a reasonable fee (or refuse to act on the request) if you request additional copies of the information, if access requests are unfounded or excessive.
There are circumstances where we may withhold the supply of your Personal Data – for instance where the rights and freedoms of others may be affected or where we are permitted by law.
Right to request the rectification of your Personal Data
In the event that you think we hold any inaccurate or incomplete Personal Data, you can ask us to correct any inaccurate data or to complete any incomplete data we hold.
Right to request the erasure of your Personal Data (the "right to be forgotten")
The Partnership will not hold any Personal Data for longer than is necessary for the purposes for which it was collected. However, in some circumstances, you may request the erasure of any Personal Data held by the Company.
Right to request the restriction on processing of your Personal Data
In some circumstances, you may request the Company to restrict processing of your Personal Data.
Right to object to the Companies processing of your Personal Data
You may object to the Company’s processing of your Personal Data where: processing is based on public interests or legitimate interests pursued by is or by a third party; or processing is for direct marketing. If you object the Company will stop processing the Personal Data unless the Company: has a compelling legitimate ground for processing the Personal Data ; or needs to process the Personal Data to establish, exercise, or defend legal claims.
Processing for direct marketing will cease immediately.
Right to data portability in respect of your Personal Data.
In limited circumstances, you may have the right to request the Company to: supply your Personal Data in a format so that you may store it for further personal use on a private device; transmit the Personal Data to another data controller; transmit your Personal Data directly to another data controller to another where technically possible.
Right to complain to ICO/supervisory authority
If you believe our processing infringes Data Protection Laws, you have the right to lodge a complaint with a supervisory authority responsible for data protection. You may complain in the EU member state of your residence, place of work or the place of the alleged infringement.
Right to notification of any breach
In the unlikely event of a Personal Data breach which is likely to result in a high risk to your rights, the Company will notify you of the breach without undue delay.
However, if your Personal Data is encrypted or otherwise unintelligible the Company will not be required to notify you of a breach.
Withdrawal of consent
In all cases where the legal basis for our processing of your Personal Data is consent, you have the right to withdraw that consent at any time. Such withdrawal will not affect the lawfulness of any processing before you withdraw consent.