General Data Protection Regulation (GDPR) & Privacy Notice
Welcome to the General Data Protection Regulation (GDPR) & Privacy Notice for Louise Bloomfield Therapy & Training. We understand that we have a responsibility to protect and respect your privacy and look after your personal data. This Privacy Notice, inclusive of our Terms and Conditions, explains what personal data we collect, how we use your personal data, reasons we may need to disclose your personal data to others and how we store your personal data securely. This privacy notice aims to give you information on how we collect and process your personal data through your use of this website, including any data you may provide when you sign up to our newsletter, purchase a product or service or take part in a competition. We must advise that this policy is subject to change, so please check our website on a regular basis for any further changes. Data Protection law changed on 25 May 2018. This Privacy Notice sets out your rights under the new laws.
Who are we?
Louise Bloomfield Therapy and Training is the controller and responsible for your personal data, collectively referred to as “we”, “us” or “our” in this Privacy Notice. Louise Bloomfield Therapy and Training is a supplier of therapy, education and consultancy services.
How the law protects you
Data protection laws state that we are only able to process personal data if we have valid reasons to do so. The basis for processing your personal data includes, but is not limited to, your consent, performance of a contract, to enable billing and remittance, and to contact you for customer service purposes.
How do we collect personal data from you?
We receive information about you from you when you use our website, complete forms on our website, if you contact us by phone, email or otherwise in respect of any of our services. Additionally, we also collect information from you when you sign up for our updates, or when you inform us of any other matter. If you provide us with personal data about a third party, you warrant that you have obtained the express consent from the third party for the disclosure and use of their personal data. Your personal data may be automatically collected when you use our services, including but not limited to, your IP address, device-specific information and location information.
What type of data do we collect from you?
Personal data is any information that can be used to identify a person either directly or indirectly. This includes names, addresses, contact details (including email, landline or mobile telephone) but may include other information such as factual session notes.
We keep anonymised, password-protected electronic notes from each of our sessions to aid memory and support best practice. This computer has an entry password separate to the one used for session notes. All passwords are changed regularly. All handwritten notes are stored securely in a lockable cabinet, and the key is also stored in a lockable cabinet. We do not keep notes on mobile phones. Any email communication between us will also be kept – with a separate password than those for electronic notes. This will include any personal details you have shared in any of these emails, for example, contact details such as name, phone or email and any information you choose to share in those emails. We may also keep details of your visits to our website including, but not limited to traffic data, location data, weblogs and other communication data. We also retain records of your queries and correspondence, in the event you contact us.
How do we use your data?
We use information about you in the following ways:
To process requests that you have submitted to us;
To provide you with services;
To comply with contractual obligations we have with you;
To help us identify you and any accounts you hold with us;
To enable us to review, develop and improve the website and services;
To provide customer care, including responding to your requests if you contact us with a query;
To administer accounts, process payments and keep track of billing and payments;
To detect fraud and to make sure what you have told us is correct;
To carry out marketing and statistical analysis;
To notify you about changes to our website and services;
To provide you with information about services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
We will keep your personal data for the duration of the period you are a customer of Louise Bloomfield Therapy and Training. We shall retain your data only for as long as necessary in accordance with applicable laws. On the closure of your account or completion of our therapeutic relationship, we may keep your data for up to 7 years after such time. We may not be able to delete your data before this time due to our legal and/or accountancy obligations. We may also keep it for research or statistical purposes. We assure you that your personal data shall only be used for these purposes stated herein.
For the avoidance of doubt, we do not and never shall sell your personal data to third parties for marketing or advertising purposes. Under certain circumstances a solicitor, police officer or agent acting on behalf of HM Courts and Tribunals Service may request copies of session notes and/or personal information held. From the introduction of the General Data Protection Regulation in May 2018 we can only pass this on with your consent – though in certain court proceedings or circumstances this may be overruled.
In preventing the use or processing of your personal data, it may delay or prevent us from fulfilling our contractual obligations to you. It may also mean that we shall be unable to provide our services. You have the right to object to our use of your personal data, or ask us to delete, remove or stop using it if there is no need for us to keep it. This is known as your right to be forgotten. There are legal and accountancy reasons why we will need to keep your data, but please do inform us if you think we are retaining or using your personal data incorrectly. Our Privacy Notice shall be made clear to you at the point of collection of your personal data.
You have the right to ask us not to process your personal data for marketing purposes. If you choose not to receive marketing communications from us about our products and services, you will have the option not to choose these by ticking the relevant boxes situated on the pages either at sign up or on the preferences page. We will not contact you for marketing purposes unless you have given us your prior consent. You can change your marketing preferences at any time.
Under the General Data Protection Regulation 2018 you have a right to request copies of any data held. This is called a Subject Access Request. You can request this in writing. There is no charge for a Subject Access Request and the data copies will be provided to you (by email unless specifically requested as a paper copy and a postal address provided – which will also be kept confidentially) within 30 calendar days.
Updating your data
It is important that you maintain the accuracy of your information and ensure all your details, including but not limited to, name, address, title, phone number, e-mail address are kept up to date at all times. You can do this by contacting us on the details below.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited.
Links to other sites
We provide links to third party sites. Since we do not control those websites, we encourage you to review the privacy policies of these third-party sites. Any information that is supplied on these sites will not be within our control and we cannot be responsible for the privacy policies and practices of these.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those who have a legitimate need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your right to make a complaint
You have the right to make a complaint to the ICO about how we process your personal data:
Information Commissioner’s Office
Tel: 0303 123 1113
Please e-mail any questions or comments you have about privacy to: firstname.lastname@example.org.
Last updated: August 2021