Privacy Notice and Cookie Policy

Click on the link below to view our cookie policy

COOKIE POLICY           

Business Trading Name:    Suzanne Gardner-Cuthbert Therapies  
Data Controller:    Suzanne Gardner-Cuthbert
Data Controller Contact Details:   [email protected]

When the words ‘our’ ‘we’ or Suzanne Gardner-Cuthbert Therapies are used in this document, it refers to Suzanne Gardner-Cuthbert.
When the word ‘Data Subject’ is used in this document, it is referring to the person we hold data on.  Data Processing refers to the data we collect, the data we process and the data we store. 

At Suzanne Gardner-Cuthbert Therapies we take your privacy and data very seriously and adhere to the GDPR rules of compliance.  

The General Data Protection Regulation act came into effect on 25th May 2018.  It replaces the EU Data Protection Directive 95/46/EC and in the UK the Data Protection Act 1998.  GDPR brings the same Data Privacy Rules for all EU Member states.  By law, all businesses and organisations that process data must comply to the GDPR rules. 

This privacy notice and cookie policy informs how Suzanne Gardner-Cuthbert Therapies uses your information and how Suzanne Gardner-Cuthbert Therapies protects the information that you provide, in line with GDPR (General Data Protection Regulation) . 

At the first point of contact with Suzanne Gardner-Cuthbert Therapies, we collect and process data via our website online form, by email and text.  We use the data so that we can reply and contact you about the service that we provide.  Our legal basis for processing this information is legitimate interest. 

Our website collects cookie data.  We may collect, website visitor unique cookie ID, IP address, devise used, cookie consent data, dates and times.  Cookie consent data is recorded in line with ICO requirements.  The legal grounds for processing is consent.  You have the tight to change this consent at any time. (Please see our cookie policy for more information 

We comply with the regulation by keeping personal data up to date, by storing and destroying it securely, by not collecting or retraining excessive amounts of data, by protecting personal data from loss, misue, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

We may collect the following data

• Name
• Address
• Contact telephone numbers
• Email address
• Emergency contact name and contact number
• GP Name
• GP Surgery address
• GP Surgery Contact Number
• Midwife Name (where applicable)
• Midwife Surgery Address (where applicable)
• Midwife Surgery Contact Number (where applicable)
• Interests
• Lifestyle details
• Job title
• List of current medications
• Medical history
• Details of issue
• Gender
• Information regarding past treatments tried for current issue
• D.O.B
• IP Address
• Payment Information

Due to offering a therapy/coaching service we will process some identifiable personal data, which is identifiable personal data, which is categorised as Special Category Data under the GDPR

• Race
• Political Opinions
• Religious or
• Trade Union Membership
• Genetic Data
• Biometric Data
• Health Data
• Data Concerning a Persons Sex Life 
• Data concerning a Persons Sexual Orientation

To deliver the services that the client has requested

To contact those clients, as necessary in accordance with the services they have requested

To contact clients via surveys to ascertain their opinions on the service they received from us

To main our own accounts and records

In the event that our recorded data is utilised for our own supervision, all such data will be sufficiently anonymised, to the extent that indvidual clients can't be identified

Store your information on file for at least 7 years in line with insurance requirements

Cookie's

 Our legal grounds for processing client (service user) data is consent. Clear consent is obtained from the client, to process their data for a specific purpose.  Our legal basis for storing client (service user) data after the sessions have ended is legitimate interest.  

Our legal basis for processing corporate organisation data for marketing purposes is legitimate interests. Personal data such as name and email address will be deleted 60 days after no contact. 

 We use third party services providers to enable us to operate our business.  Each of these service providers have been checked to ensure that they adhere to the GPDR .  The only personal data that is processed, is the data that is required to ensure that the business activity can be performed.  For example, a merchant provider is required to allow us to invoice our services and collect monies.  

We use JotForm to collect information from the client.  JotForm's privacy policy can be found here

We use Create as our website provider and use their contact form to collect contact data.  Create's privacy policy can be found here 

We use Stripe to process our financial transactions.  Stripe's privacy policy can be found here

We use facebook for marketing purposes.  Facebook's privacy policy can be found here

We use Linkedin.  Linkedin privacy policy can be found here

We use mailchimp for managing our marketing campaigns.  Mailchimp privacy policy can be found here

Client data will remain confidential expect in the following situations:-

If there was a concern for the safety of the therapist, or that of the client, the client's family members or other members of the public. If any legal action or legal requirement that requires me to share information.  Or if a complaint is made to my professional membership organisation or a claim being investigated by my insurers. Only relevant data would be shared. We will not ask your permission to share this data.  The legal grounds that we process this information is legitimate Interests.  

