Hilde Ledeganck and Hilde Ledeganck Ltd, of which Hilde Ledeganck is a Director, understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our clients and will only use personal data in ways that are described here and in a way that is consistent with our obligations and your rights under the law.
This Privacy Notice may vary from time to time so please check it regularly. If it changes we will update our website with the new privacy notice.
INFORMATION ABOUT US
Hilde Ledeganck Ltd is registered in England and Wales with company number 13006512 and registered address at 71-75 Shelton Street, London, Greater London, United Kingdom, WC2H 9JQ.
Our contact details are as follows:
Email address: firstname.lastname@example.org
Telephone number: +44 (0) 7561064644
Postal Address: 71-75 Shelton Street, London, WC2H 9JQ.
For the purposes of data protection law, Hilde Ledeganck Ltd is the controller of your personal information and Hilde Ledeganck Ltd and Hilde Ledeganck will use the personal information you provide to them in accordance with this Privacy Notice.
WHAT DOES THIS NOTICE COVER?
This Privacy Notice explains how we use your personal data where you contact us about our services, are a client of ours or otherwise receive our services: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.
WHAT IS PERSONAL DATA?
Personal data is in simple terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
WHAT PERSONAL DATA DO WE COLLECT AND HOLD?
As a provider of transformational life coaching and therapy services, we will collect and hold records and information about you in order to provide the services to you appropriately and in a timely manner. This personal data can include:
· personal details such as age, address, telephone number, e-mail, and next of kin;
· information about your sessions that we have provided or propose and its cost;
· records of the content of any sessions we provide to you (which may include sensitive information you provide to us during the sessions –se below);
· notes of conversations or incidents that might occur for which a record needs to be kept;
· records of consent to receive the services; and/or
· any correspondence relating to you from yourself or other health care professionals.
Depending on the nature of the services we are providing, we may collect sensitive personal information from you such as health data, data about your sexual history or data revealing your racial or ethnic origins or religious beliefs (also called ‘special categories of personal data’). This may be the case, for example, if you tell us about certain personal matters in our sessions.
We will not collect any information about criminal convictions and offences, unless you disclose this information to us.
WHERE DO WE COLLECT YOUR PERSONAL DATA FROM?
We collect and maintain different types of personal information in respect of those individuals who seek to be, are, or were clients, including the personal information
As a general rule, we collect personal information directly from you either in person, via email or telephone. This includes personal information you provide to us when booking appointments, or when adding your details to a waiting list, contained in records of sessions we have with you or in correspondence with us.
We may also collect personal information form you when you access our website. However you can access most of the pages on our website without giving us your personal information although you may choose to do so, for example when you submit an enquiry.
You are requested not to send confidential details or debit/credit card numbers by e-mail unless specifically asked by us to do so.
Occasionally we may receive personal information on your from other third parties for example: if you are referred to us by a third party for the provision of services, or where we liaise with your family, or deal with experts (including medical professionals such as psychiatrists). In that case, we will take reasonable steps to ensure that such third parties have represented to us that they have the right to disclose your personal information to us or (if required by law) we will obtain your permission before we seek out this information from such sources.
Where permitted or required by applicable law or regulatory requirements, we may collect information about you without your knowledge or consent.
THE PURPOSES AND LAWFUL BASIS FOR HOW WE USE YOUR PERSONAL DATA?
We hold personal data and information about you so that we can provide you with the services you have chosen to receive from us in a safe and appropriate manner, and tailored to your needs. In particular your personal data will be used to:
· send you information that you have requested from us or to deal with your enquires;
· register you as a client and manage your account with us;
· provide you with our services;
· to check and review the quality of our services (this is called audit and clinical governance);
· communicate with you and to send you important notices;
· comply with our legal obligations;
· invoice for the treatment / services we provide and for account settlement purposes;
· protect our business including to prevent fraud;
· administer and manage our business operations, such as maintaining accounting records and receiving professional advice.
We will ask you to update the information and contact details we hold for you once per annum or as otherwise appropriate.
Under law, we must always have a lawful basis for using your personal data. The lawfulbasis depends on the proposed use of your personal information. Where we state below that we are relying on our legitimate interests to use your personal information then we will only do so in a way which does not overly prejudice your privacy rights. Where we are using your sensitive personal information (special category data) like health data, we are also required to have an additional legal justification to do so. We have set out the general legal bases together with any additional special condition we are relying on below for each anticipated use of your personal data.
· To register you as a client, provide you with our services. The processing is necessary to perform a contract with you and for our legitimate interests in providing the services to you.
