DATA PRIVACY POLICY
We aim to be as clear as possible about how and why we use information about you and/or your child so that you can be confident that you and/or your child’s privacy is protected.
This policy describes the information that we collect when you use our services. This information includes personal information as defined in the General Data Protection Regulation 2016 (“GDPR”).
The policy describes how we manage your information when you use our services, if you contact us or when we contact you. It also provides extra details to accompany specific statements about privacy when you use our website or with other online presence.
We use the information we collect in accordance with all laws governing the protection of personal data including the Data Protection Act 1998 and GDPR. In accordance with these laws, Lindsay Peer is the data controller. If another party has access to your data, we will tell you if they are acting as a data controller or as a data processor, who they are, what they are doing with your data and why we need to provide them with the information.
If your questions are not fully answered by this policy, please contact our Data Protection Officer, Lindsay Peer either by post to our address, or by telephone (01923 238751) or by e-mail to lindsay@peergordonassociates.co.uk. If you are not satisfied with the answers from the Data Protection Officer, you can contact the Information Commissioner’s Office (ICO) https://ico.org.uk.
1. Why do we need to collect your personal data?
We need to collect information from you so that we can:
- Know who you are so that we can communicate with you in a personal way. The legal basis for this is a legitimate interest.
- Deliver services to you. The legal basis for this is our contract with you.
- Verify your identity so that we can be sure that we are dealing with the correct person. The legal basis for this is a legitimate interest.
- Optimise your experience on our website. The legal basis for this is a legitimate interest.
- Provide you with a useful and relevant website. The legal basis for this is a legitimate interest.
2. What personal information do we collect and when do we collect it?
To enable us to provide our services to you or your child we will need to collect the following information:
- Name and Date of Birth of the child/adult undergoing assessment.
- Parental names(s) if your child is undergoing assessment.
- Your contact details including a postal address, telephone number(s) and electronic contact such as an e-mail address. We will NOT communicate with you via Facebook, Twitter or Instagram, but may contact you by WhatsApp, in which case we would need to know your WhatsApp username.
- We collect this information directly from you.
- We may also collect information about you from third parties, for example if we need to gather information from other health professionals such as your doctor, a speech and language therapist, an occupational therapist, a psychiatrist, a psychologist, or from your child’s school or former school, any teacher or teaching assistant thereat or from lawyers representing you or your child to provide a complete educational psychology assessment.
- We do NOT use cookies on our website to gather information about visitors.
3. How do we use the information that we collect?
- We use the data we collect from you in the following ways:
- To communicate with you, we use your and/or your child’s name and your contact details such as your telephone number, e-mail address or postal address.
- To deliver the correct service to you and/or your child we use your and/or your child’s name and your contact details and details about the service we will be supplying.
- To create your invoice we use your name, postal address and e-mail address.
- We do not accept payment by debit or credit cards and therefore we will NOT as a matter of course request your bank details. If you pay us by cheque we will per se have your bank account details but we will NOT record or retain those details. In the event that there is due back to you any refund of monies you have paid to us, we will give you the opportunity to receive that refund either by cheque (in which case we use your name and postal address) or by online bank transfer (in which case we would request and use your bank account details together with your name).
4. Where do we keep the information?
- We keep your information in the stores described below:
4.1 On our company computers
- We use personal computers that are located on our premises. The computers are password protected and the hard drives are encrypted.
- To store your data we use an EU based cloud service which has stated it is GDPR compliant.
Your report:
- We create a report that contains relevant information that we gather, results of testing, and our findings, conclusions and recommendations.
4.2 As a paper copy
- We may take hand written notes when we meet you and/or your child, or your child’s school / college, which may be used to help create the report that we provide to you. These together with any other information or correspondence which we may deem necessary to print off, will be stored in lockable filing cabinets.
5. How long do we keep the information?
We keep accounting records for seven years to comply with HMRC requirements. We retain other information for seven years in the case of an adult, or in the case of a child, for a period that expires seven years after the child has reached the age of eighteen years.
6. Who do we send the information to?
- We send your or your child’s report to you either by signed for post or electronically depending on your choice. All reports that are sent electronically are sent as attachments that are encrypted and password protected.
- At your specific request and with your authority, your or your child’s report may be sent by the same means to lawyers and to other health or education professionals acting on behalf of you or your child.
- We will send a copy of your report to anyone we are required by law so to do e.g. in compliance with an appropriate order of a competent court of law or tribunal.
- A paper copy of our invoice will be sent to our accountant. Our accountant is based in the UK and their computer systems are in the UK. Our accountant has confirmed that his firm is GDPR compliant.
7. How can I see all the information you have about me?
You can make a subject access request (SAR) by contacting our Data Protection Officer. We may require additional verification that you are who you say you are to process this request. We may withhold such personal information to the extent permitted by law. In practice this means that we may not provide information if we consider that providing the information will violate your or your child’s vital interests.
8. What if my information is incorrect or I wish to be removed from your system?
Please contact our Data Protection Officer. We may require additional verification that you are who you say you are to process this request.
If you wish to have your information corrected, you must provide us with the correct data and after we have corrected the data in our systems, we will send you a copy of the updated information in the same format as the subject access request in section 7.
9. How can I have my information removed?
If you want to have your data removed, we must determine whether or not we need to keep the data e.g. in case HMRC wish to inspect our records. If we decide that we should delete the data, we will do so without undue delay.
10. Will we send e-mails and text messages to you?
As part of providing our service to you we may send your or your child’s report to you by e-mail. If we do so, the report will be encrypted and password protected. Also, as part of our service, we may send other correspondence to you by e-mail. To protect your information, we prefer to use an end-to-end encrypted messaging service.
We will NOT send e-mails or text messages to you about marketing and additional services that we provide unless you specifically request such information from us.
11. How do I opt out of receiving e-mails and /or text messages from you?
You need have no concerns. As a specialist niche company, we do not market ourselves by sending unsolicited or unwarranted e-mails or text messages advertising the bespoke service we offer. You will at first instance have contacted us either by recommendation or having visited our website or the websites of other professional bodies. We will NEVER contact you by e-mail or text message other than during the course of the provision of an ongoing service previously commissioned by you.