Privacy Policy
Mindworks Therapist the Company) is committed to protecting and respecting the privacy of all our clients and partners of our Services and our WriteUpp Management Software.
This policy together with:
- our MindWorks Client/Therapist Agreement applicable to your use of the Services where you are our client (our Client Agreement);
- and any other documents referred to in the Client Agreement or discussed in consultations, sets out the basis on which any Personal Data the Company collects from you, or that you provide to the Company, will be processed by us. Please read the following carefully to understand our views and practices regarding your Personal Data and how we will treat it. By using our Services, you are accepting and consenting to our practices as described in this policy.
This policy has been prepared within the latest legislation in mind to take account of the changes under GDPR. We may change this policy from time to time to take account of:
- changes to Data Protection Laws and other laws which may affect this policy;
- guidance issued by the ICO and others;
- issues raised by our clients and partners
Accordingly, and we suggest that you regularly check this page to ensure that you continue to be comfortable with the measures that we are taking to protect your privacy. This policy is effective from 21st May 2018.
Definitions
In this policy the following words have the following meanings:
Act means the Data Protection Act 1988.
Clients includes the following (a) clients who have entered into a contract with us for the supply of the Services (b) clients who have requested for a free initial consultation in accordance with our Client Agreement.
Data Protection Laws means the Act, GDPR, the Regulation of Investigatory Powers Act 2000, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699), the Electronic Communications Data Protection Directive (2002/58/EC), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2426/2003) and all applicable laws and regulations relating to the processing of personal data and privacy, including where applicable the guidance and codes of practice issued by the ICO or any other supervisory authority, and the equivalent of any of the foregoing in any relevant jurisdiction.
Data Controller, Data Processor, Data Subject and Personal Data all have the meaning given to them in the Act and GDPR.
Clients means the Client’s and customers of our services.
Clients Data means Personal Data of Clients, including clinical notes and assessments.
GDPR means EU General Data Protection Regulations.
ICO means the Information Commissioner’s Office and any successor to it as data protection authority.
Us, Our, We or Company means Ian and Lesley Disley of Mindworks Therapist.
You, Your, or Clients means you or your family members
WriteUpp means the management software we use for administrative purposes developed by WriteUpp.
Site means the Company’s website at https://www.mindworkstherapist.com
The Company – as Data Controller
Where you are a Client of the Company, we will be the Data Controller in respect of certain Personal Data which you and your family members may supply to us or which we collect from you which relates to you and your family members.
For the purpose of the Act and, upon its coming into force on 25th May 2018, GDPR, Ian Disley of Mindworks Therapist Hameldaeme Wellbeing Centre. 12 Rudham Avenue, Grimsby NE Lincs DN32 0AX will be the Data Controller in respect of Client (Customer) Data. Should we ask you to provide certain information by which you can be identified when using our Site, our Services or the management software WriteUpp or by other contact methods, then you can be assured that it will only be used in accordance with this privacy policy.
As Data Controller, we determine the purposes for which and the manner in which Client Data is, or is to be, processed. In this policy we describe the types of processing we may undertake with respect to Client Data.
The Kind of Information we hold
The Company will collect and process the following personal information:
- Information you provide to us;
- Information we collect about you; and
- Information supplied to us by third parties.
Information you provide to us.
We may process the following types of Personal Data:
Client Data:
This is information you provide us to enter into our management software programme WriteUpp, a database for all our Clients which may include, but is not limited to:
- Name;
- Address;
- Email address;
- Landline & Mobile Number
- Insurer details
- GP details
- Medical records
- Treatment plans
- Letters & documentation
- Communications with other healthcare professionals: and
- Other information necessary for the operation of the Services and/or WriteUpp.
This Client Data may be supplied by you when you:
- Use our Services in the course of hiring us;
- when you report a problem with our Site.
This Client Data may be processed by us for the purposes of:
- storing Client Data on WriteUpp;
- storing Client Data on the servers we use;
- supplying you with our products and Services;
- enabling and assisting us to comply with all legal, regulatory and compliance obligations to which we are subject; and
- ensuring the security of our Services, maintaining back-ups of our databases and sending communications to you.
Enquiry Data:
This is information you give to us at any initial consultation and may include:
- your name;
- address;
- email address; and
- any other information you may supply or volunteer.
