This privacy notice explains what to expect from CBT Kent when you make contact with us or use one of our services. We understand that you have provided your personal and sensitive information and that this information is important to you. We are committed to protecting and respecting your privacy. This notice will explain how we collect, use and protect your data, and what rights you have with regards to your personal data and how you can exercise those rights.
Who Are We?
CBT Kent provides psychological services, including psychological assessments and therapy. CBT Kent is the trading name of Dr Paulien Gill. CBT Kent is the data controller and determines what data is collected, how the data is used and how the data is protected. Our registered address is:Lombard House, Room 209, 12-17 Upper Bridge Street, Canterbury CT1 2NF
Dr Paulien Gill of CBT Kent is responsible for ensuring that the privacy notice is correct and that mechanisms exist such as having the privacy notice on our website to make all data subjects aware of the contents of this notice prior to CBT Kent commencing collection of their data.
If you have questions about how we process personal data, or would like to exercise your data subject rights, please email us at firstname.lastname@example.org or telephone 07908 128128
Why do we collect your personal data?
The personal data we process is provided directly by you to us for one of the following reasons;
- You have contacted us to make a general enquiry regarding our services,
- You have entered into a contractual agreement with us to provide our services,
How do we use your personal data?
We will use your personal data in the following ways;
- You have contacted us with an enquiry and thereby given us consent to reply to your enquiry or supply you with advice about the services you have showed an interest in.
- You have entered into a legal contract with us following the purchase of our services, and we will use your data to appropriately correspond with you, arrange appointments with you, to perform the service of cognitive behaviour therapy for you and for the purpose of taking payments.
Who will we disclose your personal data with?
As part of our service provision, we will only share your personal information with selected third party/parties with your expressed consent. We will share your personal information with a law enforcement or regulatory agency at their request or to protect our legal rights or the vital interests of yourself or another person. We will NEVER provide, give away or sell your personal data to third parties or use them for marketing purposes (unless stated otherwise with your expressed permission).
How will we keep your personal data safe?
The security of your personal data is very important to us. We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical and electronic safeguards to secure all the information we collect. All paperwork and hand-written notes taken during session(s) are kept in a locked cabinet, and all electronic data is secured on a password protected device with an encrypted hard drive (File Vault). Please note that Dropbox or Google Drive are not used to store your data. Any personal data sent via email are sent as attachments that are encrypted and password protected.
How long will you retain my personal data?
The length of time we retain your personal data depends on the reason for processing and storing.
- If you have contacted us to make a general enquiry, we will only store this data for the duration of the enquiry and up to 6months post enquiry.
- If you have entered into a contractual agreement with us to provide you with our services, we will retain all of your data for 7 years (or until your 25th birthday if you are a minor).
- Payment data received via accounting and banking systems are stored for 7 years for accounting and tax obligations with the HMRC.
- Following the appropriate retention period, all physical data will be shredded, and electronic data will be deleted.
What are my rights and how can I access, rectify or erase my data?
As the ‘data subject’, you have rights about the personal data we hold. The rights available to you depend upon our reason for processing your personal data.
- Right to be informed: You have the right to informed what data we hold about you and how we process and store that data. This should be done in a transparent manner.
- Right of access: You have the right to ask us for copies of your personal information. This right always applies.
- Right to rectification: You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
- Right to erasure: You have the right to ask us to erase your personal information in certain circumstances.
- Right to restriction of processing: You have the right to ask us to restrict the processing of your information in certain circumstances.
- Right to object to processing: You have the right to object to processing if we are able to process your information because the process forms part of our public tasks or is in our legitimate interests.
- Right to data portability: This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
- Rights regarding automated decision making including profiling: You have the right to be informed if your data is subject to automotive individual decision-making and or the automated processing of data.
You are not required to pay any charge for exercising your rights. We have 30 days to respond to you. Due to the sensitive nature of the personal information we hold, we will require additional verification to certify your identity before processing your request. Some personal information may be withheld if we consider that providing this information will violate your vital interests.
If you wish to make a subject request, please email email@example.com or call 07908 128128
What happens if there is a data breach?
If CBT Kent experiences a Data Breach, they will contact the Information Commissioners Office (ICO) within 72hrs to report the incident and receive advice. Depending on the nature of the breach will depend on the advice that the ICO give with regards to contacting you ‘the data subject’.
How do I make a complaint?
If you have questions about how we process personal data, or you would like to exercise your data subject rights or make a complaint, please email firstname.lastname@example.org or call 07908 128128
What else do I need to know?
Links to other site: Our website contains links to other sites that are not owned or controlled by CBT Kent. Please be aware that we, CBT Kent are not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our site and to read the privacy statements of each and every Web site that collects personally identifiable information.
Changes to the Privacy Notice: CBT Kent reserves the right to amend and update the Privacy Notice periodically and will notify those people who have given consent or are under contract of these changes.