Eva Shaw Counselling & Psychotherapy is further referred to here as “ES”.
ES uses your personal data:
- to provide services to you;
- to make a tailored website available to you;
- to manage any registered account(s) that you hold with me;
- to verify your identity;
- for crime and fraud prevention, detection and related purposes;
- with your agreement, to contact you electronically about promotional offers and services which I think may interest you;
- for market research purposes – to better understand your needs;
- to enable ES to manage customer service interactions with you; and
- where I have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
ES uses your personal data for electronic marketing purposes (with your consent) and may send you postal mail to update you on my latest services.
ES aims to update you about the services which are of interest and relevance to you as an individual.
You have the right to opt-out of receiving promotional communications at any time, by:
- making use of the simple “unsubscribe” link in emails;
- contacting me via the contact channels set out in this Policy.
SHARING DATA WITH THIRD PARTIES:
OUR SERVICE PROVIDERS
I use a third-party provider to deliver my newsletter. I gather statistics around email opening and clicks using industry standard technologies to help me monitor and improve my e-newsletter. You can unsubscribe to general mailings at any time by clicking the unsubscribe link at the bottom of any of my emails or by emailing me at [email protected]
Other third parties:
Aside from our service providers, I will not disclose your personal data to any third party, except as set out below. I will never sell or rent our customer data to anyone, ever.
I may share your data with:
- credit reference agencies where necessary for card payments;
- governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where I am required to do so: –
- to comply with my legal obligations;
- to exercise my legal rights (for example in court cases);
- for the prevention, detection, investigation of crime or prosecution of offenders; and
- for the protection of my employees and customers.
HOW LONG DO I KEEP YOUR DATA?
I will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest I will normally hold any personal data is 6 years.
WHAT PERSONAL DATA DO I COLLECT?
ES may collect the following information about you:
- your name, age/date of birth and gender;
- your contact details: postal address including billing and delivery addresses, telephone numbers (including mobile numbers) and e-mail address;
- appointment information
- your online browsing activities on eva-shaw.com;
- your password(s) – encrypted, we can’t see them or access them;
- your communication and marketing preferences;
- your feedback and any survey responses;
- your location;
- your correspondence and communications with ES; and
- other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page).
My website is not intended for children and I do not knowingly collect data relating to children via the website.
I may need to collect additional data for the purposes set out in this Policy. Some of the above personal data is collected directly, for example when you set up an online account on my website, or send an email to me. Other personal data is collected indirectly, for example your browsing or appointment activity. I may also collect personal data from third parties who have your consent to pass your details to me, or from publicly available sources.
HOW I PROTECT YOUR DATA
ES is committed to keeping your personal data safe and secure.
My security measures include:
- encryption of data;
- regular cyber security assessments of all service providers who may handle your personal data;
- a plan to ensure we are ready to respond to cyber security attacks and data security incidents.
HELP PROTECT YOUR DATA
I will never ask you to confirm any payment details via email. If you receive an email claiming to be from me asking you to do so, delete it straight away and contact me directly to confirm any action.
If you are using a device in a public location, I recommend that you always log out and close the website browser when you complete an online session.
In addition, I recommend that you take the following security measures to enhance your online safety both in relation to ES and more generally:
- keep your account passwords private. Remember, anybody who knows your password may access your account;
- when creating a password, use at least 8 characters. A combination of letters and numbers is best, do not use dictionary words, your name, email address, or other personal data that can be easily obtained. We also recommend that you frequently change your password;
- avoid using the same password for multiple online accounts.
You have the following rights:
- the right to ask for a copy of personal data that I hold about you (the right of access);
- the right (in certain circumstances) to request that I delete personal data held on you; where I no longer have any legal reason to retain it (the right of erasure or to be forgotten);
- the right to ask me to update and correct any out-of-date or incorrect personal data that I hold about you (the right of rectification);
- the right to opt-out of any marketing communications that I may send you and to object to me using / holding your personal data if I have no legitimate reasons to do so (the right to object);
- the right (in certain circumstances) to ask me to ‘restrict processing of data’; which means that I would need to secure and retain the data for your benefit but not otherwise use it (the right to restrict processing); and
- the right (in certain circumstances) to ask me to supply you with some of the personal data I hold about you in a structured machine-readable format and/or to provide a copy of the data in such a format to another organisation (the right to data portability).
If you wish to exercise any of the above rights, please contact me at [email protected]
LEGAL BASIS FOR PROCESSING CUSTOMER PERSONAL DATA
ES collects and uses customers’ personal data because is it necessary for:
- the pursuit of my legitimate interests (as set out below);
- the purposes of complying with my duties and exercising my rights under a contract for the sale of services to a customer; or
- complying with my legal obligations.
In general, I only rely on consent as a legal basis for processing personal data in relation to sending direct marketing communications to customers via email.
You have the right to withdraw consent at any time. Where consent is the only legal basis for processing, I will cease to process data after consent is withdrawn.
MY LEGITIMATE INTERESTS
The normal legal basis for processing customer data is that it is necessary for the legitimate interests of ES, including:-
- selling and supplying services to my customers;
- protecting customers, employees and other individuals and maintaining their safety, health and welfare;
- promoting, marketing and advertising my services;
- sending promotional communications which are relevant to my customers;
- understanding my customers’ behaviour, activities, preferences, and needs;
- improving existing services and developing new services;
- complying with my legal obligations;
- handling customer contacts, queries, complaints or disputes;
- protecting ES, its employees and customers, by taking appropriate legal action against third parties who have committed criminal acts or are in breach of legal obligations to ES;
- effectively handling any legal claims or regulatory enforcement actions taken against ES; and
- fulfilling my duties to our customers and colleagues.
DATA PROTECTION OFFICER
I protect the personal data of my customers (and others) and comply with data protection legislation.
If you have any questions about how I use your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact me by e-mail: [email protected] with the subject ‘My data’.
You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk.
This policy was last updated in May 2022.
ICO Member Number: ZB317640