We are committed to ensuring that your privacy is protected. The following statement explains how we will use any personal data that we have collected from you.
Where we ask you to provide information, you can be assured that it will only be used in accordance with this privacy statement.
Where data is collected, processed and stored by us, we are ‘the data controller’ of the personal information you provide us with. For any questions about this policy or how we manage your data, please contact the practitioner you are working with.
As part of working with our clients, we may hold data on children. If you are a child and are concerned about this, or would like to understand how we would use your data, please ask the person you are in contact with.
Under the GDPR (General Data Protection Regulations) 2018 there are two types of personal data that you may provide to us:
Personal data – general information that you supply about yourself, such as name, address, gender, date of birth, contact details
Sensitive personal data – may include your racial or ethnic origin, race, religion, health, criminal convictions, financial details
We may obtain information about you from a range of sources. These might include information provided by you and information provided by third parties.
The holding of this data allows us to deliver the services to you in accordance with your instructions, to communicate with you, to prepare documentation as required by you, to keep financial records and to respond to any complaints by you.
We will not sell your information to third parties, nor share any information for marketing purposes. We may on occasion need to disclose information to third parties as part of our legal and safeguarding responsibilities, for example, courts or other alternative dispute resolution providers, if there is an emergency and we believe that you, or others may be at risk, if disclosure is required by law or regulation for the prevention of crime.
Where we do need to share your information with third parties we do so on the basis that they comply strictly and confidentially with our instructions and that they do not use your personal information for their own purposes. Occasionally, some uses of personal data may require your specific consent.
All IT records are password-protected and any hard copies of personal data are kept in secure, locked filing cabinet by the practitioner with whom you are working. Access to the building is strictly controlled.
We take our obligations seriously and practitioners are trained and aware of their confidentiality and data protection responsibilities.
We will hold personal data for as long as is necessary to deliver our services, and thereafter for 12 months.
The GDPR (General Data Protection Regulations) 2018 entitle you to request a copy of your personal data. This is known as a “Subject Access Request”. If you wish to make such a request please do so in writing or speak directly to the practitioner with whom you are working.
A request for access to your personal data means you are entitled to a copy of the personal data we hold on you – such as your name, address, contact details, date of birth, information regarding your health etc. This means that a Subject Access Request will not normally result in you getting a copy of your file because you are only entitled to your personal data – not the documents that contain that data.
You have the right to request that personal data that we hold on you is deleted or transferred to a third party and we have a duty to acknowledge these requests. They should be submitted in writing to the practitioner you are working with. However please note that our response will be subject to our other legal and regulatory duties and this may impact on our ability to comply fully with such requests.
If you wish to raise a complaint about the way we have handled your personal data, please contact us via email or phone. We will investigate any complaint or potential complaint in line with our Complaints Policy and will respond to you with the results of our investigation, along with any proposed remedial action, if appropriate.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).