Privacy Policy & Information
Privacy Policy at bwrtsalisbury.com. We operate our practice to the highest standards, both professionally and ethically. Where applicable we are members of professional therapy organisations which ensure that our work is to a high standard and that we maintain and improve our skills through the use of continuous professional development (CPD).
PRIVACY POLICY
We understand that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our Clients and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations to client confidentiality and your rights under the law.
1. Information About BWRT Salisbury
Who are we?
BWRT is a sister company and trading name of Justletgo Therapy, a Limited Company registered in England under company number 09046637
Registered address – 6 Northlands Road, Southampton, Hampshire, SO15 2LF
Practice address – 16 Endless Street, Salisbury SP1 1DP
Data Protection and processing Officer: Alan Artt.
Email address: hello(at) justletgo (dot) co (dot) UK.
Spam protection – please replace (at) with @ and (dot) with . in the email address shown above.
Telephone number: 01980 505645.
We are regulated by the following professional bodies:
Association for Professional Hypnosis and Psychotherapy (APHP)
British BrainWorking Research Society (BBRS)
2. What Does This Policy Cover?
This Privacy Policy explains how we use your personal data, how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.
3. What is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers. The personal data that we use is set out in Part 5, below.
4. What Are My Rights?
Under the GDPR, you have the following rights, which we will always work to uphold:
- The right to be informed about data collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the details in Part 11.
- The right to access the personal data we hold about you. Part 10 will tell you how to do this.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us by using the details in Part 11 to find out more.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us using the details in Part 11 to find out more. (Note however that client records are required to be retained for a period of time (currently 8 years, see Part 7).
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to data portability. This means that you can ask us for a copy of your personal data held by us to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 11. Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau. If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
5. What Personal Data Do You Collect?
We may collect some or all of the following personal data (Note: this will vary according to your therapeutic relationship with us):
- Name
- Date of birth
- Gender
- Address
- Email address
- Telephone number(s)
- Profession
- Payment information
- Medical History
- Medication details
- Sexual orientation
- Data pertaining to your reason for consultation, including but not limited to, reason/s for consultation, mental, emotional and physical, life events, lifestyle, family and friends, religious or political views, criminal offences, preferences and interests.
Your personal data is not obtained from any third party.
6. How Do You Use My Personal Data?
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for performance of a contract with you, or for specific treatment as a client because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data may be used for any or all of the following purposes:
- Providing appropriate therapeutic services to you
- Providing training to you if enrolled on a training course.
- Client testimonials – any verified testimonials from clients may be shared on the website, on Social media or on other therapy directories with the prior permission of the client. In such cases unless express permission is given by the client their full name and full geographic location will be redacted to avoid identification by others. At BWRT Salisbury we only use testimonials where prior permission has been granted by either receipt of an identifiable email or in writing by the client.
- Communicating with you. This may include responding to emails, Facebook messages or telephone calls from you.
7. How Long Will You Keep My Personal Data?
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
- Paper based records – All personal data provided by you is to be kept safe and in good condition for eight years from the date of your last visit in accordance with the requirements of a professional body or our therapy practice insurers, whichever is the longest specified period.
- Emails will be kept for up to three months after which time they will be deleted. Where relevant to the client’s case history, emails may be printed and retained further as paper-based data as outlined above.
Facebook : Messages are replied to and deleted. If potentially relevant for your treatment, a handwritten note, or print out of you message and my reply is added to your file.
8. How and Where Do You Store or Transfer My Personal Data?
We will only store your personal client data in the UK. This means that it will be fully protected under the GDPR.
For any user who signs up to our newsletter we share that data by storing it on our mailing list providers servers. (MailChimp) MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Their data protection policies can be found at https://mailchimp.com/legal/privacy/
The security of your personal data is essential to us, and to protect your data, we take a number of important measures, including the following:
- No personal data is stored online or on computer hardware or software.
- Personal data sent via email is deleted at the earliest time possible after it’s use, e.g. once printed on to paper copy or noted in your client file; or, where no paper record is required, no more than three months from its receipt. Where the information in the email relates to a client’s therapy sessions or contains session specific information we may print and retain the email as our paper based records.
- All client paper-based data is kept in a locked cabinet at my registered address.
- Clients paying for courses or treatment by using Paypal will be subject to Paypal’s data collection and privacy policy. As well as the transaction data, Paypal will collect your computer’s IP address and other identifying information about the computer or device you use to access your PayPal account or use the PayPal Services, in order to help detect possible instances of unauthorised transactions. No personal identifiable data related to transactions with Paypal transactions i.e card data is stored by us electronically as all transactions are carried out on Paypal secure servers.
9. Do You Share My Personal Data?
Client data We will not share any client’s personal data with any third parties for any purpose, other than those listed below:
- In certain circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
- We may also share your personal data with the relevant authority if in our professional opinion:
(a) it is demonstrably in the best interest of the client/patient to disclose relevant information to the client’s medical consultant or physician, and only when the client has given their written permission to disclose information to their medical consultant or physician
(b) where the law requires disclosure
(c) when sharing information with fellow professionals, in which case, client anonymity is guaranteed
(d) in the event of a complaint being made against a therapist, subject to the complainant providing written consent for their notes and records to be made available. - If another healthcare professional involved in your case management requests copies of your data. Your consent is obtained first and provided to me in writing by the completion and signing of a consent form) and you will be provided with a secure envelope containing the data to pass on to your healthcare professional.
In non-personalised form, i.e. no clearly identifying features such as, but not limited to, name and address, your case may be discussed for the purposes of supervision/mentoring and on-going professional development. This could be as shared with a supervisor or mentor, or for continual professional development (CPD) as part of a group with the express purpose of inviting feedback and/or sharing knowledge gleaned from client cases. In all cases, client anonymity is assured.
Newsletter Subscribers For any user who signs up to our newsletter we share that data with our mailing list provider (MailChimp) MailChimp participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.
10. How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”. All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 11. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request normally within one week and, in any case, within not more than one month of receiving it. Our aim is to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
11. Our Cookie Policy
This website uses cookies. Cookies are small text files that can be used by websites to make a user’s experience more efficient. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information that you’ve provided to them or that they’ve collected from your use of their services. You consent to our cookies if you continue to use our website.
The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission.
You can at any time change the cookie settings on our website via the cookie icon on the bottom left of any page on our website.
12. How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details (for the attention of Alan Artt). Email is the preferred contact method.
Email address: hello(at)jutsletgo(dot)co(dot)uk. Note – Antispam email address please replace (at) with the symbol @ and (dot) with a period . in the email address shown.
Telephone number: 01980 505645.
13. Changes to this Privacy & Cookie Policy.
We may alter or amend this Privacy Policy from time to time. This may be necessary, for example, if the law changes, or if we or our business changes in a way that affects personal data protection. Any changes will be made to this Privacy Policy document.