This privacy notice makes clear how your personal data is collected, processed and stored securely to comply with the new GDPR law of 25th May 2018. It also covers your legal rights.
About me and Leicestershire CPD for Therapists
My name is Marina Broadley and I am the owner of Leicestershire CPD for Therapists. As a sole trader I am both the data controller and data processor. I am registered with the Information Commisioner's Office and my number is : ZA385327
I am contactable at:
The Atkins Building
Lower Bond Street
Leicester LE10 1QU
I ensure that only data that is ‘absolutely necessary for the completion of duties’ is processed and stored.
I ensure that your data is processed lawfully and fairly and in a transparent manner.
I ensure that your data is accurate and where necessary, kept up to date.
I ensure that your data is secure.
I ensure that your data is NOT kept longer than is absolutely necessary.
What kind of data is collected?
For me to deliver the service I will collect your contact details. I will also record dates of attendance, location of attendance and fees paid. Additional data: You may choose to inform me (either verbally or in writing) of your personal circumstances which may include sensitive data. I may require data regarding your health and current situation – this is by no means standard. It is required only if relevant to your attending the CPD event. Please note that use of the website contact form informs of your IP address.
It would be helpful for you to know that the service exists. This would usually be in the form of a one-off email or phone call. However, should you wish to be kept informed on a regular basis about events/marketing news, I will need to collect your explicit consent. This includes your name and contact details.
See separate notice link at the footer of this website.
How is data collected?
Data is collected in the following ways:
Online contact form via the webhost, PHD Interactive T/A WebHealer.
Online contact form via the Counselling Directory contact form.
By phone. By text. In person.
Data that you choose to disclose in the public arena such as the Leicestershire CPD for Therapists Facebook page is done so at your own discretion. Currently I do not use the Facebook messaging platform – this system has been deactivated. If you choose to connect with me via my personal Facebook messaging system, you do so at your own discretion.
How is data processed?
Your data is processed for the purpose of providing the service required. That is, what is ‘absolutely necessary for the completion of duties’. This includes: Internal record keeping of name and contact details, dates attended, fees paid, location attended and to notify you about changes to my service. It may include health data and sensitive data should this be relevant and appropriate.
Is the data ever shared? Who else has access to data?
Your data is never shared. I am the only person with access to your data.
What data is stored?
Our emails, hand written data of record keeping of name and contact details, dates attended, fees paid, location attended, consent forms. In addition, health data and your personal circumstances should this be relevant and appropriate.
How and where is it stored?
Electronic storage. To ensure secure processing and storage of your data I have upgraded my electronic security with DESLOCK ESET Endpoint Encryption. This means that data that is collected and stored electronically is protected from malicious hacking attempts and unauthorised access. It is also protected by strong password and security software such as firewall.
My website has been upgraded to SSL, which allows us to connect with each other via a secure connection - the way your browser connects to an online bank.
Paper storage is locked securely.
Why is it stored?
I keep client data in secure storage because the information is required to provide the service effectively and to comply with HMRC law.
How long is it stored for?
Data is securely disposed of when it is no longer required for the purpose for which it was collected and retained. The law states that data must be current, up to date, relevant and NOT kept longer than is absolutely necessary.
There are different categories of data which are stored, or retained, for different time periods:
a. Delegate name, date of attendance, location, fee paid, invoices – stored for 7 years for HMRC and auditing purposes (paper storage, locked)
b. Client emails – stored for 6 months (encrypted)
c. Client health and sensitive information – stored for 6 months following our last contact (both paper storage, locked and encrypted)
d. Your consent to be contacted on a regular on-going basis with marketing information – stored for 1 year (encrypted)
How is data disposed?
Paper data: This is disposed of via confidential waste disposal company, Simply Shredding.
Electronic data: This is deleted.
Marketing and consent
My marketing is very simple. Your data is NOT listed with an external mail marketing provider. I email those of you who have contacted me expressing your interest in being regularly informed about the service. My marketing is for the purpose of keeping you updated with information about upcoming events, new offers and so on. Please note that I will now require your informed consent in order to keep you informed in this manner - that being, regular emails regarding the service. You can do this either by emailing me, making it clear that you are consenting to being contacted for marketing purposes.
You have the right to erasure (the right to be forgotten)
The right to ask what is stored and why it is stored
The right to see your data (it belongs to you). You, as the subject, can request to see your data. The request, called a Subject Access Request must be made in writing. Identification evidence will be necessary. There is no charge and I respond within 30 days, in accordance with the law.
General but important
From time to time I may include links from this website to other websites. Please be aware that I am not responsible for the policies, data protection, or security of these linked web sites.
This Privacy Notice is a live document. Please come back as it will be reviewed on a regular basis and updated if necessary.
I conduct my own risk assessment on a regular basis.
Your data is yours. You are the owner. I have considered my temporary use of your personal data very carefully, and I promise that I will continue to do so.