· To communicate with you about your treatment and our services to you. The processing is necessary to perform a contract with you. Additionally, the processing may be necessary to protect your vital interests where you are physically or legally incapable of giving your consent and/or for us to establish, exercise or defend any legal claims.
· For invoicing and account settlement purposes. The processing is necessary to perform a contract with you, for our legitimate interests in managing your contract and administering our business and may be necessary for us to establish, exercise or defend any legal claims.
· For the operation of our business including protecting it from fraud. The processing is necessary for our legitimate interests in managing your contract and administering our business and may be necessary for us to establish, exercise or defend any legal claims.
· For audit purposes. The processing is necessary for our legitimate interests to monitor and improve the way we offer our services and the public interest in statistical and scientific research.
· To comply with our own legal and regulatory obligations and defend or exercise our legal rights. The processing is necessary for us to comply with a legal obligation to which we are subject and for our legitimate interest to protect our business and reputation.
DO YOU HAVE TO AGREE TO OUR USE OF YOUR PERSONAL DATA?
It is your choice whether to give us personal data so that we can take you on as a client or provide our services but if you do not provide certain personal information (such as personal details), we may be unable to provide our services.
Where our legal basis for using your personal information is consent, you can choose to withdraw your consent at any time by contacting us using the details in this privacy notice. Where we obtain consent from you as a client this will also be in line with the BACP guidelines where appropriate and will be recorded on the file we hold for you.
In addition to this we will ask you to opt-in to receive marketing communications but where we do so you will be able to unsubscribe to receiving such marketing communications at any time.
HOW DO YOU STORE MY PERSONAL DATA?
If you require personal data to be transferred outside of the UK e.g. if you would like any notes we hold from our sessions to be transferred, then we will forward such data directly to you, by secure email, and ask you to forward on personally as necessary.
The confidentiality of your information is very important to us and we comply with data protection legislation and confidentiality guidelines of our professional bodies (namely the British Association for Counselling and Psychotherapy (BACP)).
We maintain physical, technical and procedural safeguards that are appropriate to the sensitivity of the personal information in question. These safeguards are designed to protect your personal information from loss and unauthorised access, copying, use, modification or disclosure.
· All clients who receive services are registered on our database which is held on our computer system and/or in a locked manual filing system. This database holds your name, address, date of birth, telephone number and e-mail address.
· The database is held by Hilde Ledeganck Ltd. Your personal information is only accessible to authorised employees of Hilde Ledeganck Ltd. Our computer system and has secure audit trails and we back up information routinely.
· We have a confidentiality policy that all staff adhere to.
· The locked manual filing system is located in alarmed premises with controlled access to buildings, rooms, cabinets where data, computers, media or hardcopy materials are held. Sensitive data is transported only under exceptional circumstances, even for repair purposes.
· Network security includes firewall protection and security-related upgrades and patches to operating systems to avoid viruses and malicious code. Computer systems are locked with a password and we ensure that computer software is up-to-date. We control access to files, folders and hard drives with a password and no personal or confidential data shall be sent via email or other file transfer means without first encrypting them. We destroy data in a consistent manner when needed.
· Cloud data storage should not be used for high-risk information such as files that contain personal or sensitive information.
TRANSFERS OUTSIDE THE EUROPEAN ECONOMIC AREA (EEA)
It is possible that personal data we collect from you may be transferred, stored and/or processed outside the United Kingdom, including the European Economic Area and the United States of America. In connection with such storage, processing and transfers we will seek to ensure that:
· the transfer is to a country that the United Kingdom has decided provides an adequate level of protection such as to a country approved by the United Kingdom or to certain organisations with the US pursuant to the Privacy Shield (where valid);
· there are appropriate safeguards in place such as putting in place standard data protection contractual clauses between us and the recipient (often called the model contractual clauses). A copy of the appropriate safeguard can be obtained by contacting us using the contact details set out in this policy; or
· one of the derogations for specific situations under the law applies, examples could include where you have explicitly consented to the transfer or the transfer is necessary for the performance of a contract or exercise or defence of legal claims.
We will take all reasonable steps to ensure your information is treated securely and in line with this policy. You acknowledge that personal data that you submit for publication through our website, for example reviews of our services, may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
IDENTIFYING CLIENTS WHO MIGHT REQUIRE ADVICE FROM OTHER SPECIALISTS AND PROFESSIONALS
Coaching sessions and the services we offer cannot be construed as, or a replacement for, psychotherapy or other mental healthcare, legal counsel or medical advice. If we believe it is in your best interests to seek the advice of other specialists and professionals, we will advise you of this during our sessions.
