This notice is directed to mentors and therapists who have requested or been approached to be registered as a Practitioner on the My Personal Therapy online platform. We ask that you read this Practitioner Privacy Notice carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
- Who we are
- Our collection and use of your personal information
- Our legal basis for processing your personal information
- Who we share your personal information with
- Transfer of your information out of the EEA
- Cookies and similar technologies
- Your rights
- Keeping your personal information secure
- How to complain
- How to contact us
- Do you need extra help?
Who we are
The My Personal Therapy platform is operated by My Personal Therapy Ltd, a limited company registered in England and Wales.
We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union and in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
Our collection and use of your personal information
We collect personal information about you when you access our platform, register with us, contact us, send us feedback, accept bookings, post material to our platform.
We collect this personal information from you either directly, such as when you register with us, contact us or purchase products or services via our platform or indirectly, such as your browsing activity while on our platform (see ‘Cookies’ below).
We also collect personal information about you from other sources as follows:
- Reviews and feedback from clients to whom you provide video, phone or chat consultations
The personal information we collect about you includes:
- your name, postcode (first four characters) and telephone and email contact details and a short biography
- professional body accreditation details
- CV and references (if you are a mentor)
- bank account and payment details (we use our payment processor, Stripe, to collect these – we never actually retain them on our servers)
- details of any feedback you give us by phone, email, post or via social media
- information about clients and bookings we have provided to you
- your account details, such as username, login details
We use this personal information to:
- create and manage your account with us
- verify your identity and suitability for on-boarding onto the platform
- provide access to the platform to you
- provide a therapy or mentor service to our clients
- customise our platform and its content to your particular preferences
- notify you of any changes to our platform or to our services that may affect you
- improve our services to clients
Our legal basis for processing your personal information
When we use your personal information we are required to have a legal basis for doing so. There are various different legal bases upon which we may rely, depending on what personal information we process and why.
The legal bases we may rely on include:
- consent: where you have given us clear consent for us to process your personal information for a specific purpose
- contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
- legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
- vital interests: where our use of your personal information is necessary to protect a client’s life
- public task: where our use of your personal information is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law
- legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests)
Who we share your personal information with
We routinely share your name and a link to your profile with clients in respect of whom we have engaged you to provide therapy or mentoring services.
If you agree to be assigned to manage one of our corporate accounts, we will share your name, contact information and metrics around your provision of therapy service to that corporate customer’s personnel (we will never disclose to any corporate customer details of the therapy in respect of individual clients, except at the client’s request).
You will have a profile on the platform, and this will be visible to clients, potential clients, and visitors to our website.
We use Stripe to process payments to you.
We use Peak Agency Ltd to host our platform and your personal data that we hold on it – https://peak.agency
We will share your personal information with clients’ medical service providers if the circumstances require it.
We will share your personal information with law enforcement or other authorities if required by applicable law.
Whether information has to be provided by you, and if so why
We require you to provide certain minimum registration data if you wish to join the platform. We will inform you at the point of collecting information from you, whether you are required to provide the information to us.
Transfer of your information out of the UK and EEA
We may transfer your personal information to the following which are located outside the European Economic Area (EEA) as follows:
- Stripe, which processes data in the USA in order to make payments to you
The USA does not have the same data protection laws as the United Kingdom and EEA. Whilst the European Commission has not given a formal decision that the USA provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal information will be subject to appropriate safeguards under the General Data Protection Regulation that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal information. See here for a general summary of the safeguards – https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_en. To obtain a copy of the safeguards applicable to your data, ask us by emailing firstname.lastname@example.org.
Cookies and similar technologies
For further information on cookies generally visit www.aboutcookies.org or www.allaboutcookies.org.
We would like to send you information about other services we offer, which may be of interest to you. Where we have your consent to do so, we may do this by email.
We will only ask whether you would like us to send you marketing messages when you tick the relevant boxes when we ask for your consent.
If you have previously agreed to being contacted in this way, you can unsubscribe at any time by:
—contacting us at email@example.com
—using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts
It may take up to 7 days for this to take place.
For more information on your rights in relation to marketing, see ‘Your rights’ below.
Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to:
- access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you would like to exercise any of those rights, please:
- email, our Data Protection Officer at firstname.lastname@example.org
- let us have enough information to identify you
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request relates
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
How to complain
We hope that our Data Protection Officer can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
How to contact us
Please contact us or our Data Protection Officer, if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact us our Data Protection Officer, please send an email to email@example.com or firstname.lastname@example.org write to Newminster House, 27-29 Baldwin Street, Bristol, BS1 1LT or call 0333 5677702.