General Data Protection Regulation Statement

The purpose of this document.

As part of our arrangement with you, Mindwell Matters (“I”, “we”, “us” or “our”) has certain  obligations under privacy laws, including the General Data Protection Regulation (“GDPR”) to notify individuals of how we process any personal information we collect about them. This document will inform you of what information we collect, how that information is used, where it is transferred, and how you may view and amend such information.

Mindwell Matters acts as a Data Controller and collects and processes personal data of clients/customers to carry out its functions.  We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations. You may be assured that we will treat all your information as strictly confidential and will not process it other than for a legitimate purpose. Steps are taken to ensure that the information is accurate and kept up to date. Measures are also taken to safeguard against unauthorised or unlawful processing and accidental loss, destruction or damage to the information.

 

EAP business customers:

What type of information will be processed?

Data collected and reason for collection:

– Personal data: Name, telephone number and email address of key personnel in order to be able to contact you in line with legitimate business activities.

– Personal data of any employees who engages in our services to provide therapeutic, administrative, management and wellbeing services and our legitimate business processes and activities including internal audit and accounting

– Details of internal policy and procedures in order to work alongside you in the provision of wellbeing, administrative and management services.

This list is not exhaustive and may be updated periodically as business needs and legal requirements dictate.

 

How we store your data

Data will be stored in computerised files and cloud based databases.

 

How your information may be shared

We may share your information with business affiliates, agents or service providers for the purposes above. Data may also be released to eternal parties as required by legislation, or by legal process, as well as to third parties you authorise us to release it to. We do not sell your data to any third parties.

 

How long we will keep your data

You have the right to request that we delete your data. However, due to the nature of our service, we keep your data for 7 years after the date of creation. This is because you may re-access our services at any point in the future and it may be necessary to refer to previous notes. We may also refer to your data for research and statistical purposes.

 

EAP and Private clients

What type of information will be processed?

Data collected and reason for collection:

– Personal Data: Name, address, telephone number and email address in order to be able to contact you
– GP details, in line with duty of care and medical emergencies
– Emergency contact details in case of personal or medical emergencies
– Any personal information provided during sessions, such as age, marital status, children, date of birth, gender, occupation, and any “sensitive personal data” such as physical or mental health conditions and “special category data” such as race, ethnic origin, politics, religion, health, sex life or sexual orientation.

Reason for collection:

  • In order to provide appropriate therapeutic, administration and management services
  • To be able to contact you if necessary
  • In case of medical emergencies
  • To comply with the recommendations of our professional body and insurance company

The lawful basis on which we use this information:
To collect and use data you share, we must show the ICO that we have a lawful basis to do this.  We also need to tell you what this lawful basis is.
We have determined that ‘legitimate interests’ is the most appropriate lawful basis for both personal (article 6) and special category data (article 9).  See https://bit.ly/2FLs0Bu for more details.

Please note that you have freedom of choice when it comes to your decision as to whether you provide us with any form of personal data and have a right to request that we stop processing data at any time. However, you should note that if you exercise this right, it could impact on our ability to provide services due to our lawful basis of legitimate interests and professional requirements.

 

How we store your data

Your data will be stored on a secure, GDPR compliant cloud based system. Your telephone number and name are also stored on separate password protected mobile phones.

 

How long we will keep your data

Your data will be kept for the duration of our work together will be stored for up to 7 years as per recommendations of our professional body and insurance company.

 

How your information may be shared
We would only share data in line with ethical and legal obligations and legitimate business interests. These are:
 – During required supervision sessions when we may talk about our work together.
 – If we receive a Court Order for the release of our notes.
–  If you disclose you, a child or another are at risk of serious harm.
– If you share information about a proposed act of terrorism/money laundering/drug trafficking.
– If there is a request by the Police for information regarding a road traffic accident.

 

You have the right:
– to be informed about what information we hold – details will be available before our first session.
– to access the information we hold – you can request this verbally or in writing at any time.  We will provide you with the information within one month.
– to have any incorrect information rectified – you can request this verbally or in writing.
– to have your records erased (in the defence of any legal claims, we may decline to do this citing the lawful basis of legitimate interests)
– to restrict processing (we may decline to do this citing the lawful basis of legitimate interests)
– to data portability – e.g. you can request your notes be transferred to another counsellor.
– to object to processing of your data (we may decline to do this citing the lawful basis of legitimate interests)

Please note that you have freedom of choice when it comes to your decision as to whether you provide us with any form of personal data and have a right to request that we stop processing data at any time. However, you should note that if you exercise this right, it could impact on our ability to provide services due to our lawful basis of legitimate interests.

 

If you have any concerns about how we have used your data please contact the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF – Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate).

If you would like to discuss anything in this privacy statement, please contact angela@mindwellmatters.co.uk

Last updated October 2021

Angela Holt PG Dip, MBACP

Mindwell Matters