GDPR – General Data Protection Regulation & Privacy Notice
This document lists and defines who we look after our clients and business information in service of GDPR compliance for www.redchair.co.uk also www.theinterventionservice.co.uk
Terms & Definitions:
| RedChair: | William J Stevens T/A RedChair |
| ICO Information Commissioner’s Office Data Controller | Data Registration Number: Z2095839 William Stevens |
| Address: Administration / Office / Home | 17 Fairbourne Drive. Timperley. Cheshire. WA156AT |
| Freephone: Mobile: Email: Websites | 0800 530 0012 07789480286 |
| Trading Brands/Versions/Services: | The Intervention Service ACT Intervention Cheshire Addiction & Therapy Centre Family ACT Recovery ACT RedChair Recovery Bill Stevens |
| Counselling: | Therapy. Group Work, Client Work. Couples counselling, Intervention, Recovery Counselling, Family Group, Intervention Planning meeting, Addiction Treatment, Sober Coach, Care planning, Court Report, Treatment Assessment, Addiction Assessment & Care Pathway counselling, Addiction therapy, Outpatient services, Detox. |
| Therapies: | Anxiety, Depression, Addiction, Alcoholism, Trauma, Codependency, Anger, Gambling, Relationships, Family, Sobriety, Relapse, Aftercare, |
Reasons/purposes for processing information
We process personal information to enable us to provide health services to our patients, to maintain our accounts and records, promote our services and to support and manage our employees. This site and the third parties may collect : Cookies, Usage data, ip address.
Type/classes of information processed
We process information relevant to the above reasons/purposes. This information may include:
- personal details
- family details
- lifestyle and social circumstances
- goods and services
- financial details
- employment and education details
We also process sensitive classes of information that may include:
- physical or mental health details
- sexual life
- racial or ethnic origin
- trade union membership
- religious or other beliefs of a similar nature
- offences and alleged offences
Who the information is processed about
We process personal information about our:
- patients
- customers and clients
- staff
- suppliers
- business contacts
- professional advisers
Who the information may be shared with
We sometimes need to share the personal information we process with the individual themself and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.
Where necessary or required we share information with:
- healthcare professionals
- social and welfare organisations
- central government
- business associates
- family, associates and representatives of the person whose personal data we are processing
- suppliers and service providers;
- financial organisations
- current, past and prospective employers;
- employment agencies and examining bodies
Transfers
It may sometimes be necessary to transfer personal information overseas. Any transfers made will be in full compliance with all aspects of the data protection act.
GDPR Compliance
- The Right To Be Forgotten
- Upon request we will delete and destroy all records relating to you in our possession.
- We will normally delete all client data after 10 years unless ongoing support is likely to be requested.
- Encryption:
- We use secure website, email and cloud based technology to protect the security of our information. All information is behind encryption based software services.
- Mobile data and devices when used are encrypted and password protected.
- Paper based notes and data are shredded rather than stored as soon as they are finished.
- We scan paper based documents to our secure cloud storage
- We publish our client data agreement on our website www.redchair.co.uk
- Our websites do not retain any form information or client details.
- Google privacy policy is here regarding all our data. Google business services are not authorized or able to use any of RedChair data held on its servers for its own purposes.
- In the event of a client requesting that personal data be sent by post, it will be by way of registered services to protect end to end accountability and security.
- Data is held on cloud based servers which may be located anywhere in the world. We use Google services which are Privacy Shield Compliant in service of maintaining GDPR standards.
- Verbal consent to data sharing is given before data may be shared.
- Our practice is supported by the ethics listed with the Association Of Intervention Professionals, The Pennsylvania Certification Board and the Holistic Insurance Services.
- We will correct Client data changes and inaccuracies.
- In the event of a known Data Breach we will inform the ICO and clients immediately.
- We maintain encryption and passwords with are changed regularly to protect all data.
Google Analytics – Google
Google Analytics is a web analysis service provided by Google Inc. (“Google”). Google utilises the Data collected to track and examine the use of this Application, to prepare reports on its activities and share them with other Google services
Google may use the Data collected to contextualise and personalise the ads of its own advertising network.
Personal Data collected: Cookies and Usage data.
Place of processing: US – Privacy Policy – Opt Out
Facebook (Facebook, Inc.)
Facebook Ads conversion tracking is an analytics service provided by Facebook, Inc. that connects data from the Facebook advertising network with actions performed on this Application.
Personal Data collected: Cookies and Usage data.
Place of processing: US – Privacy Policy
Google Maps widget (Google Inc.)
Google Maps is a maps visualisation service provided by Google Inc. that allows this Application to incorporate content of this kind on its pages.
