GDPR: how your data is stored

,This is information on how Chris Rudyard who is the ICO registered 'Data Controller' of this service maintains the protection of your information.

Chris Rudyard is the Data Controller and is registered with the Information Commissioners Office.

  1. Data is held in the following format by me in respect to clients’:
  • a. Electronically on my Google Calendar. This is only your name for booking sessions
  • b. Mobile and/or landline numbers for the purposes of contact.
  • c. Email addresses for the purposes of contact.
  • d. Emails you send to me will be stored in Google Mail
  • e. Your name and limited card details only securely stored by 10to8.com (booking system) & Stripe (payment/merchant services)
  • f. This website may store 'cookies' as does any other website with your agreement - this data will be used to improve the website if necessary.
 
  • Legal basis for holding information
  • I hold information for 2 of the possible 6 lawful basis cited by GDPR:
  • a. Consent– ie with your express written agreement
  • b. Legitimate interest– for the reasons below-

Electronically secured ‘notes’ or dates of our sessions notes are usually very brief.  This is aimed to provide the best therapy possibly.

Your name for phone/calendar/email to enable appointments scheduling/cancellations and other contact that ensures you receive the best service.

  1. I will only share information with someone else about you under circumstances as outlined in the confidentially part of our working agreement (e.g. immediate risk of substantial harm to self or others; or under a legal requirement (high court), e.g. terrorism; or via court order for disclosure)
  2. I will destroy process notes and details after 6 years by incineration. This is deemed to be a reasonable period by my insurance company, and allows for continuity of client returning for further therapy and/or issues arising from therapy ie legal proceedings.

​Under data protection law, i.e. you have the right to access a copy and explanation of your personal data you will need to provide ID and sign an agreement to gain this data to request correction or erasure, in certain circumstances to request limiting or ceasing data processing, where applicable
to compensation for substantial damage or distress caused by data processing, where applicable ( i.e where data is inappropriately/carelessly shared to others without your knowledge.

Overall, I want your data to be as confidential as possible and secure as possible.