This data may be supplied by you when you:
- submit an enquiry or referral form to us regarding our Services whether by telephone, email, via our website or other channel;
- register a profile, complete surveys, or tell us about any problems with our Site;
- submit material for publication on our website (whether in discussion boards, blogs, chat rooms or other social media platforms our website; or
- subscribe for any newsletter, publications or articles we may supply.
This data may be processed by us for the purposes of:
- responding to your enquiry;
- marketing, offering and selling our products and Services to you; or
- sending you publications you have requested;
- enabling and monitoring your use of our Site, products and Services.
How we will use information
Lawful Grounds for the Company’s processing activities
When the Company processes Personal Data, whether as Data Controller or as Data Processor, we will rely on the following lawful grounds for processing of each of the categories of data identified above.
Client Data – the legal basis for this processing is:
- consent from the Client/data subject;
- because this is necessary for your use of our management software WriteUpp and the supply of our Services to you in accordance with our contract; and/or
- your legitimate interests, namely the supply of our services to our Clients.
The Company will use personal information in the following ways:
Client Data:
May be processed for the purposes of:
- storing Client Data on WriteUpp;
- storing Client Data on our servers, computers and personal files;
- supplying you with our products and Services;
- enabling and assisting us to comply with all legal, regulatory and compliance obligations to which we are subject; and
- ensuring the security of our Services, maintaining back-ups of our databases.
If you fail to provide personal information
If you, the Client, fail to provide certain information when requested, the Company may not be able to perform the Services and any contract we have entered into with you or we may be prevented from complying with our legal obligations.
Change of purpose
Where we are Data Controller (in respect of Client Data): The Company will only use personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Where we are Data Processor: The Company will only process Client Data in accordance with the conditions for processing set out in this policy. We shall only process Client Data, while our contract with the Client is continuing and shall cease such processing (a) when requested by the Client (b) on termination of the contract (c) on cancellation of the contract; or (d) at the request of the data subject.
Disclosure of your information
You agree that the Company has the right to share Client Data with:
- Selected third parties including:
- business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you (including third party IT providers, hosting and back-up service providers); and
- third party service providers who assist us with our activities, such as hosting providers, and other IT or payment service providers, may also have access to personal information held by us and may use this information on our behalf
The Company will disclose Client Data to the above third parties:
- if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply the Client Agreement and other agreements
- to protect the rights, property, or safety of the Company, our clients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction;
- to assist us in improving our products and Services. We monitor aggregated data that is collected by our Service and may share this with third parties collectively and in an anonymous way. This data will not reveal personal information.
We will not sell, rent or share Client Data with third parties in other ways without your consent unless we are entitled by law to do so;
Where the Company will store personal data
We may hold personal information in electronic databases, such as our client relationship management system WriteUpp and personal files in locked, security alarmed and CCTV covered premises. We take all reasonable steps to keep any personal information we hold about you secure.
All information which is provided to, or collected by, the Company is:
- stored on the WriteUpp’s Company’s secure servers within the European Union (EU).
- Hosted on secure data centre managed by a hosting partner with 24/7 manned security, CCTV, biometric access to the facility and restrictive access to the internals of the building based on authorisation levels.
Passwords and Security
Unfortunately, the transmission of information via the internet is not completely secure. Although the Company will do its best to protect your personal data, the Company cannot guarantee the security of your data transmitted via the site; any transmission is at your own risk. Once the Company has received your information, the Company will use strict procedures and security features to try to prevent unauthorised access.
How long the Company will store personal data
The Company will retain Client Data for:
- such time as this is required in connection with the Services we are supplying to you;
- following completion of the Services a period of not less than 6 years from the date of your Enquiry
The Company will retain Enquiry Data for:
- such time as this is required in connection with the enquiry you have raised;
- a period of not less than 6 years from the date of your Enquiry.
The Company will retain Usage Data for:
- a period of not less than 6 years from the date of collection.
Your rights as a data subject (where the Company is the Data Controller)
If you are an individual in respect of whom the Company processes Personal Data, you have the following rights. Please note that this is a summary of your rights. If you wish to understand your rights in detail you should read the relevant laws, guidance and regulations for a fuller explanation).
