GDPR Policy
Introduction:
This GDPR (General Data Protection Regulation) policy outlines how InsideTalk handles, processes, and protects personal data in accordance with the GDPR regulations. This policy applies to all staff, volunteers, and individuals involved in the InsideTalk counselling placement who handle personal data.
1. Data Controller:
The data controller for the personal data collected and processed during the counselling placement is InsideTalk Ltd., located at The Hideaway, 28 Thurlow Road, NW3 5PP. The data controller is responsible for ensuring that all personal data is processed lawfully and in compliance with the GDPR.
2. Data Protection Officer:
Mark Archer & Ros Stone are appointed as the Data Protection Officer (DPO) for InsideTalk. The DPO is responsible for overseeing data protection and GDPR compliance within the organisation.
3. Personal Data Collection:
InsideTalk Ltd. may collect the following types of personal data from clients and counsellors:
– Name, address, and contact information
– Date of birth and age
– Health and medical information relevant to counselling
– Emergency contact details
– Counselling notes and session records
4. Lawful Basis for Processing:
InsideTalk will process personal data based on one or more of the following lawful bases as defined in Article 6 of the GDPR:
– The data subject has given consent to the processing of their personal data for specific purposes.
– Processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject before entering into a contract.
– Processing is necessary for compliance with a legal obligation to which InsideTalk is subject.
– Processing is necessary to protect the vital interests of the data subject or another natural person.
– Processing is necessary for the legitimate interests pursued by InsideTalk or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
5. Data Processing and Storage:
Personal data collected during ImsideTalk counselling sessions will be processed and stored in a secure and confidential manner. InsideTalk will ensure that access to personal data is restricted to authorised individuals only, such as the counsellor, supervisor/clinical lead and administrative staff.
6. Data Retention:
Personal data will be retained for as long as necessary to fulfil the purposes for which it was collected, or as required by law. Once the data is no longer needed, it will be securely deleted or anonymised.
7. Data Subject Rights:
Under the GDPR, data subjects (clients and counsellors) have the following rights:
– Right to be informed: Data subjects have the right to be informed about the collection and use of their personal data.
– Right of access: Data subjects have the right to access their personal data held by InsideTalk.
– Right to rectification: Data subjects can request the correction of inaccurate or incomplete personal data.
– Right to erasure (right to be forgotten): Data subjects can request the deletion of their personal data under certain circumstances.
– Right to restrict processing: Data subjects can request the restriction of processing in certain situations.
– Right to data portability: Data subjects can request to receive their personal data in a structured, commonly used, and machine-readable format.
– Right to object: Data subjects can object to the processing of their personal data in certain situations.
8. Data Breach Notification:
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, InsideTalk will comply with the GDPR’s data breach notification requirements and promptly report the breach to the relevant supervisory authority and affected individuals.
9. Data Protection Training:
All staff and counsellors handling personal data will receive training on data protection and GDPR compliance to ensure they understand their responsibilities and obligations.
10. Updates to the GDPR Policy:
This GDPR policy will be reviewed and updated as necessary to ensure ongoing compliance with the GDPR and any other relevant data protection laws.
Conclusion:
InsideTalk is committed to protecting the privacy and rights of individuals by complying with the GDPR and handling personal data responsibly and securely. If you have any questions or concerns about this policy or how your personal data is processed, please contact our Data Protection Officer.