At all other times, indvidual client data will never be passed to a third party without the consent of the respective client.  Your data will never be shared with third parties for marketing or sales.

In accordance with my need to maintain the possibility of access to client data, as a result of returning clients, or those who may wish to lodge a complaint in respect of our professional services to either our professional body or our insurers, the data that you provide us with will be stored for a least 7 years in line with insurance requirements.  After the time periods have expired the data will confidentially destroyed.

The data that you provide us will be stored manually for at least 7 years in line with insurance requirements. Data will be deleted where there is no continual use for the data.  Clients under the age of 18, data will be returned until their 25th birthday. 

Financial paperwork will be stored for 7 years in line with the HMRC regulations.

Website messages stored on the website server, will automatically be deleted within 30 days or sooner.

Text messages/emails are deleted at the end of service with the client.  If text messages/emails contain important data, it will be transferred and stored for 7 years in the cloud. 

Notes during sessions are hand written and contain a reference number and are anonymised.  These notes are then typed and remain on the computer system until the sessions have terminated with the client.  These notes are tranferred to the cloud.  Hand written notes are destroyed after typing. 

Data stored on waiting lists will be deleted when there is session availability and the client has been contacted. 

Contact numbers stored in mobile phones will be deleted at the end of service with the client.   

Website comments made on our blog will stay on the website blog page or until the blog article is no longer relevant for the website and the page is deleted.

ID provided for subject access requests, will be confidentially destroyed after confirming your ID

Our website has SSL (Secure Socket Layer) encryption.  SSL protection ensures that information exchanges can not be intercepted.  Our website is also password protected.  Confidential emails are encrypted.

Your data will be stored electronically via the cloud and has secure protection. Recorded case notes are referenced with a reference number and anonymised and never stored with other personal information.  Accounts and devices are password protected.   Data on the devices can be wiped if lost or stolen. 

The computer system is protected with virus protection and virus checks are performed on a weekly basis. 

Text messages are protected by a phone screen code. 

We ensure that the service providers that we use are compliant with the GDPR.  If our service provider is outside the EEA and is US based, we ensure that the EU-US privacy shield is being adhered to.

  You have the right to be informed. This notice briefly explains what the GPDR is and informs you who the data controller is at Suzanne Gardner-Cuthbert Therapies.  We have informed you, what personal information we hold about you and how we use your personal data.  How we store your data and how we secure your data. 

You can request assess to the data that we hold.  Please contact Suzanne Gardner-Cuthbert by emailing [email protected].   We will respond to your request within one month. 

You have the right to have any inaccurate personal data rectified.  In cases where personal data is incomplete, you have the right for this data to be completed.  You can request your data to be rectified either verbally or in writing.

You have the right to have personal data erased in certain circumstances. This is where it is no longer necessary for Suzanne Gardner-Cuthbert to retain the data.  

You have the right to withdraw your consent to the processing of data at any time.  

You have the right to request the restriction or suppression of your personal data in certain circumstances.  If your data is restricted, Suzanne Gardner-Cuthbert Therapies, still has the right to store your data.

You have the right to ask for the data you have provided to be transferred back to you or transferred to another data controller.  Where applicable.  This only applies where the processing is based on consent, or is necessary for the performance of a contract with the data subject and in either case the data controller processes the data by automated means.

You have the right to object to the uses of your personal data in certain circumstances. This only applies where processing is based on legitimate interests (or the performance of a task in the public interest, direct marketing and processing purposes of scientific/historical research and statistics.  

You have a right to object to automated decision-making.  Suzanne Gardner-Cuthbert Therapies does not use any automated decision-making systems.

We are required to report any breach of data to the ICO within 72 hours.

You have the right to make a complaint to the ICO (Information Commissioners Office) https://ico.org.uk/make-a-complaint/

This privacy notice will be updated periodically.  It is recommended that you check the website www.suzannegardnercuthbert.com for updates. 

If you have any questions about this privacy notice, please email Suzanne at the email address at the top of the page.

Updated on the 15th March 2021

Updated 28th April 2021

Updated 5th May 2022

1st July 2022

Information provided by Suzanne Gardner-Cuthbert - Updated 02 May 2020

Third Party Cookies are used on our website.
Create.Net hosts our website and uses strictly necessary cookies and performance cookies. 

You should be able to delete cookies in the settings option on your browser.

To opt out of being tracked by Google Analytics, visit http://tools.google.com/dlpage/gaoptout.

You can change your cookie consent by clicking on the blue and white icon circle at the bottom left hand side of each page.

 Website Visitor Unique Cookie ID, IP Address, Devise Used, Cookie Consent Data, Dates and Times ( Cookie Consent Data is recorded in line with the ICO requirements).  

Should you have any questions about our cookie policy, please email Suzanne at [email protected]