Introduction

In this privacy notice “we”, “us” “our” means Anita Chalaye, sole trader at North Cornwall CBT.

This privacy notice provides you with details of how we collect and process your personal data through your use of our site northcornwall.cbt.co.uk.

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO supervisory authority for data protection issues (www.ico.org.uk). We would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you.

Scope of the privacy notice

This privacy notice applies to anyone who interacts with us about our products and services (‘you’, ‘your’), in any way (for example, by email, through our website, by phone) and through the process of therapy.

This privacy notice applies to you if you enquire about, buy or use our products and services. It describes how we handle your information, regardless of the way you contact us (for example, by email, through our website, by phone).

Owner and Data Controller

Anita Chalaye, Room1 Laura House, Fairpark Road, Wadebridge, PL27 7NT.

  telephone number: 07799753666.

Anita Chalaye is registered with Information Commissioners Office (www.ico.org.uk).

The legal bases, we rely in for processing

The Owner may process Personal Data relating to Users if one of the following applies:

  • Users have given their consent for one or more specific purposes;
  • provision of Data is necessary for the performance of an agreement with the User and any pre-contractual obligations;
  • processing is necessary for compliance with a legal obligation to which the Owner is subject;
  • processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party;
  • Upon request, the Owner will help to clarify the specific legal basis that applies to the processing if there is any concern.

When do we collect your personal data?

Personal Data is collected in the following methods:

  1. filling in the contact form on our website
  2. communicating with us by post, phone, email
  3. requesting resources or marketing be sent to you
  4. providing feedback

What personal data do we collect?

We collect the following Personal Data from you:

  1. Identity Data may include your first name, last name
  2. Contact Data may include your billing address, email address and telephone numbers
  3. Technical Data may include your, internet protocol addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site
  4. Usage Data may include information about how you use our website
  5. Cookie Data information gathered by the use of cookies in your web browser.

How and why do we use your personal data?

The Data is used to respond to your queries or questions about our services or products; as well as for the following purposes: providing psychological assessment and therapy in accordance with the therapy contract and for clinical supervision, sharing information with other agencies with clients consent or where there is a legal duty to do so.

We want to provide the best possible experience for clients, and we use Data to allow us to offer to you information and provide psychotherapy.

The Data privacy law allows this as part of our legitimate interest in understanding our clients and delivering the best possible service.

How we protect your personal data

We know how much Data security matters to all our clients. We will treat your Data with the utmost care and have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

Our website interaction with clients is secured using ‘https’ technology.

We will notify you and any applicable regulator of a breach where we are legally required to do so.

How long will we keep your personal data?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Psychotherapy data is required to kept for a period of 7 years after treatment ends

By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes (HMRC).

Once the retention period expires, Personal Data will be deleted.

Who do we share your personal data with?

We may at times share your Personal Data with third parties we work with. Also, those who you have given consent to talk to, third party referring agents or those with whom we have a legal duty to share information.

Where your personal data may be processed

If Personal Data is required to be shared with third parties and suppliers outside the European Economic Area (EEA), we ensure your Data receives the same protection as if it were being processed inside the EEA.

What are my rights?

Users may exercise certain rights regarding the processing of Personal Data by the Owner.

  • Right to withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
  • Right to object to the processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent.
  • Right to access their Data. Users have the right to learn if Data is being processed by the Owner and obtain a copy of the Data being processed.
  • Right to verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
  • Right to restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
  • Right to have their Personal Data deleted. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
  • Right to receive their Data and have it transferred to another controller. Users have the right to receive their Data and, if technically feasible, to have it transmitted to another controller without any hindrance.
  • Right to object. Users have the right to bring a claim before their competent data protection authority.

Details about the right to object

Where Personal Data is processed for the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, their Personal Data should be processed for direct marketing purposes, they can object to that processing at any time without providing any justification.

How to exercise your rights

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be free of charge and will be addressed by the Owner within one month.

Contacting the Information Commissioner’s Office (UK)

If you have any issue with how your Data has been handled or are not satisfied with the response you have received to any request, you have the right to lodge a complaint with the Information Commissioner’s Office by calling 0303 123 1113 or go online to www.ico.org.uk/concerns. (Depending on your location this could be another authority for example the Data Protection Commissioner in Ireland)

Information not contained in this policy

More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.

COOKIE POLICY

This website uses Cookies. To learn more, please consult the Cookie Policy. (Provide a link here to your website cookie policy. If you don’t have one contact your website maintenance company about having one setup. Add this to a list GDPR/Privacy activities to complete.)

Definitions and legal references

Personal Data (Data)
Any information that directly, indirectly, or in connection with other information — allows for the identification of a natural person.

Usage Data
Information collected automatically through this website which can include: the IP addresses or domain names of the computers utilised by the Users who use this website, the time of the request, the method utilised to submit the request to the server, the country of origin, the browser and the operating system, the time details per visit and the path followed within the website and other parameters about the device operating system and/or the User's computer environment.

User
The individual using this website who, unless otherwise specified, coincides with the Data Subject.

Data Subject
The natural person to whom the Personal Data refers.

Data Processor
The natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Controller, as described in this privacy policy.

Data Controller (or Owner)
The Data Controller, unless otherwise specified, is the Owner of this Website.

This Website
The means by which the Personal Data of the User is collected and processed.

Service
The service provided by this website as described on this site.

European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.

Cookies
A small piece of Data stored in the User's device.