Privacy Policy & GDPR
General Data Protection Regulation (2018)
Data protection policy and retention schedule
Data protection officer​
-
Dr Leona Black
-
Email: leonahblack@gmail.com
-
Tel: 07789 814496
Introduction​
Dr Leona Black aims to be as clear as possible about how and why information about you is used so that you can be confident that your privacy and personal data is protected. I would only use it fairly and in ways that you would reasonably expect me to.
This policy describes the information that Dr Leona Black collects when you use her wellbeing coaching psychology service. This includes personal and sensitive information as defined by the General Data Protection Regulation (GDPR) 2018 and the UK Data Protection Bill 2018.
The policy describes how your information is managed when you use the service. Dr Leona Black uses the information collected in accordance with all laws concerning the protection of personal data, including the Data Protection Act 1998 and the GDPR 2018.
​
If you have any queries about this policy, please contact the data controller directly. If you are not satisfied with the answers provided, or if you require any further information, you can contact the Information Commissioner's Office (ICO) at www.ico.org.uk.
Why is personal information collected?​
-
To conduct 1:1 coaching sessions with you
-
To communicate with you, contact you regarding appointments, or to send invoices.
-
To carry out and deliver a service we have been contracted to do, either by yourself or educational setting.
What types of information and data are collected?
Legitimate Interest​
Given the context and nature of our relationship, the intended purpose for collecting and processing your personal data is to conduct 1:1 coaching sessions. Therefore, there is a legitimate interest to collect your relevant data for the purpose this.
In so doing, the only information collected from you will be relevant to the purpose of undertaking the sessions agreed. This can include:
-
All background information about you, that you share e.g. family name, contact details, information provided in the discovery questionnaire.
-
Specific information about your coaching goals / outcomes and progress made towards meeting these.
-
Invoicing
Lawful basis for processing data
I will only use your personal data for the purposes that I have collected it and in accordance with data protection law. This will be to:
-
Provide a contract or service to you​
-
Signed consent forms by you - gaining your consent
How is the information that has been collected then used and processed?​
-
To carry out the service requested, the collected information is used to structure our coaching sessions.
-
When you contact me to request details and more information about my services.
-
When you contact me to get a quotation
-
When we arrange sessions / purchase sessions.
How personal and sensitive information is stored and kept safe - Data security​
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. This is done by:
-
Computer has an encrypted drive where electronic files are kept.
-
Firewall and anti-virus software on computer.
-
Electronic data is backed up and password protected.
Data Breach Procedure​
-
The Information Commissioner’s Office will be contacted within a reasonable time frame as soon as Dr Leona Black is made aware of a data breach. This will be within 72 hours.
-
Clients will be contacted within a reasonable time frame as soon as Dr Leona Black is made aware of a data breach.
How long is the information kept for?​
Data retention schedule​
-
All hand written notes from the coaching sessions will be destroyed after the final session.
-
All electronic copies of discovery questionnaires and consent forms will be deleted after ten years from the final date of my involvement with the client.
-
In the event of the data controller’s death or ceasing to trade in coaching services, all data will be deleted by a trusted third party who has DBS clearance.
How can collected information be viewed, deleted or changed?​
Subject Access Request Procedure​
-
Should a subject request information on the data held about them, then they can request this by contacting the Data Protection Officer (Dr Leona Black) within the limitations of the data retention schedule.
-
Additional verification that you are who you say you are may be asked for to process this request. Personal information may be withheld to the extent permitted by law. In practice, this means that information may not be provided if it is considered that providing the information will violate the child or young person’s vital interests
-
If you want to have your data removed, a decision will need to be made as to whether it should be kept. If it is decided that the data should be deleted, it will be without undue delay.
Date of current policy and review period​
-
Data policy created April 2018
-
Data policy amended December 2022
-
Data policy will be next reviewed in September 2023