GDPR: how your data is stored
This is information on how Chris Rudyard, who is the ICO registered 'Data Controller' of this service, maintains the protection of your information.
Chris Rudyard is the Data Controller and is registered with the Information Commissioners Office/ICO
I hold information for and with:
Electronically secured ‘notes’ or dates of our sessions notes are usually very brief. This is aimed to provide the best therapy possibly.
Your name for phone/calendar/email to enable appointments scheduling/cancellations and other contact that ensures you receive the best service.
Specifically, some of your contact details only will be stored with my:
Under data protection law, i.e. you have the right to access a copy and explanation of your personal data you will need to provide ID and sign an agreement to gain this data to request correction or erasure, in certain circumstances to request limiting or ceasing data processing, where applicable
to compensation for substantial damage or distress caused by data processing, where applicable (i.e. where data is inappropriately/carelessly shared to others without your knowledge.
You have the right for your any notes to be destroyed in line with GDPR.
Overall, I want your data to be as confidential as possible and secure as possible.
Chris Rudyard is the Data Controller and is registered with the Information Commissioners Office/ICO
- Data is held in the following formats by Chris Rudyard in respect to clients’:
- a. Electronically on my Google Calendar. This is only your name for purposes of booking sessions
- b. Mobile and/or landline numbers for the purposes of contact.
- c. Email addresses for the purposes of contact.
- d. Emails you send to me will be stored in Google Mail
- e. Your name and limited bank card details only securely stored securely by 10to8.com (booking system), Izettle (Paypal) & Stripe (payment/merchant services)
- f. This website may store 'cookies' as does any other website with your agreement - this data will be used to improve my website if necessary.
- Legal basis for holding information
I hold information for and with:
- a. Consent – i.e. with your express written agreement
- b. Legitimate interest – for the reasons below
Electronically secured ‘notes’ or dates of our sessions notes are usually very brief. This is aimed to provide the best therapy possibly.
Your name for phone/calendar/email to enable appointments scheduling/cancellations and other contact that ensures you receive the best service.
- I will only share information with someone else about you under circumstances as outlined in the confidential part of our working agreement (e.g. immediate risk of substantial harm to self or others; or under a legal requirement (high court), e.g. terrorism; or via court order for disclosure
- I will destroy process notes and details after 6 years by whatever means are necessary at the time. This is deemed to be a reasonable period by my insurance company, and allows for continuity of client returning for further therapy and/or issues arising from therapy, i.e. legal proceedings.
Specifically, some of your contact details only will be stored with my:
- Google Calendar: name, phone number, email
- Sign in Scheduling formally 10to8.com: name, phone number, email, brief notes with agreement
- My phone contacts (my phone is secure with locked fingerprint and pin): name, phone number, email
- A formal written agreement that you sign: name, phone number, email, with agreement
- Stripe.com (payment handler, this is no different to any other card transaction you make): Name only, Postcode, Card Details
- Zettle.com (payment handler, this is no different to any other card transaction you make): Name only, Card Details
Under data protection law, i.e. you have the right to access a copy and explanation of your personal data you will need to provide ID and sign an agreement to gain this data to request correction or erasure, in certain circumstances to request limiting or ceasing data processing, where applicable
to compensation for substantial damage or distress caused by data processing, where applicable (i.e. where data is inappropriately/carelessly shared to others without your knowledge.
You have the right for your any notes to be destroyed in line with GDPR.
Overall, I want your data to be as confidential as possible and secure as possible.