Privacy Policy
SAFPAC and the General Data Protection Regulation (GDPR)
The term ‘Members’ in this document constitutes all people involved in Southern Association for Psychotherapy (SAFPAC) including clinical members and student members..
Data protection responsibilities
We will:
Data sharing
Recognising rights and subsequent requests
Right to be informed
Right to erasure
Rights in relation to automated decision making and profiling – Not applicable
The above rights are recognised and the SAFPAC will ensure:
Recognising and reporting data breaches
Data protection fee
We are excempt from a data protection fee as we are a not-for-profit organisation and meet the stipulated criteria.
Further areas
Other guidance on data protection
This statement explains how the Southern Association for Psychotherapy and Counselling (“we”, “us” and “our”) handles and uses the personal information we collect about our members for processes relating to our operations and activities.
Changes to this statement will be published on our website: www.safpac.co.uk.
The Southern Association for Psychotherapy and Counselling can be contacted at [email protected]
How we use your personal information
We collect and process your personal information in order to maintain your personal details (e.g. your name and preferred contact details) for communications with you including events and feedback on training.
Our normal legal basis for processing your personal information is your consent, which we sought at the point you joined our mailing list and which you can withdraw at any time.
We will only keep your personal information for only as long as we need. If you provide a Certificate of Completion of training date then we will remove you from the mailing list within six months of that date.
How we share your personal information
Personal information will not be shared without your explicit prior consent.
We may also be subject to a legal requirement (with or without your consent) to share your personal information with government agencies (such as the police or security services or other statutory authorities with investigatory powers) under special circumstances (e.g. relating to tax, crime or health and safety). Where feasible and appropriate, we will notify you of our intention to share such information in advance.
Your rights
You have the right to access the personal information that we hold about you. You also have the right to ask us to correct any inaccurate personal information we hold about you, to delete personal information, or otherwise restrict our processing, or to object to processing or communications, or to receive an electronic copy of the personal information you provided to us. Please note that all of these rights are qualified in various ways.
If you have questions or concerns about how your personal information is used, please contact us using the above details.
If you remain unhappy with the way your information is being handled, or with the response received from us, you have the right to lodge a complaint with the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF (https://ico.org.uk/)
Privacy Policy
Our full privacy policy (this document) is available on our website.
Updated: 23 May 2018
The term ‘Members’ in this document constitutes all people involved in Southern Association for Psychotherapy (SAFPAC) including clinical members and student members..
Data protection responsibilities
We will:
- Ensure personal data about subscribers (and any other people) is kept in line with the data protection principles.
- Recognise and respond to requests from members and others exercising their individual rights under the GDPR.
Personal data audit
We will audit and endeavor to regularly re-audit to ensure that: - Only personal data needed is recorded and held.
- Personal data held is accurate and not held for longer than required
- All personal data should be stored securely with access limited to those who need to see it (note information will be password protected including when transmitted by email).
- We have consent for the data collection, storage and processing
- The data is securely moved, accessed and stored.
Legal basis for processing personal data
The lawful basis for our processing of data is consent “the individual has given clear consent for you to process their personal data for a specific purpose”.
Consent requires us to: - Keep consent requests prominent and separate from other terms and conditions
- Seek a positive opt-in such as unticked opt-in boxes or similar active opt-in methods
- Use clear, plain language that is easy to understand.
- Specify why we want the data and what we’re going to do with it.
- We give separate distinct (‘granular’) options to consent separately to different purposes and types of processing.
- Specify SAFPAC and any specific third-party organisations who will rely on this consent.
- Keep records of what an individual has consented to, including what you told them, and when and how they consented.
- Tell individuals they can withdraw consent at any time and how to do this.
- Avoid making consent a precondition of a service.
- Note data cannot be transferred outside the EU without explicit consent.
Data sharing
- We will not publish or share the contact details of our members with third parties unless it has been clearly outlined to members in the consent and privacy notice that we will do this.
Recognising rights and subsequent requests
Right to be informed
- Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.
- We must provide individuals with ‘privacy information’ including: purposes for processing their personal data, retention periods for that personal data, and who it will be shared with. [The SAFPAC privacy information is available below].