Sometimes we need to share information so that other people, including staff, children or others with safeguarding needs, are protected from risk of harm. These circumstances are rare.
We do not need your consent or agreement to do this. Please see our safeguarding policies for more information.
WHO WE SHARE YOUR PERSONAL DATA WITH
To provide proper and safe services to you we may need to disclose personal information about you to third parties, including to:
· healthcare professionals and our employees;
· any third party who refers you to our service;
· colleagues or other professionals working within the life coaching or related industries from whom we seek advice or supervision in relation to the services we provide you with;
· hospitals (if required, e.g. referral or emergency transfer);
· our third party service providers including IT providers, professional advisers and those providing administration or dictation services to us;
· anyone that you ask us to communicate with or provide as an emergency contact e.g. your next of kin;
· out of hours services;
· third party data processers who may process data on our behalf to enable us to carry out our usual business practices;
· HMRC, legal and other regulators or authorities, including those who request your personal data or to report any potential or actual breach of applicable law or regulation;
· law enforcement agencies, courts debt collection agencies, or other relevant party, to the extent necessary for the establishment, exercise or defence of legal rights;
· third parties where necessary for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties; and/or
· third parties which are considering or have decided to acquire some or all of our assets or shares, merge with us or to whom we may transfer our business (including in the event of a reorganisation, dissolution or liquidation).
Disclosure will take place on a ‘need-to-know’ basis. Only those individuals or organisations who need to know to provide care for you will be given the information.
In very limited circumstances or when required by law or a court order, personal data may have to be disclosed to a third party not connected with your health care. Where possible you will be informed of these requests for disclosure.
When you visit our website, our server will record your computer's IP address (the unique numerical address given to every computer connected to the Internet) and the time and duration of your visit. For further details on the cookies we use please see our Cookies Policy.
ACCURACY OF YOUR PERSONAL INFORMATION
It is important that the personal data we hold about you is accurate and current and we take all reasonable precautions to ensure that this is the case but we do not undertake to check or verify the accuracy of personal data provided by you. Please keep us informed if your personal data changes during your relationship with us. We will not be responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.
HOW LONG WILL YOU KEEP MY PERSONAL DATA?
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. We will store your personal data for the time period which is appropriate in accordance with the following criteria:
· the on-going business relationship that we have with you;
· the completion of the purpose for which the personal data was given;
· our legal obligations in relation to that personal data and other legal requirements;
· the type and size of the data held and whether any if it is deemed to be special category personal data; and
· our accounting requirements in relation to that personal data.
We keep the length of time that we hold your personal data for under review. These reviews take place annually.
WHAT ARE MY RIGHTS?
You have the following rights:
· The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.
· The right to access the personal data we hold about you and to receive a copy. Parents may access their child’s records if this is in the child’s best interests and not contrary to a competent child’s wishes. Formal applications for access must be made in writing. See below.
· The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us to find out more.
· The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us to find out more.
· The right to restrict (i.e. prevent) the processing of your personal data.
· The right to object to us using your personal data for a particular purpose or purposes. However this may affect the services you receive – please speak to us. You are not able to object when information is legitimately shared for safeguarding reasons. In appropriate circumstances it is a legal and professional requirement to share information for safeguarding reasons. This is to protect people from harm.
· The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
· Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
Some of the above rights only applicable in specific circumstances. You may find the Information Commissioner’s Office’s (ICO) website www.ico.org.uk useful in understanding when the different rights apply.
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in at the beginning of this privacy notice.
Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you can contact us using the contact details set out at the beginning of this privacy notice and we will consider your complaint. If you believe we are not processing your personal information in accordance with the law you can complain to the ICO. Please see the ICO’s website for how to do this.
HOW CAN I ACCESS MY PERSONAL DATA?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”. All subject access requests should be made in writing and sent to the email or postal addresses shown in at the beginning of this privacy notice.
If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) fees may be charged to cover our administrative costs in responding.
We will endeavour to respond to your subject access request within 14 working days and, in any case, within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of progress.
When requesting access to your personal information, please note that we may request specific information from you to enable us to confirm your identity and right to access, as well as to search for and provide you with the personal information that we hold about you.
Your right to access the personal information that we hold about you is not absolute. There are instances where applicable law or regulatory requirements allow or require us to refuse to provide some or all of the personal information that we hold about you. In addition, the personal information may have been destroyed or erased in accordance with our record retention obligations and practices.
If we cannot provide you with access to your personal information, we will try to inform you of the reasons why, subject to any legal or regulatory restrictions.
HOW DO I CONTACT YOU?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the details provided at the beginning of this privacy notice.