Your Personal Data:
My company, Elegant Thinking Ltd, is registered with the ICO – Registration No ZA337469
I am both the Data Controller and the Data Protection Officer at Elegant Thinking. My contact details are; Grace Jones, email: elegant_thinking@ yahoo.co.uk, phone: 07974 953397
What data I collect
The categories of data/information I collect include: your name and contact details, your medical history, your family situation and support network, the nature of your employment, your hobbies and interests, your lifestyle, and details of the problem you’d like me to help with. These details are necessary to provide you with safe and effective therapy.
In most cases, the information about you that I collect comes from you, via an email, phone call, online form or during our face-to-face sessions.
What I do with it
I use your personal data in the following ways
- to reply to you if you contact me with questions about my services
- to allow me to collect payment from you, and maintain my records and accounts
- to deliver therapy
- to contact you between therapy sessions if necessary
- to provide you with items you have purchased, e.g. audio downloads
You have no legal requirement to share any information with me, but if you do not do so I will not be able to work with you.
The lawful basis of my collecting and processing data is consent or contract or legitimate interests. You consent to my holding and using your information when you submit an online form. Clicking a paypal button creates a contract to supply goods or services which I cannot do without using your data. If you undertake therapy with me you will sign my terms and conditions, which creates a contract. If you email, phone or contact me via social media with enquiries it is a legitimate interest of my business to use your contact details to reply to you.
I am the only person who has access to your information unless there is a legal requirement for me to share the information (e.g. a court order or warrant is issued)
How long is data retained?
I keep the information you give me for seven years, which is the length of time required by my professional body and my insurance company. After this time it is shredded and disposed of securely.
The information I use for marketing purposes will be kept until you notify me that you no longer wish to receive this information.
If at any point you believe the information we process on you is incorrect you request to see this information and even have it corrected or deleted. If you wish to raise a complaint on how we have handled your personal data, you can contact me.
You can withdraw your permission for me to use your information at any time, this means ending your therapy.
You have a right to complain to the ICO if you have any problem with the way I store or use your data, or if you do not think your rights are being respected.
My Professional Body
The GHR ask me to keep the information you give me private and confidential unless one of the following applies:
- there is a legal requirement for me to share information (as above)
- there is good cause to believe that if I do not disclose information you or others would be exposed to a serious risk of harm
These exceptions to the confidentiality rule come under a provision called the ‘Duty of Care’.