Right of access to your Personal Data
You can ask us to confirm whether or not we process your Personal Data, and where we do, request a copy from us. If your request is sent to the Company electronically the Company will supply this in a commonly used electronic form, unless you specifically request this in a different format.
We will supply the data free of charge, but we reserve the right to charge a reasonable fee (or refuse to act on the request) if you request additional copies of the information if access requests are unfounded or excessive.
There are circumstances where we may withhold the supply of your Personal Data – for instance where the rights and freedoms of others may be affected or where we are permitted by law.
Right to request the rectification of your Personal Data
In the event that you think we hold any inaccurate or incomplete Personal Data, you can ask us to correct any inaccurate data or to complete any incomplete data we hold.
Right to request the erasure of your Personal Data (the “right to be forgotten”)
The Company will not hold any Personal Data for longer than is necessary for the purposes for which it was collected. However, in some circumstances, you may request the erasure of any Personal Data held by the Company.
Right to request the restriction on processing of your Personal Data
In some circumstances, you may request the Company to restrict processing of your Personal Data.
Right to object to the Company’s processing of your Personal Data
You may object to the Company’s processing of your Personal Data where:
- processing is based on public interests or legitimate interests pursued by is or by a third party; or
- processing is for direct marketing.
If you object the Company will stop processing the Personal Data unless the Company:
- has a compelling legitimate ground for processing the Personal Data; or
- needs to process the Personal Data to establish, exercise, or defend legal claims.
Processing for direct marketing will cease immediately.
Right to data portability in respect of your Personal Data.
In limited circumstances, you may have the right to request the Company to:
- supply your Personal Data in a format so that you may store it for further personal use on a private device;
- transmit the Personal Data to another data controller;
- transmit your Personal Data directly to another data controller to another where technically possible.
Right to complain to ICO/supervisory authority
If you believe our processing infringes Data Protection Laws, you have the right to lodge a complaint with a supervisory authority responsible for data protection.
You may complain in the EU member state of your residence, place of work or the place of the alleged infringement.
Right to notification of any breach
In the unlikely event of a Personal Data breach which is likely to result in a high risk to your rights, the Company will notify you of the breach without undue delay.
However, if your Personal Data is encrypted or otherwise unintelligible the Company will not be required to notify you of a breach.
Withdrawal of consent
In all cases where the legal basis for our processing of your Personal Data is consent, you have the right to withdraw that consent at any time. Such withdrawal will not affect the lawfulness of any processing before you withdraw consent.
Cookies
Like most applications, Mindworks Therapist uses cookies on our website to help provide you with the best experience we can. Cookies are small text files that are placed on your computer or mobile phone when you browse websites
Our cookies help us:
- Make Mindworks Therapist work as you’d expect
- Enables Mindworks Therapist to remember your details so you don’t have to enter them each time you log in (if you so choose)
- Improve the speed/security of Mindworks Therapist
We do not use cookies to:
- Collect any personally identifiable information (without your express permission)
- Pass data to advertising networks
- Pass personally identifiable data to third parties
You can learn more about all the cookies we use below.
Granting us permission to use cookies
If the settings on your software that you are using to view this website (your browser) are adjusted to accept cookies we take this, and your continued use of our website, to mean that you are fine with this.
Website Function Cookies
Our own cookies
We use cookies to make our website work, including:
- Determining if you are logged in or not
- Remembering your search settings
- Tailoring content to your needs
- Remembering your preferences
There is no way to prevent these cookies being set other than to not use our site.
Third party functions
Our site, like most websites, includes functionality provided by third parties. Disabling these cookies will likely break the functions offered by these third parties.
Links
The Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that the Company does not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Changes to our privacy policy
Any changes the Company makes to this privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.
Contact
Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to contact@mindworkstherapist.com.
Questions or complaints
You can contact us at contact@mindworkstherapist.com
If you have any questions or have a complaint about this Privacy Policy, please let us know us immediately.
Company Information
Ian & Lesley Disley ACBS
Hameldaeme Wellbeing Centre
Mindworks Therapist 12 Rudham Avenue Grimsby DN32 0AX
Web: www.mindworkstherapist.com Email: contact@mindworkstherapist.com
Phone: 07510 092075