PRIVACY POLICY

 

  1. Introduction:

This is the privacy policy for Ruth Anderson-Davis, trading as Self-Worth Sanctuary and as the following website(s) and social media identities:

www.selfworthsanctuary.com 

 

  1. Contact details:

Postal Address:

Ruth Anderson-Davis, Self-Worth Sanctuary, 49 Station Road, Polegate, East Sussex, BN26 6EA

Phone No.: 07376 925 645

Email: ruth@selfworthsanctuary.com

 

  1. About this document: 

There are two sections to the following information:

(a)  About your personal data – the type of data that is collected or used, including when, how and why

 

(b) Your rights – all the ways that you can control what happens with your data

 

4 About your personal data:

4.1 When you make contact or an enquiry: 

 

The name and contact details you give and the content of your message(s) are retained for three reasons:

(a) By your consent

(b)  As part of a ‘contract’ (only while we communicate)

(c) For legitimate business interests – for good business practice I keep a record of who has made contact before, the types of questions asked etc

4.2 When you make an online purchase as a single purchase, a membership or subscription:

This is a contract for services. Your contact details are dealt with as above (consent, contract, legitimate reasons) – also these, your purchase history and the payment details (sent to me from Paypal) are retained for six years beyond the end of the contract for legal reasons – accounting law.

4.3 If you subscribe to my free newsletter or blog:

 

Your name and email address is securely stored by Mailerlite or WordPress who are all GDPR compliant. This is with the sole purpose of providing you with the information that you have requested such as updates and blog pieces.  

This will always be via a double opt in process and you can unsubscribe easily at any time.

 

Your information is never shared or sold.

 4.4 When you work with me 1:1

Dependent on the work, you may wish (or need) to provide personal details of a sensitive nature:

(a) As an intake form, these are retained in printed or handwritten format and include your contact details and where appropriate, signature. The nature of such documents will be in relation to setting expectations of our work together.

(b) As session notes, these are both handwritten notes during our session and/ or typed up notes post session for the purpose of fulfilling our contract and keeping a record of our work during the sessions. All notes are kept securely in line with GDPR. 

 

4.5 In the cases where I share your notes with you as a record of our progress and any potential ‘homework’, you will inform me of your preferred secure method of doing this. 

4.6 In both cases I am required by law to retain these records for six years after the completion of our contract – or in the case of a minor, from six years beyond the date of their eighteenth birthday.

 

5 Other data sources:

5.1 Incoming data is also received from my website host WordPress, Paypal, Skype, Zoom, social media and text message, should we communicate via any of those.

 

5.2 I may receive information from another practitioner or therapist as part of a referral. In such a case you may be unaware that the consented data transfer has taken place, I will therefore inform you of receipt within 28 days

  1. Sharing your data

6.1 Your privacy is important and I do not sell your data nor share it except by your consent or under the law.

6.2 When working together, if we have agreed that you will benefit from a referral to another therapist, I may give out elements of your personal information to this practitioner or therapist as part of that referral. This will always only be with your personal consent.

6.3 In continuation of current UK law on confidentiality I also retain the right and in some cases the legal requirement to breach confidentiality to inform an authority such as the police or your GP of impending harm or illegality.

 

  1. Your Rights

7.1 The GDPR sets out clearly what your rights are. It also lays out deadlines for a reply and other rules which are reproduced for your information at the bottom of this section.

  1. Right to be informed

8.1 You have the right to be informed about the collection and use of your personal data. This is a key transparency requirement under the GDPR.

8.2 I must provide you with information including: my purposes for processing your personal data, my retention periods for that personal data, and who it will be shared with. This ‘privacy information’ is provided above.

8.3 I must provide you with privacy information at the time I collect your personal data from you, in other words it has to be available to you before you fill in a form or hand over your data such as your email address.

8.4 If I obtain your personal data from other sources, e.g. by referral or from the payment service provider your selected, I must provide you with privacy information within a reasonable period of obtaining the data and no later than one month.

8.5 There are a few circumstances when I do not need to provide people with privacy information, such as if an individual already has the information or if it would involve a disproportionate effort to provide it.

8.6 The information I provide to people must be concise, transparent, intelligible, easily accessible, and it must use clear and plain language. Therefore, if there is anything you do not understand, please get in touch.

 

  1. Right of access

9.1 You have the right to access your personal data and supplementary information. This allows you to be aware of and verify the lawfulness of the processing.

9.2 You are entitled to confirmation that your data is being processed, access to your personal data, and

other supplementary information as provided in this privacy notice. 

  1. Right to rectification

10.1 You have the right to have the data your personal data corrected if it is incorrect or completed if it is incomplete.

  1. Right to erasure

11.1 You may request, verbally or in writing, to have your data erased. This is also commonly known as ‘the right to be forgotten’. This right only takes effect when:

  • (a) Your personal data is no longer necessary for the purpose for which it was originally collected or processed,
  • (b) you withdraw your consent when the sole legal basis to hold this information is your consent,
  • (c) There is a legitimate interest in processing this data, which does not override your request
  • (d) processing/analysing of the personal data was for direct marketing purposes and this is the use you object to
  • (e) your personal data was processed unlawfully without a proper legal basis
  • (f) There is a legal obligation to comply with your request; or
  • (g) If the personal data was processed to offer information society services to a child.

  1. Right to restrict processing

12.1 You have the right to request the restriction or suppression of your personal data. In other words you want to stop the data being used but keep it on file.

12.2 In this case your personal data cannot be used and can only be stored unless:

  • (a) you give your consent;
  • (b) it is for the establishment, exercise or defence of legal claims;
  • (c) it is for the protection of the rights of another person (natural or legal); or
  • (d) it is for reasons of important public interest.

  1. Right to data portability

13.1This allows you to obtain and reuse your personal data for your own purposes across different services.  It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. 

 

13.2 Doing this is meant to enable you to take advantage of applications and services that can use this data to find you a better deal or help you understand your spending habits. In general this rule exists for data held by big service providers, such as your call history or insurance or gas bill history. The right also only applies to information you have provided.

  1. Right to object

14.1 Individuals have the right to object to:

  • (a) processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
  • (b) direct marketing (including profiling); and
  • (c) processing for purposes of scientific/historical research and statistics.

14.2 Your objection must be made on grounds relating to your particular situation.

14.3 Once you object your data can no longer be processed, unless

  • (a) there are demonstrably compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual; or
  • (b) the processing is for the establishment, exercise or defence of legal claims.

14.4 You may complain directly to me using the contact details above. If you find the outcome unsatisfactory you are then able to object or complain to:

Information Commissioners Office

https://ico.org.uk

0303 123 1113.

 

14.5. You may of course also exercise your right to legal action.

  1. Timelines:

15.1 You can claim a right verbally or in writing.

15.2 A response should come without delay and at least within one month of receipt. The time limit is calculated from the day after you make the request (whether the day after is a working day or not) until the corresponding calendar date in the next month.

15.3 I aim to respond within 28 days.

  1. Exceptions:

16.1 When you request access to your data, a copy must be provided free of charge. However, you can be charged a ‘reasonable fee’ when a request is:

  • (a) manifestly unfounded or excessive, particularly if it is repetitive, unless that’s because I failed to respond; or
  • (b) for further copies of the same information (that’s previously been provided).

Pin It on Pinterest

Skip to content