Tranceform Psychology GDPR Statement
GDPR, Tranceform Psychology and Your Personal Data.
From 25th May 2018, new legal guidelines are coming into force that change the way companies like us process personal data of anybody we work with, from clients to organisations we work with, contractors and suppliers. Below is some information to help clarify what we as an organisation are doing to protect any data we receive or hold.
At the heart of our data protection policy is a deep commitment to protect the privacy and personal information clients divulge to us. Due to the nature of our business helping people with a huge range of mental health issues, many of our clients divulge highly sensitive information when working with us therapeutically or seeking online/email support, and for this reason we are especially committed to (and vigilant about) ensuring that this information is protected as thoroughly as possible.
The GDPR defines Tranceform (and our trading subsidiary Wolverhampton Hypnotherapy) as a ‘Data Controller’ which means that we are accountable for the personal data we hold. If you ever have concerns about our handling of your personal data, you can contact us to ask what information we hold about you, raise any concerns and ask to have your data deleted if required.
We are registered with the ICO as a data controller accordingly.
Our commitment to you and your personal data;
- Tranceform is not responsible for any personal data that individuals choose to share on public forums including review sites, social media including public Facebook support groups and Twitter chat sessions. We advise caution before posting sensitive or personally identifiable information (PII) relating to yourself or others on such sites
- We do not control and are not responsible for any third party websites that are referred to or linked from our websites. The use of your personal information on these websites will be subject to their own privacy rules.
- Clients signing up to our therapeutic or training services will have some personal details taken and stored in order to deliver the course fully and to maintain customer communication/support. You have the right to stop this communication and request for your data to be deleted by emailing firstname.lastname@example.org
- Tranceform does not utilise e-mail marketing strategies or send out electronic notices or news to clients.
- We commit to fully investigate and report any data breaches as quickly as possible, and take necessary steps to resolve any such matters as soon as possible
- We understand that sometimes our clients may want to know what data is held about them, how it is stored, and how it is used. Clients are able to email us for this information and we endeavour to respond as quickly as possible
- We never sell data to third party sources, sales teams or marketers, and only ever share data with companies contracted and approved to deliver services for us. The only exception to this is when we are required by law to divulge information for the purposes of a legal investigation or to protect vital interests (such as in medical situations to save somebody’s life, or to report a serious and genuine threat to life)
- Emails and other client data is held for an appropriate time, but is reviewed and deleted regularly to ensure it is not held for longer than is appropriate
- We sometimes use data for research and support purposes – unless client consent has been obtained to use/release personally identifiable information, this data is anonymised before public release to protect clients from identification
- We never share client information without the express permission of the client concerned. All clients providing video or written testimonials will from 25th May have to provide consent (which we will store) for the use of their testimonial, and can ask for its removal/erasure from our systems and public sites at any time
As well as ensuring that our internal Data Protection policies are up to date and that they protect our clients as much as possible, we have also taken steps to ensure that suppliers we work with (from IT software, website/email and internet providers) are also GDPR compliant and committed to protect any data they hold as Data Controllers, as well as Data Processers (people processing and using our clients’ data for a contracted purpose). Any serious data breaches by suppliers or contractors will be taken seriously and clients protected and informed as fully as possible.
In order to fully protect our clients, we have chosen not to divulge any further specific information than the above points on how we protect various data we hold, such as naming safety software providers, security steps taken, or other providers/procedure changes, as this would put us at increased risk from hackers or other malware or risks. However, if anyone has any particular GDPR concerns or queries, please feel free to contact us and we will answer your questions as fully as we can.