This Privacy Notice explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we’ll store and handle that data, and keep it safe.
We know that there’s a lot of information here, but we want you to be fully informed about your rights, and how Re…root uses your information about you.
We hope the following sections will answer any questions you have but if not, please do get in touch with us.
2. Who is Re…root ?
Re…root is a private talking therapy practice based at 8 King Street, Richmond, TW9 1ND. Re…root is formally known as Re…root Ltd., for simplicity throughout this notice, ‘Re…root’, ‘us’ and ‘we’ means Re…root Ltd.
3. Explaining the legal bases we rely on
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
In specific situations, we can collect and process your data with your consent.
For example, when you opt in to receive helpful updates on our website or on our feedback form.
In certain circumstances, we need your personal data to comply with our contractual obligations.
For example, we collect your personal information from your first enquiry to us, whether you contact us by webform, email or telephone, so that we can provide you with our therapy services.
If required by law, we may need to share your data.
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our therapy service and which does not materially impact your rights, freedom or interests.
For example, we may undertake anonymised statistical analysis to improve our services (we won’t be able to identify individuals from this data)
4. When do we collect your personal data?
- When you complete a webform or email or phone enquiry about starting therapy with us.
- When you confirm a therapy appointment with us.
- When you engage in therapy with a Re…root Associate Therapist.
- When you engage with us on social media.
- When you contact us by any means with queries, feedback, complaints etc.
- When you ask Re…root to email you information about a service.
- When you comment on or review our services and at the same time opt to give us your contact information.
- When you fill in any forms. For example, the client information form you complete usually in the first therapy session, or submit to us before the first session.
- When you’ve given a third-party permission to share with us the information they hold about you.
5. What sort of personal data do we collect?
- When you contact us to enquire about therapy, we collect personal details, for example your name, date of birth, the issue(s) troubling you, your address, email and telephone number and availability to attend therapy
- Details of your interactions with us. For example, we keep changes in availability for therapy.
- Personal details which help us match you with a Re…root Associate Therapist.
- Anonymised therapy session summaries which for example help your therapist provide effective therapy for you and record date and payment for each session.
- Your comments and reviews on our services where you have opted not to anonymise this information.
- Your social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
6. How and why do we use your personal data?
We want to give you the best possible client experience. The data privacy law allows this as part of our legitimate interest in understanding our clients and providing the highest levels of service.
Of course, if you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below.
Remember, if you choose not to share your personal data with us, or refuse certain contact permissions, we might not be able to provide the service you’ve asked for.
Here’s how we’ll use your personal data and why:
- To process the enquiries
- To match you with an Associate Therapist
- To make and alter appointments
- To bill the payee correctly and collect payments
- To collect feedback on our service.
- To send communications required by law or which are necessary to inform you about our changes to the services we provide you.
- To comply with our contractual or legal obligations to share data for your safety and wellbeing and with law enforcement.
7. How we protect your personal data
We know how much data security matters to all our customers. With this in mind we will treat your data with the utmost care and take all appropriate steps to protect it.
- We secure access to all transactional areas of our website and apps using HTTPS and SSL/TSL technology.
- Access to your personal data is password-protected, and sensitive data is secured. Data stored in Google Cloud Platform is encrypted at the storage level using either AES256 or AES128.
- We regularly monitor our system for possible vulnerabilities and attacks.
8. How long will we keep your personal data?
Whenever we collect or process your personal data, we’ll only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will either be deleted completely or anonymised, for example by aggregation with other data so that it can be used in a non-identifiable way for statistical analysis and business planning.
- Some examples of customer data retention periods:
- When you place make an enquiry with us, we’ll keep the personal data you give us for up to 1 year so we can comply with our legal and contractual obligations. When you start therapy with us we’ll keep the data for 7 years.
9. Who do we share your personal data with?
We sometimes share your personal data with third parties as part of delivering our service to you, under circumstances specified in the therapy agreement to help us maintain your wellbeing and safety, when required by law and to handle complaints.
For example, health insurance providers, other health professionals, your therapist and payment service providers.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
- We provide only the information they need to perform their specific services.
- They may only use your data for the exact purposes we specify in our contract with them.
- For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
- We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
- We may, expand, reduce or sell Re…root Ltd. and this may involve the transfer of the business to new owners. If this happens, your personal data will, where relevant, be transferred to the new owner or controlling party, under the terms of this Privacy Notice.
- For further information please contact our Data Protection Officer.
10. Where your personal data might be processed
Sometimes we might need to share your personal data with third parties eg where relevant for a health insurance provider outside the European Economic Area (EEA), such as the USA.
The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. For example, this might be required in order to provide you a service, process your payment details or provide support services.
If we do this, we have procedures in place to ensure your data receives the same protection as if it were being processed inside the EEA. For example, our contracts with third parties stipulate the standards they must follow at all times. If you wish for more information about these contracts please contact our Data Protection Officer.
Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this Privacy Notice.
11. What are your rights over your personal data?
An overview of your different rights
You have the right to request:
- Access to the personal data we hold about you, free of charge in most cases.
- The correction of your personal data when incorrect, out of date or incomplete.
- That we stop any consent-based processing of your personal data after you withdraw that consent.
- Review by a Director of any decision made based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision).
To ask for your information, please contact the Data Protection Officer, Re…root, 8 King Street, Richmond-upon-Thames, TW9 1ND, or email email@example.com. If we choose not to action your request we will explain to you the reasons for our refusal.
Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.
Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.
12. Contacting the regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.