Privacy and Data Protection Notice
Summary
This Privacy and Data Protection Notice is devised in keeping with the Data Protection Act 1998, the Privacy and Electronic Communications (EL Directive) Regulations 2003 and the General Data Protection Regulations Legislation (2018).
Our Commitment
We are fully committed to protecting the privacy of our clients, partner organisations, employees, volunteers and beneficiaries. This notice outlines what data we collect, where it is held and how it is used. If you have any questions concerning your personal data and how we look after it then please contact the Data Protection Officer.
Data Collection and Storage
We do collect and hold personal data for adults who receive our therapy services. This enables our therapists to assess, audit and evaluate the work. It ensures best practice and enables our therapists to develop their skills in providing high standards of therapies. Information from referrals, assessments, meetings and sessions will be used to enable our therapists to write reports, liaise with families and professionals. Information may be shared within our team and to approved supervisors for educational purposes. Data stored may be in the form of audio or video recordings, personal information, notes and reports.
We will only hold data and information for as long as reasonably necessary to carry out services, unless we are required to hold longer, for legal or professional reasons. For paper documents, they are stored in a locked filing cabinet. For electronic data, this is encrypted, held and stored securely. Data held may include:
- Name and address
- Email address and/or telephone numbers
- Date of birth
- Initial enquiry notes
- Referral information
- Correspondence through email or letter
- Assessment notes and therapy reports
- Therapy session notes
- Music therapy & therapeutic songwriting sessions (audio and video recordings)
For online therapy sessions and video conferencing sessions and meetings:
- Online music therapy and therapeutic songwriting sessions (audio and video recordings)
- Names and town locations of individuals connecting through online music therapy and video conferencing meetings
- Number of minutes used on video conferencing meetings and online music therapy sessions
- Types of devices used to connect
- Dates, times (join, leave and length times) and meeting title information
- IP addresses of participants in online music therapy sessions and video conferencing meetings
We will endeavour to:
- Communicate clearly about why we need to collect personal information and what we are going to use it for.
- Collect only the information we need.
- Take good care of all personal information, and make sure it is up to date, safe and secure.
- We will never sell personal information, or let other organisations use it for marketing.
Security of Contacts
The security of 'contacts' (Clients, organisations, applicants, employees, volunteers and subcontractors) is paramount to us. Our database is stored online in a secure and encrypted manner. Our applicants, employees, volunteers and subcontractor's personal information will only be accessible to the Director, certain staff and partner organisations (i.e. payroll and pensions) if it is required for them to carry out their role and in compliance with this Privacy and Data Protection Notice.
Sharing Information
If there is a concern about terrorism, illegal activities or trafficking issues, or an individual is considered at risk of harm to themselves or others, the data will be shared with the relevant authorities/agencies. We only share personal information where it is necessary to carry out the organisation's activities and only if the individual/parent/guardian has given informed consent for the information to be shared.
Subject Access Request
Our 'contacts' have the right to a copy of the information held about them. This is called a 'subject access request'. 'Contacts' also have the right to have incorrect information corrected. Subject access requests, personal information updates and opt out requests should be emailed to the Data Protection Officer.