HOW WE PROTECT YOUR PERSONAL INFORMATION
PLEASE READ THIS CAREFULLY
What Data do we collect and where do we get it from?
For the purposes set out in this notice, the Information Commissioner (ICO) requires us to advise you that, information, including personal information detailed below relating to you or anyone else for whom we have been provided information. ("Personal Data and Special Categories of Data") will be collected and processed by Living Joy and/or on its behalf by its third party service providers. This data will be provided by you, or any other person you may appoint to provide us with information. You will either be completing information forms or answering questions we ask you, in order to provide the required information. We may also obtain information from other sources that is readily available in the public domain.
This is information we may gather from you that will directly or indirectly identify you as individual, and may also provide information about your cultural or social identity. This type of data must be processed strictly in accordance with our Basis at Law stated in the table below. This data will include but may not be limited to:-
Your title, name, postal address, , civil status, gender, current and or previous occupation, date of birth, contact details, mental health conditions, bank details, credit / debit card details, , children’s data where the child is under 16 for the purposes of GDPR.
Special Categories of Data….
This is information we may gather from you that might reveal your racial or ethnic origin, political opinions, religious or philosophical beliefs, your health, sex life or sexual orientation. This data will be processed strictly in accordance with the Basis at Law stated in the table below. This data will include but may not be limited to:-
Your title, gender, race, ethnic origin, political opinions, religious beliefs, physical or medical health conditions, residency period, children’s data where the child is under 16 for the purposes of GDPR. Data for criminal convictions and offences will only be collected as permitted by UK Law.
We will have asked for, and recorded either your verbal or documented consent to process any special categories of data that we may have collected from you.
Each time you visit our website, we may automatically collect Technical information including IP address. The controller of this Personal Data is Living Joy ("we" and “us”), London, UK. If you have any query, please contact Monika Scott on email@example.com. We process your Personal Data in accordance with this Privacy Notice, which is also available on Insert firms website address.
How and why do we Process Your Personal Data?
The following tables detail :-
Legal basis for processing
Why we collect your data
We obtain, collect and process your Personal Data and Special Categories of Data (which includes sharing your data with others where appropriate) to enable us to carry out our work with you in helping with the issues you have raised. We may also have regulatory and / or legal obligation for sharing data with others, but we will only share it for the purposes stated, or in a way you would reasonably expect us to, unless we inform you otherwise. If you do not provide the data requested or your provide false information then you may not get the results you are expecting.
Our legal basis for processing your data
In order to undertake the hypnotherapy you have requested we will be using one or more of the following legal bases:-
Who we share your data with and the reason for processing
We are a Data Controller and in order to process your requests we may be sharing your data with one or more other Data Controllers. The Controllers we may share with and our reasons for sharing that information are listed but not limited to the following:-
Referral for assistance with therapies for which we do not undertake
Clinical Professionals and / or other appropriate agencies
Where we receive a referral from them and need to provide feedback on your progress
Unresolved Complaints or where we believe we have a legal obligation to discuss information with them
Administering of your information and payments. Back
up Of Data
To collect unpaid fees
It Providers - Software
Holds all collective management information, system
testing when system not responding or errors occur
It Providers - Hardware, Cloud & Systems Management
To detect issues, secure the system, and test the
system. Also backup of data where third party assisted
Our own Insurers
Where we need to provide information about you
Potential claims against us
For management of information where
language is a barrier or they use sign language
Other offices within the firm may need to use data
centrally to deal with clients if another office is busy or
Other Data Controllers not detailed above
To be shared only for the purposes stated, or in a way
you would reasonably expect us to, unless we inform
How long we retain your data
We will retain your Personal Data for as long as you are a client of ours and for 10 years thereafter.
Where do we hold your Data?
At all times we will endeavour to hold your Data on servers within the UK, or within the European Economic Area (EEA). Where we share your information with other Data Controllers they must also agree to hold your Data within the EEA. However, in the unlikely event your data is to be held in any other geographical area we ensure that:-
Your Acknowledgment of this Notice and Your Rights
Under General Data Protection Regulation you have rights and these are listed below.
Right to Be Informed
The General Data Protection Regulation sets out the information we must provide to you about your Data. All of the information we are required to give you is contained within this Privacy Notice. If you do not understand any part of this, you should contact us immediately and we will be happy to explain it to you.
Right of Access
You have the right to access and obtain a copy of the Personal Data, and any supplementary information that we hold about you to enable you to verify the lawfulness of the processing carried out. This will be provided free of charge, unless your request is unfounded, excessive or repetitive, and the information will be sent to you within 30 days of your request being received. If we refuse your request, you have the right to complain to the ICO.
Right to Rectification
You have the right to request that we correct any inaccuracies in the Personal Data we hold about you. This will be corrected within one month. If we are unable to correct the inaccuracy you have the right to complain to the ICO.
Right to Erasure
You have the right to request that we erase your Personal Data. For example, you may exercise this right in the following circumstances
We refuse the right to delete your information when it falls within our data retention period stated above, as this data may be required to exercise or defend litigation in the event of a claim or to meet any legal obligations. If you do not agree with this you have the right to complain to the ICO.
Right to Restrict Processing
You have the right to restrict our processing of your Personal Data where any of the following circumstances apply, although we will still be allowed to store it:
Where you exercise your right to restrict our processing of your Personal Data, we will only continue to process it in accordance with the requirements of the work we are doing with you or our legal obligations.
Right to Data Portability
You have a right to receive and transfer the Personal Data that we hold about you. This only applies to:-
Where you make such a request, this will be provided in a structured, commonly used, machine-readable format such as a CSV file. This will be completed within one month of us receiving your request.
Right to Object to Processing
In certain circumstances, you have a right to object to our processing of your Personal Data
We will still be able to process your Personal Data where
Right to Object to automated decision making including profiling
You have a right not to be subjected to decisions being made solely by automated means without any human involvement. We do not anticipate needing to use automated decision making, however, if we do it will only be when:-
We will only process data in the way you would expect it to be used, and you will be entitled to have a person from our firm to review the decision so that you can query it and set out your point of view and circumstances to us.
Right to Withdraw Consent
Where the legal basis of Consent has been used for Childrens’ data or special categories of data, you have the right to withdraw that consent at any time. Where you exercise your right to withdraw consent of the processing of any children’s data or special categories of data, any data processed prior to the withdrawal of consent will remain valid.
If you would like to exercise any of your rights detailed above, please contact Monika Scott on firstname.lastname@example.org . You may raise any concerns about Living Joy’s processing of your Personal Data with the Information Commissioner Office on https://ico.org.uk/.
Changes to this Notice
We may amend this notice on occasion, in whole or part, at our sole discretion. Any changes to this notice will be effective immediately upon sending the revised notice to you by e-mail or post. If at any time we decide to use your Personal Data in a manner significantly different from that stated in this notice, or otherwise disclosed to you at the time it was collected, we will notify you by e-mail or post and you will have a choice as to whether or not we use your information in the new manner. If you have questions or concerns about this notice, please contact Monika Scott on email@example.com.
Information about or provided by another person
Where your information has been provided to us by another person, we will send you a copy of this privacy notice directly to you, where we have your address, within one month of being provided with your information. If we do not have / are unable to hold your address for any reason, we will send a copy of this to the person providing the information with instructions to pass this to you within one month. Where you have provided us with information about another person, eg: an appropriate adult providing information about a child or vulnerable person, we may not have their address, and therefore you must provide them with a copy of this Privacy Notice so that they will know how their data is being used. Additional copies can be supplied on request. We also provide a separate privacy notice for children as required under the GDPR regulations.