Personal Data collected: Cookies and Usage data.
Place of processing: US – Privacy Policy
Interaction with external social networks and platforms
This type of services allows interaction with social networks or other external platforms directly from the pages of this Application.
The interaction and information obtained through this Application are always subject to the User’s privacy settings for each social network.
This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.
LinkedIn button and social widgets (LinkedIn Corporation)
The LinkedIn button and social widgets are services allowing interaction with the LinkedIn social network provided by LinkedIn Corporation.
Personal Data collected: Cookies and Usage data.
Place of processing: US – Privacy Policy
Facebook Like button and social widgets (Facebook, Inc.)
The Facebook Like button and social widgets are services allowing interaction with the Facebook social network provided by Facebook, Inc.
Personal Data collected: Cookies and Usage data.
Place of processing: US – Privacy Policy
Twitter Tweet button and social widgets (Twitter, Inc.)
The Twitter Tweet button and social widgets are services allowing interaction with the Twitter social network provided by Twitter, Inc.
Personal Data collected: Cookies and Usage data.
Place of processing: US – Privacy Policy
Managing contacts and sending messages
This type of services makes it possible to manage a database of email contacts, phone contacts or any other contact information to communicate with the User.
These services may also collect data concerning the date and time when the message was viewed by the User, as well as when the User interacted with it, such as by clicking on links included in the message.
SPAM protection
This type of services analyses the traffic of this Application, potentially containing Users’ Personal Data, with the purpose of filtering it from parts of traffic, messages and content that are recognised as SPAM.
Akismet (Automattic Inc.)
Akismet is a SPAM protection service provided by Automattic Inc.
Personal Data collected: various types of Data as specified in the privacy policy of the service.
Place of processing: US – Privacy Policy
——-
Cookie Policy
This Application uses Cookies. To learn more and for a detailed cookie notice, you may consult the LINK TO COOKIE POLICY ON WEBSITE
Additional information about Data collection and processing
Legal action
The User’s Personal Data may be used for legal purposes by the Data Controller, in Court or in the stages leading to possible legal action arising from improper use of this Application or the related services.
The User declares to be aware that the Data Controller may be required to reveal personal data upon request of public authorities.
Additional information about User’s Personal Data
In addition to the information contained in this privacy policy, this Application may provide the User with additional and contextual information concerning particular services or the collection and processing of Personal Data upon request.
System logs and maintenance
For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (System logs) or use for this purpose other Personal Data (such as IP Address).
Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Data Controller at any time. Please see the contact information at the beginning of this document.
The rights of Users
Users have the right, at any time, to know whether their Personal Data has been stored and can consult the Data Controller to learn about their contents and origin, to verify their accuracy or to ask for them to be supplemented, cancelled, updated or corrected, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons. Requests should be sent to the Data Controller at the contact information set out above.
This Application does not support “Do Not Track” requests.
To determine whether any of the third-party services it uses honour the “Do Not Track” requests, please read their privacy policies.
Changes to this privacy policy
The Data Controller reserves the right to make changes to this privacy policy at any time by giving notice to its Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom. If a User objects to any of the changes to the Policy, the User must cease using this Application and can request that the Data Controller remove the Personal Data. Unless stated otherwise, the then-current privacy policy applies to all Personal Data the Data Controller has about Users.
Information about this privacy policy
The Data Controller is responsible for this privacy policy.
Definitions and legal references
Personal Data (or Data)
Any information regarding a natural person, a legal person, an institution or an association, which is, or can be, identified, even indirectly, by reference to any other information, including a personal identification number.
Usage Data
Information collected automatically from this Application (or third-party services employed in this Application), which can include: the IP addresses or domain names of the computers utilised by the Users who use this Application, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilised to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilised by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.
User
The individual using this Application, which must coincide with or be authorised by the Data Subject, to whom the Personal Data refers.
Data Subject
The legal or natural person to whom the Personal Data refers.
Data Processor (or Data Supervisor)
The natural person, legal person, public administration or any other body, association or organisation authorised by the Data Controller to process the Personal Data in compliance with this privacy policy.
Data Controller (or Owner)
The natural person, legal person, public administration or any other body, association or organisation with the right, also jointly with another Data Controller, to make decisions regarding the purposes, and the methods of processing of Personal Data and the means used, including the security measures concerning the operation and use of this Application. The Data Controller, unless otherwise specified, is the Owner of this Application.
This Application
The hardware or software tool by which the Personal Data of the User is collected.
Cookies
Small piece of data stored in the User’s device.
This privacy policy relates solely to this Application.