- Privacy information will be provided to individuals at the time we collect their personal data from them and otherwise readily available on the website
- If we obtain personal data from other sources, we will provide individuals with privacy information within a reasonable period of obtaining the data and no later than one month.
Right to Access- Data subjects can seek confirmation on whether or not personal data concerning them is being processed, where and for what purpose.
- On request we must provide a copy of the personal data, free of charge, in an electronic format.
- Members can ask for inaccuracies to be corrected and they can object to how their personal data is being handled.
Right to erasure
- Members can request we erase his/her personal data, which includes ceasing further dissemination of the data, and potentially have third parties halt processing of the data.
- Should also be done if data is no longer being relevant to original purposes for processing.
- Unlikely to be required by us but may need to restrict further processing (by third parties) of the data we hold.
Right to data portability - Right for data to be used by another organisation at the data subject’s request.
- We
- We will inform individuals of their right to object “at the point of first communication” and present it separately from other information on rights clearly laid out in your privacy information.
- Individuals have an absolute right to object to any processing (including profiling) undertaken for the purposes of direct marketing.
- We must stop processing for direct marketing as soon as we receive an objection. There are no exemptions or grounds to refuse.
Rights in relation to automated decision making and profiling – Not applicable
The above rights are recognised and the SAFPAC will ensure:
- Where changes are sought by the data subject ‘reasonable means’ should be sought to verify their identity.
- Appropriate action is taken within one month, apart from the right to object which should be immediate.
- If requests are complex or there are multiple requests we may extend for a further 2 months, but subject will be informed, and notes made on record
- Requests can be verbal or in writing and can be made to any member of the team.
Recognising and reporting data breaches
- We are legally required to inform the ICO if there is a breach of security (including accidental publication) that includes personal data likely to “result in a risk for the rights and freedoms of individuals”.
- Reporting must be done within 72 hours of first having become aware of the breach.
- The ICO website provides guidance on how to recognise, handle and report a data breach.
Data protection fee
We are excempt from a data protection fee as we are a not-for-profit organisation and meet the stipulated criteria.
Further areas
- Should not need additional accountability requirements under the GDPR, such as the need for Policies, Data Protection Impact Assessments, Personal Data Registers or Data Protection Officers.
- This information has been disseminated to the SAFPAC training committee and administrators
Other guidance on data protection
- General guidance is available from the ICO, which also has a dedicated GDPR helpline for small organisations
This statement explains how the Southern Association for Psychotherapy and Counselling (“we”, “us” and “our”) handles and uses the personal information we collect about our members for processes relating to our operations and activities.
Changes to this statement will be published on our website: www.safpac.co.uk.
The Southern Association for Psychotherapy and Counselling can be contacted at [email protected]
How we use your personal information
We collect and process your personal information in order to maintain your personal details (e.g. your name and preferred contact details) for communications with you including events and feedback on training.
Our normal legal basis for processing your personal information is your consent, which we sought at the point you joined our mailing list and which you can withdraw at any time.
We will only keep your personal information for only as long as we need. If you provide a Certificate of Completion of training date then we will remove you from the mailing list within six months of that date.
How we share your personal information
Personal information will not be shared without your explicit prior consent.
We may also be subject to a legal requirement (with or without your consent) to share your personal information with government agencies (such as the police or security services or other statutory authorities with investigatory powers) under special circumstances (e.g. relating to tax, crime or health and safety). Where feasible and appropriate, we will notify you of our intention to share such information in advance.
Your rights
You have the right to access the personal information that we hold about you. You also have the right to ask us to correct any inaccurate personal information we hold about you, to delete personal information, or otherwise restrict our processing, or to object to processing or communications, or to receive an electronic copy of the personal information you provided to us. Please note that all of these rights are qualified in various ways.
If you have questions or concerns about how your personal information is used, please contact us using the above details.
If you remain unhappy with the way your information is being handled, or with the response received from us, you have the right to lodge a complaint with the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, SK9 5AF (https://ico.org.uk/)
Privacy Policy
Our full privacy policy (this document) is available on our website.
Updated: 23 May 2018