The Legal Basis for using your Personal Data, and how we use it
How long we store it for
Whether there are other recipients of your Personal Data
Whether we intend to transfer it to another country
Your data protection rights
If you have any complaints about how we handle your Personal Data please do not hesitate to get in touch with us by writing or emailing to the contact details given above. You also have the right to make a complaint at any time to the ICO, the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance. The ICO can also provide information regarding data privacy for individuals and information rights.
The Legal Basis for using your Personal Data, and how we use it
Personal Data, or personal information, means any information about an individual from which that person can be identified. This section sets out the types of Personal Data that we may process, the purposes for which we may process Personal Data and the lawful bases for the processing (the GDPR states that we must have a lawful basis for processing your Personal Data, full details of these bases can be found on the ICO website.
We may process data about your use of our website and services (“usage data”). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
We may process your information provided through the contact form on our website (“profile data”). The profile data may include your name, location, telephone number and email address. The profile data may be processed for the purposes of responding to your enquiry and managing the use of our website and services. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.
We may process information that you or we post for publication on our website or through our service ("publication data"). The publication data may be processed for the purposes of enabling such publication and administering our website and services. The legal basis for this processing is consent.
We may process information contained in or relating to any communication that you send to us (“correspondence data”). The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
We may process your Personal Data that are provided in the course of the use of our services (“service data”). The service data may include your name, location, telephone number and email address. The source of the service data is you. The service data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.
We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website (“transaction data”). The transaction data may include your contact details, your bank/card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.
We may process special category personal information in the course of the use of our services (“sensitive personal data”). The Sensitive Personal Data may include information regarding your health which you provide to us. The legal basis for this processing is your explicit consent to the processing of the data for the purpose of the provision of therapy and the performance of a contract between you and us and/or taking steps, at your request, the enter into such a contract.
We may process any of your Personal Data identified in this Policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
We may process any of your Personal Data identified in this Policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
In addition to the specific purposes for which we may process your Personal Data set out in this section, we may also process any of your Personal Data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Please do not supply any other person’s personal data to us, unless we prompt you to do so.
We encourage you to exercise your own discretion and caution and to think carefully before directly or indirectly supplying us with Personal Data through our website or otherwise.
Providing your Personal Data to others
We may disclose your Personal Data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We may disclose your Personal Data to our banking institutions only to the extent necessary to for the purposes of processing your payments, refunding any payments and dealing with complaints and queries relating to such payments and refunds.
We may disclose your Personal Data to third parties only to the extent necessary to carry out specific tasks for which we have contracted with them. We carefully select which partners we work with and take great care to ensure that our contract with any such third parties clearly states what they are permitted to do with the data we share with them.
We do not share your Personal Data with any third parties for marketing purposes.
In addition to the specific disclosures of Personal Data set out in this section, we may disclose your Personal Data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your Personal Data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
International transfers of your Personal Data
In this section, we provide information about the circumstances in which your Personal Data may be transferred to countries outside the European Economic Area (EEA).
Our business itself is based in the UK and all of our services are provided from the UK. We do not ourselves transfer your Personal Data outside the UK and/or the EEA.
The hosting facilities for our website are situated in the USA. The European Commission has made an “adequacy decision” with respect to the data protection laws of this country. Transfers to the USA will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission.
You acknowledge that Personal Data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such Personal Data by others.
Retaining and deleting your Personal Data
This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of Personal Data.
We will retain your Personal Data for the longer of (a) the period reasonably necessary to fulfil the purposes we collected it for, and (b) the longest period we anticipate may be necessary to protect our legitimate interests or satisfy our legal, regulatory, tax, accounting, insurance or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In practice, this means that we will keep much of your Personal Data for a minimum of six years after you cease being our client, or indefinitely.
Your clinical and financial data and any correspondence relating to your treatment will be stored securely until seven years after your final session, as required by our professional insurance policies, unless you explicitly agree otherwise or there is a legal reason for us to continue storing it.
In some circumstances, you can ask us to delete your Personal Data. Please see “Your rights” below for further information.
In some circumstances, we will anonymise your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Notwithstanding the other provisions of this section, we may retain your Personal Data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
In this section, we have listed the rights that you have under data protection law.
Your principal rights under data protection law are:
the right to access - you can ask for copies of your Personal Data (please note that the first copy will be provided free of charge, but additional copies may be subject to a reasonable fee);
the right to rectification - you can ask us to rectify inaccurate Personal Data and to complete incomplete Personal Data (to assist us in maintaining accurate and current Personal Data, please keep us informed if your Personal Data changes during your relationship with us);
the right to erasure - you can ask us to erase your Personal Data;
the right to restrict processing - you can ask use to restrict the processing of your Personal Data;
the right to object to processing - you can object to the processing of your Personal Data;
the right to data portability - you can ask that we transfer your Personal Data to another organisation or to you;
the right to complain to a supervisory authority - you can complain about our processing of your Personal Data; and
the right to withdraw consent - to the extent that the legal basis of our processing of your Personal Data is consent, you can withdraw that consent.
These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting the ICO website.
You may exercise any of your rights in relation to your Personal Data by written notice to us, using the contact details set out below:
Acorn Psychotherapy, Huntingdon House Business Centre, 278-290m Huntingdon Street, Nottingham, NG1 3LY.
Data storage and security
We take the security of the Personal Data we hold about you very seriously and as such we have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. For example, any electronic devices upon which Personal Data is stored are password or fingerprint ID protected, and all paper based records are stored in a locked filing cabinet behind a locked door.
We limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
Please note that your Personal Data (including Sensitive Personal Data) is accessible by any of the therapists working at Acorn Psychotherapy, but that they will not access your Personal Data unless they have a legitimate business need to know (for example contacting you on behalf of your therapist in the event that your therapist is ill).
If we suspect that there has been a Personal Data breach we will follow our internal procedures and will notify you and any applicable regulator of a breach where we are legally required to do so.
Third Party Links
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
We may notify you of changes to this policy by email.
This website is owned and operated by Acorn Psychotherapy.
You can contact Acorn Psychotherapy at info@acornpsychotherapy, via our online contact form or at Huntingdon House Business Centre, 278-290 Huntingdon Street, Nottingham, NG1 3LY.
This document was adapted from a template written by SEQ Legal.
Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date. A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. If you wish to disable cookies on this site and on others, the most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers. Please note that blocking all cookies will have a negative impact on the usability of many websites, and if you block cookies you may not be able to use all of the features on our website.
Cookies used by our service providers