I take your privacy, and therefore the security of your data very seriously. And treat it as I would want mine to be treated.
I respect and value the privacy of all of my clients, prospective clients, mailing list subscribers and everyone who visits my website. I will only collect and use information in ways that are useful to you and in a manner consistent with your rights and my obligations under the law.
I am registered with the Information Commissioner’s Office (ICO) under registration reference: ZA353164.
1 What data do I collect and why do I need it?
1.1 For clients:
1.1.1 Name and age – this is basic information that helps me get to know you.
1.1.2 Contact details (Address, email address, Skype name, phone numbers) – I use this as a way of contacting you about your sessions, to deliver your sessions, to share coaching tools and documents and to give you feedback on your written documents.
1.1.3 Session notes – I keep brief session notes in order to be able to provide my coaching support and for continuity of sessions.
1.1.4 Personal/business information (intake questionnaires, coaching exercises and other written documents) – During the coaching process you might share additional, confidential information with me in order for me to support your personal or business development.
1.1.5 CCTV video (relating to any sessions held at Abbey Place Clinic, Faversham, Kent) – Abbey Place Clinic has a CCTV camera that records all people that enter the building. This is there for therapist safety and crime prevention.
1.2 For prospective clients:
1.2.1 Name and age – this is basic information that helps me get to know you.
1.2.2 Contact details (Address, email address, Skype name, phone numbers) – I use this as a way of contacting you to arrange a free discovery call and to receive any written information that you wish to share with me by email or attachments ahead of the discovery call and in order to send your Coaching agreement and intake questionnaires.
1.2.3 Discovery call notes – I keep brief notes in order to be able to provide coaching support and for continuity as we start your sessions sessions.
1.3 For individuals signing up to my mailing list:
1.3.1 I hold basic information including name, email address and which area of coaching you’re interested in. I use MailChimp for storing my mailing list data and for sending out my monthly newsletter plus occasional news flash emails and offers. Through the double opt in sign up process that you would choose to click in order to receive the newsletter, you are expressly agreeing to be sent my monthly newsletter plus occasional additional news items and offers in between.
1.4 For website visitors to www.lucystanyerlifecoach.com:
2 How will I store your data?
2.1 Any of the above notes and documents mentioned in section 1 are shared confidentially between us and are stored securely in a locked filing cabinet with a secure filing system and on a multi-level password protected computer in an encrypted folder, backed up with an encrypted hard drive.
2.2 Emails are stored on the Gmail servers. You can read more about Gmail’s commitment to GDPR and secure data storage and email encryption here.
2.3 Phone numbers of clients and prospective clients are also stored on my mobile phone, which is PIN protected.
2.5 Video is recorded through a 3rd party internet/cloud based system called ‘Blink’. Video clips are stored on the Blink secure servers in the cloud, not in the cameras. Blink uses Amazon Web Services (AWS) for storage and servers and all video clips are encrypted using AES-256 encryption. Only the clinic owner Marcia Tillman has access to view this data and she is registered with the Data Protection Agency.
3 How long will I store your data and how will I securely dispose of it?
3.1 I hold Professional Indemnity Insurance with Oxygen Insurance who suggest retaining the session notes and personal/business information above listed information for 7 years in the event of a claim. After this date, they will be securely shredded and destroyed, ensuring your privacy.
3.2 Your contact details are held on my phone and computer, both of which are password protected and encrypted.
3.2.1 For clients, I will delete your contact details 6 months after we have finished working together unless you have expressed an interest in future sessions, in which case I will retain them for 12 months before deleting from my phone and computer.
3.2.2 For prospective clients, I will delete your contact details after 2 months of our last contact.
3.3 For mailing list subscribers, I will delete your contact details from MailChimp after you have clicked the link to unsubscribe, which is included in every newsletter and email. You can unsubscribe at an time.
3.4 CCTV Video clips are set to automatically delete after 14 days.
4 Will I share your data, and if I do, who will I share it with and for what purpose?
4.1 I will not disclose your personal information to third parties other than as described in this section (unless it is legally required to do so).
4.2 I will never sell your data or use it for unethical reasons.
4.2 I may collect statistics about my customers, sales, website traffic patterns and related website information but these statistics will include no personally identifying information.
4.3 I reserve the right to access and disclose personal data or information to comply with applicable laws and lawful government requests or if you or anyone that you tell me about is at harm or risk of harm.
4.4 I also have supervision coaching, in which I might talk about client scenarios, but I will only use your first name and these sessions are also covered by a confidentiality clause.
If you have any questions about this Policy please feel free to contact me on firstname.lastname@example.org.