Privacy Policy
How your data is used
- Introduction
- I am committed to safeguarding the privacy of my website users and my clients.
- This policy applies when I am acting as a data controller with respect to the personal data of such persons; in other words, where I determine the purposes and means of the processing of that personal data.
- In this policy, "I", "me" and "my" refers to Toby Lyons.
- Credit
- This document was created using a template from Docular (https://seqlegal.com/free-legal-documents/privacy-policy).
- The personal data that we collect
- In this Section 3 I have set out the general categories of personal data that I process.
- Contact/Communication Data: I may process data enabling me to get in touch with you. The contact data may include your name, email address, telephone number, or postal address. The source of the contact data is from you filling out the enquiry form that goes through to a GDPR compliant email account or a work telephone.
- Personal/Sensitive Data: Prior to our first session I will ask you to fill out a brief questionnaire so that I will have the following on file: Name, Email, Contact Number, Emergency Contact Number, GP details. Though I often work without client notes, there may be certain circumstances that would necessitate the taking down of some. All the above information will be stored securely for 7 years and then destroyed.
- Transaction Data: If you chose to pay me via BACS then your details will appear on my bank statements.
- Purposes of processing and legal bases
- In this Section 4, I have set out the purposes for which I may process personal data and the legal bases of the processing.
- Operations - I may process your personal data for the purposes of operating my website, the processing and fulfilment of orders, providing my services, generating invoices, bills and other payment-related documentation. The legal basis for this processing is my legitimate interests, namely the proper administration of my website, services, and business and should we work together, the performance of a contract between you and me and/or taking steps, at your request, to enter into such a contract (Client-Therapist Agreement).
- Relationships and communications – I may process Contact data, Communication data, Personal data, Sensitive data and Transaction data for the purposes of managing my relationships, communicating with you (excluding communicating for the purposes of direct marketing) by email, SMS, and/or telephone, providing support services and complaint handling. The legal basis for this processing is my legitimate interests, namely communications with my website visitors, service users, individual customers and customer personnel, the maintenance of relationships, and the proper administration of my website, services, and business.
- Research and analysis – I may process usage data and/or transaction data for the purposes of researching and analysing the use of my website and services, as well as researching and analysing other interactions with my business. The legal basis for this processing is our legitimate interests, namely monitoring, supporting, improving and securing my website, services and business generally.
- Record keeping - I may process your personal data for the purposes of creating and maintaining my databases, back-up copies of my databases and my business records generally. The legal basis for this processing is my legitimate interests, namely ensuring that I have access to all the information I need to run my business properly and efficiently in accordance with this policy.
- Security - I may process your personal data for the purposes of security and the prevention of fraud and other criminal activity. The legal basis of this processing is my legitimate interests, namely the protection of my website, services and business, and the protection of others.
- Insurance and risk management – I may process your personal data where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks and/or obtaining professional advice. The legal basis for this processing is my legitimate interests, namely the proper protection for my business, myself and my clients against risks.
- Legal claims – I may process your personal data where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is my legitimate interests, namely the protection and assertion of my legal rights, your legal rights and the legal rights of others.
- Legal compliance and vital interests – I may also process your personal data where such processing is necessary for compliance with a legal obligation to which I am subject or in order to protect your vital interests or the vital interests of another natural person.
- Your personal data and information
- Sharing your personal data to others I will not disclose any personal data about my clients unless I determine there to be a legitimate risk to yourself or others, or if I am obligated to do so in accordance with the law. In the above situation I would endeavor to discuss this with a client prior to the disclosure of their personal data, but should I deem it necessary, I reserve the right to not do so.
- I, like all members of the BACP, have a clinical supervisor that I consult with for professional advice, guidance, and support. In these sessions there will be no personal data shared, nor anything identifiable or traceable to an individual client.
- Your site usage data may be stored on the servers of our hosting services providers (https://www.bluehost.com/)
- Financial transactions relating to my website and services may be handled by my payment services providers. I will share transaction data with my payment services providers only to the extent necessary for the purposes of processing your payments.
- In addition to the specific disclosures of personal data set out in this Section 5, though I hold all client information and discussions in the work in strict confidence, I may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which I am subject, or in order to protect your vital interests or the vital interests of another natural person. I may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
- Retaining and deleting personal data
- This Section 6 sets out my data retention policies and procedures, which are designed to help ensure that I comply with my legal obligations in relation to the retention and deletion of personal data.
- Personal data that I process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- We will retain your personal data as follows: (a) Contact/Personal data will be retained for as long as it is necessary. After our work is finished it will be stored for a period of 6 years before being deleted annually. (b) Sensitive Data will be stored separately from Personal data. After our work is finished the data will be stored securely for a period of 6 years before being deleted annually.
- Your rights
- In this Section 7, we have listed the rights that you have under data protection law.
- Your principal rights under data protection law are: (a) the right to access - you can ask for copies of your personal data; (b) the right to rectification - you can ask us to rectify inaccurate personal data and to complete incomplete personal data;
- These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
- You may exercise any of your rights in relation to your personal data by contacting me through the online enquiry form. You also have the right to log a complaint with the ICO should you feel your data has been improperly handled.
- Managing cookies
- This website does not store cookies.
- Amendments
- We may update this policy from time to time by publishing a new version on our website.
- You should check this page occasionally to ensure you are happy with any changes to this policy.
- Our details
- This website is owned and operated by Toby Lyons
- You can contact me by email at toby@lyonstherapy.co.uk