Who we are

Our website address is: https://www.kaleidopsych.co.uk.

Data Protection Officer: Dr Paul Walton

What personal data we collect and why we collect it

How We Use Your Information

In order to provide you with services such as training, updates, therapy, or consulting, we need information from you which may include your identity, your address, your email, and your telephone. In the case of therapy or consultation, additional details may be taken to provide the service you are expecting such as notes about your sessions, medical records, school records, insurance reports, personal history, sexual preferences, relationships, etc. In addition to any requirements of the GDPR, this information may be further protected by the British Psychological Society code of ethics and the regulating body Health and Caring Professions Council.

We may use your information in our accounting system to bill for services, take payments, file tax returns, and track your financial obligations to us. Once our financial relationship is concluded we will continue to hold that information until no longer required by HMRC or any other party with a legitimate interest. We do not hold credit card details.

If you have asked us to include you on a mailing list to announce training sessions or classes, we will use your email and name (optionally) to provide this to you. This information is not sold, transferred or used for purposes other than emails from us to advise you of our services.

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Lawful Basis for Processing

Our basis for processing your information is legitimate interests. This is information that both you and we might reasonably expect to be provided and maintained in order to provide the service or information you want. In the case of our email list you will have volunteered that information for the purposes stated on our sign up form and you always have the right to end the processing. You may have also provided this information when meeting in person at a conference or business meeting.

Our basis for processing special category information such as gender, sexual preference, marital status, business details and similar is also legitimate interests and this will be information you have consented to provide to us in order for us to provide you with the services you have requested. It is information that we both would reasonably expect to be shared between us with a clear understanding of how it will be used and protected.

Categories of Personal Data Obtained

We do not obtain data from third parties unless it has been released to us with your informed consent. Examples of this may be legal, medical, criminal, educational, social, or other records released by your solicitor for use in preparing a report on your behalf.

Data we receive will nearly always be obtained either directly from you, your representative, or your guardian. In the case of children, this information will be obtained from the child and/or the guardian.

We may access public records such as but not limited to Companies House, County Courts, social media sites, Information Commissioner’s Office, and others if deemed necessary to pursue legal claims for the recovery of debts owed to us.

Recipients of Data

Data received from you will be used only within our partnership for the purposes you and we reasonably expect for the services being provided. Except as required by law, courts, or police, we do not release data to recipients outside of our business. If you pay for our services via credit or debit card then you will provide that information directly to the processor via a website or point-of-sale machine.

Transfers Outside of the EU

We do not transfer data outside of the EU for processing, meaning to be handled, viewed, manipulated, scanned, or otherwise accessed by someone outside of our business. However, data may be moved and stored outside of the EU for our own purposes such as accounting, storage, video consultations, emails, and similar circumstances. We make an effort to ensure these providers are GDPR compliant, to minimise our use of such providers, and to consider if security measures are in place that are reasonable and reliable. It is also likely that we may work with you or communicate with you while we are located outside of the UK or EU. In any event, our company will continue to comply with the GDPR and respect your rights.

How Long We Hold Your Data

We hold data only as long as we are required by law for accounting and tax purposes, which may be three years or longer. If you make an enquiry via our website we will keep that correspondence only as long as your enquiry is active. Emails received directly and related to services we are providing you will be kept for 6 years before being destroyed after you advise us we are no longer working with you. Notes maintained as part of therapy or supervision with you will be stored for 6 years before being destroyed after you advise us we are no longer working with you. If we hold your details as a subscription to receive notices of training or other services we will delete such information immediately upon your request, which will normally be through an automated link. The email we receive to confirm your sign up to our list will be maintained until you cancel your subscription.

Your Rights

A complete summary of your rights is available at the Information Commissioner’s Office website. You may request copies of data we hold on you and we must provide this information free-of-charge within 30 days. However, if your request is unreasonable or you have made repeated requests for the same information, we may refuse to comply unless and until a fee is paid or an agreement reached on the data to be provided. You always have the right to file a complaint with the Information Commissioner’s Office if you feel we have violated your rights under the GDPR. We will do our best to provide your information in a format that you can understand and use.

Source of Personal Data

We do not obtain data from third-parties without your consent except in the case of children or vulnerable persons and then this data will be obtained from a responsible party, solicitor, or a party holding power-of-attorney. If you are asking us work in a legal case in which you are a party, we may receive information from the courts, the police, the Crown, or your legal team. In this case such a release is made on your behalf by parties you have authorised. We may receive data from an insurance company or medical providers, again on your authorisation and knowledge.

Your Obligations to Provide Data

You are under no obligation to provide information to us, but we may not be able to provide you with the services you are requesting. In such a case, we may choose to not provide you with services that you are seeking.

Automated Decision Making

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

Visitor comments may be checked through an automated spam detection service.