At Nick James Family Therapy we are committed to protecting and respecting your privacy. This Policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes.
Any questions regarding this Policy and our privacy practices should be sent by email to [email protected].
WHO WE ARE
We are Nick James Family Therapy
HOW DO WE COLLECT INFORMATION FROM YOU?
We collect details of your IP address when you view our website, we do this via cookies *
and through day to day business contact
WHAT TYPE OF INFORMATION IS COLLECTED FROM YOU?
We collect no personal information via this website.
HOW IS YOUR INFORMATION USED?
We may use your information to:
* to carry out our obligations arising from any contracts entered into by you and us;
* seek your views or comments on the services we provide;
* notify you of changes to our services;
* send you communications which you have requested and that may be of interest
* to you.
We will hold your personal information on our systems for as long as is necessary for the relevant activity.
WHO HAS ACCESS TO YOUR INFORMATION?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
W use a third party plugin Wordfence which scans IP addresses such that we can block access to our site from known spammers and hackers.
Our site is built in WordPress which requires the collection of IP information for any with access to update the site.
It is possible to disable cookies via your browser but it may affect the functionality of our site.
Any data from information provided by cookies is only shared with the third parties listed above.
We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted. You can change your marketing preferences at any time by contacting us by email: [email protected].
HOW CAN YOU ACCESS OR UPDATE YOUR INFORMATION?
The accuracy of your information is important to us. If you wish to know what if any data we hold on you please email us at: [email protected]
If you wish us to delete your information from our records we will do so.
LINKS TO OTHER WEBSITES
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
We have policies in place to help prevent data breaches. Data that we collect is done so via an encrypted connection . Any data we hold on our own computers in spreadsheet or database form is password protected.
Employees are aware that the following actions are to be strenuously avoided:
* Loss of computing devices (portable or otherwise), data storage devices, or paper records containing personal data
* Disclosing data to a wrong recipient
* Handling data in an unauthorised way (eg: downloading a local copy of personal data)
* Unauthorised access or disclosure of personal data by employees (eg: sharing a login)
* Improper disposal of personal data (eg: hard disk, storage media, or paper documents containing personal data sold or discarded before data is properly deleted)
We take measures to avoid loss of data as a result of malicious activities, which include
Hacking incidents / Illegal access to databases containing personal data
Theft of computing devices (portable or otherwise), data storage devices, or paper records containing personal data
Scams that trick our staff into releasing personal data of individuals
Failure of cloud computing cloud storage security / authentication / authorisation systems .
All members of staff have an obligation to report actual or potential data protection compliance failures. This allows us to:
Investigate the failure and take remedial steps if necessary
Maintain a register of compliance failures
Notify the Supervisory Authority of any compliance failures that are material either in their own right or as part of a pattern of failures
Under the GDPR, the DPO is legally obliged to notify the Supervisory Authority within 72 hours of the data breach (Article 33). Individuals have to be notified if adverse impact is determined (Article 34). In addition, we must notify any affected clients without undue delay after becoming aware of a personal data breach (Article 33).
We do not have to notify the data subjects if anonymised data is breached. Specifically, the notice to data subjects is not required if the data controller has implemented pseudonymisation techniques like encryption along with adequate technical and organizational protection measures to the personal data affected by the data breach (Article 34).