If you contact me via this website I will only use your name, email address and phone number to respond to your enquiry. Afterwards, if we do not work together I will delete any information relating to you.
Your privacy is important to me and I am committed to ensuring it is protected. This privacy policy sets out how, from the first time you contact me, I will use and protect any personally identifiable information that you share, either online, by phone, verbally or in writing. The data controller for The Restorative Space is me, Thea Martin and I operate in compliance with the General Data Protection Regulations GDPR (2018) and am registered with the Information Commissioner’s Office (ICO).
The basis on which I keep client data is that of “Legitimate Interests”. This means that the data is necessary for us to fulfil the contract that we have together and I will only collect that which is necessary for me to provide a service to you, and that you would reasonably expect me to hold.
Some of your personal information may be shared with your GP, or other healthcare professionals, under certain exceptional circumstances which will be outlined in the contract between us. These include the requirements of a court of law, the threat of serious physical harm to either yourself or others and anonymously during regular consultations with my professional supervisor.
Should you choose to work with me beyond the initial discovery call, I will provide you with a contract for your consideration, which I will ask you to sign either in person or electronically.
The data I will hold includes :
• Basic information such as name, email address, phone number.
• Information that you give me as part of the work we do together.
• Records of what interventions that I use (or potentially do not use) in our sessions.
• Emails, texts and/or messages that are sent between us.
• Information sent from any third party, e.g. GP, insurance company.
Some of the information that you provide may be regarded as a special category of data as defined by the General Data Protection Regulation (GDPR), Article 9. The condition for processing this special data is “processing is necessary for medical diagnosis, the provision of health or social care or treatment or the management of health care or treatment pursuant to contract with a health professional”.
Details of where data is held :
All emails are kept securely and remotely via password protected and encrypted online systems. Any that are held on my phone are protected via facial recognition technology and passcode protected. These are also only accessible by me.
Any notes taken during our sessions are handwritten, anonymised with a coding system and kept in a locked filing cabinet.
Personal information is stored electronically on devices that are password and/or fingerprint protected.
Texts/WhatsApp messages between us are held on my phone, which is protected with facial recognition software and passcode.
Credit/debit card information will be shredded as soon as it’s processed.
If you use online banking or Paypal these third party systems will hold your data. For accounting purposes anonymised payments are held on a password protected spreadsheet which is shared with my accountants.
Please note I am not in control of data (emails or texts) which you send to me and that some apps and desktop applications routinely access information held on electronic devices. While this is beyond my control, I take all measures possible to ensure your data is as secure as it can be.
All information about you is kept for seven years and then destroyed. Documents are then shredded and electronic records permanently deleted. Any electronic device used within the course of my work will be securely destroyed at the end of its life.
Your rights relating to the data I hold :
You have the right to request access to all data I hold for you. I am legally obliged to fulfil that written request within 30 days, but will endeavour to provide information well ahead of that.
The right to request I delete all information held about you when there is no reason for it to be held (the right to erasure). Requests can be made in writing and paper records will be shredded and computer files permanently deleted within 30 days.
You have the right to request the correction of any data which I hold about you which is incorrect. This will be done as soon as possible and within 30 days.
The right to restrict processing, requesting that I cease processing your data if you feel it is incorrect and / or you object to the processing of any of your information. This would normally be an interim measure while any errors or omissions are updated or ahead of full erasure.
You have the right to data portability, which upon your written request, enables me to share a copy of any data electronically with a third party, for example another therapist. It is often simplest in such a scenario to return the data to you, as per the Right to Access above.
The right to object to your data being used for automated decision making, processing for purposes of scientific or historical research and statistics and direct marketing. Please note, I do not engage in any of these activities.
Cookies
Like all websites, this site uses cookies (tiny information files that are downloaded onto your electronic device) to help provide a better digital experience, increasing the speed, security and functionality of the site. They also provide useful statistics of the user which help me understand and fine tune your online experience.
I don’t use cookies to collate personal information such as names or email addresses. Only the information you give or the choices you make while visiting the site can be stored in a cookie.
Each website you visit will, according to your computer's preferences, send its own cookie to be stored on your web browser (eg Chrome, Safari, Firefox). To protect your own privacy, you can allow, block or delete via your personal settings. Aboutcookies.org is a great resource and can help advise how to control and delete your cookies.
This website is built using Squarespace. A full outline of their cookie usage can be found here.
If you have any questions or concerns over the way your data is handled, please email me at thea@theamartin.co.uk alternatively you can contact the ICO directly by clicking here.
This policy is a work in progress and consequently may be modified from time to time.
