G D P R Statement for The Emoji Coach.com– 2020
Data Controller: Libby Steggles-Ginn
Sole Trader: The Emoji Coach
Address: 38, Oakwell Oval, Leeds LS8 4AL
Email : firstname.lastname@example.org
Mobile : 07882 333386
Website : www.theemojicoach.com
This document sets out the measures the data controller takes to store, manage and process client information securely. Information will be collected about you the client. See section 4, How long do I keep your notes and Clients notes, health and well-being details? Some of the information I collect is required by law, and by my insurance company some to allow me to provide my business services to you, and some with your consent, for marketing and promotion of the business. I have detailed below how your information will be used.
1. Contact information
Your telephone number, email address, social media or mobile application contact information in certain circumstances (ie, if you have contacted me and I have contacted you) may be stored on an electronic device: mobile phone, laptop or tablet device. These devices are all password protected. I am the only person who knows the passwords to these devices. The responsibility for the effectiveness of the password security lies with the device or service provider. The same applies when your contact details will be stored for the Newsletter and Calendly.
NOTE: Your contact information is the only information I hold about you on any electronic device.
- Foremostly, your contact details are held for Health & Safety reasons, so that we have a means of contacting you to supply important information or in emergency situations. When relevant, I may ask you to supply the details of an emergency contact. Their information will also be treated as Contact Information as set out in our GDPR Policy. Also, so I have your session notes attached to your details on file.
- With your consent, I may use your contact information to inform you of the business services I offer. This will be via email from either libby@theemojicoach. I will use text as a reply if you have enquired by text. For personal email communication, I use Gmail. These accounts are password protected and the effectiveness of the security and your data protection lies with the email service provider. Each email to each client will be stored in a folder under the appropriate name. I only keep these communications as long as they are necessary and relevant. These communications are then deleted.
- Your email may be added to our newsletter and email marketing database. I use a 3rd party company to manage this process. I currently use Mailchimp. These account are password protected and the effectiveness of the security and your data protection lies with the service provider. You will have confirmed you wish to receive emails for one to be sent out and there is an unsubscribe link at the bottom of each of these emails to allow you to remove yourself from the newsletter database.
- Your contact information will be used to manage and carry out any bookings you make for the business services I offer. This enables me to meet my contractual obligations to you.
2. Client Notes, Health Details & Other Information
If I work with you in a session, I will be taking notes and will be collecting personal or sensitive information regarding your health, your general wellbeing and your internal processes (thoughts, emotions etc). Some of this information is collected on the Emoji Coach standardised Enquiry forms. Some as freely handwritten notes.
NOTE: All this information is stored in paper format only. When not in use, these papers are stored in a locked filing cabinet at the above given address. I am the only person with access to this filing cabinet.
- Foremostly, I require this information to ensure that I offer you appropriate services in a safe manner. This enables me to fulfil my duty of care to you as a customer.
- I also require this information for audit purposes, for business insurances and for the professional registrations and licences I hold as a therapist. These documents demonstrate that I operate my business professionally and in line with their codes of conduct, ethics & good practice.
I DO NOT store any of your financial details or information. Any payments for bookings are processed by 3rd party companies. I currently use Paypal, Sumup , Eventbrite and the BACS banking system to process payments. These accounts are password protected and the effectiveness of the security and your data protection lies with the 3rd party service provider.
3. The length of storage of your details.
To enable me to meet my legal obligations as a business, the length of time I store your information will vary as follows:
- Details I hold for marketing purposes will be kept and used until you ask for them to be removed. Upon receipt of such as request, your details will be removed at the very next opportunity. I aim to achieve this within 24 hours from receipt of the request.
- Booking information, registers and details of payments received (but not transaction details) will be kept as part of my accounting & tax records for a period of 7 years as required by law.
- Client Notes, Health Forms, Consent Forms, will also be kept for a period of 7 years following your last attended session. This provides an audit trail to ensure that the business operates in a safe and appropriate manner and is required as part of the business’s legal obligations and Insurance.
- Out of date documents are destroyed by burning in a safe and secure environment where there will be no evidence of the notes left.
5. Do I Share Your Information?
- We will never share your details with anyone. The only exceptions being if required to do so by law or as part of an audit required to meet the business’s professional obligations.
6.Your Rights under Data Protection Laws
- You may request to have your contact information removed from our systems. In reality, this means we are only able to take your details out of our marketing database immediately. To uphold our legal obligations we must maintain your information in our client notes and accounting records until the relevant 7 year deadline expires.
- You may request a copy of all the records we hold about you. We will process this information as quickly as possible and within the 28 day deadline. Where we are not able to do this we will contact you to explain the reasons why. We will not charge you for providing this information unless we receive multiple requests in a short space of time, when we reserve the right to charge a £8 administration fee.
- You have the right to have your information corrected if it is inaccurate. This may not apply to certain documents, for example client notes, where your responses are recorded as accurately as possible at the time they were offered, or where the notes are subjective commentary made by the therapist.
- You can request from the outset that we do not hold any information about you. However, practically this may prevent us from offering our services to you due to the fact that we are legally obliged to maintain certain records.
- You have the right to complain about how we have handled your information. In the first instance, please contact me using the contact details at the top of this document and I will endeavour to resolve your complaint quickly. If you are not satisfied, you can then refer your complaint to the Information Commissioners Office at www.ICO.co.uk
Libby Steggles-Ginn is registered with the ICO.
I will always treat your information in the strictest confidence unless you show any evidence of harming yourself or someone or something else. If you have any questions or wish to discuss the contents of this document, please get in touch using the contact details at the top of this document.
Alternatively you can call me on:
Monday: 8 am – 8 pm
Tuesday: 8 am - 8 pm
Wednesday: 8 am – 8 pm
Thursday: 8 am - 8 pm
Friday: 8 am – 8 pm
Saturdays: 10 am – 12 noon