Privacy notice

Introduction

Your privacy is very important to me, and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me.  I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

This privacy notice tells you what I will do with your personal information from initial point of contact through to after our work together has ended, including:

  • Why I am able to process your information and what purpose I am processing it for
  • Whether you have to provide it to me
  • How long I store it for
  • Whether there are other recipients of your personal information
  • Your data protection rights.

I am happy to discuss any questions you might have about my data protection policy, and you can contact me via email at the address below.

‘Data controller’ is the term used to describe the person/ organisation that collects and stores and has responsibility for people’s personal data.  In this instance, the data controller is me, David Britten.

I am registered with the Information Commissioner’s Office; my registration number is ZB096807.

My postal address is Miller’s Yard, York YO31 7EB.  My phone number is 07585 975523.  My email address is dcbritten2@gmail.com.

My lawful basis for holding and using your personal information

The GDPR states that I must have a lawful basis for processing your personal data.  There are different lawful bases depending on the stage at which I am processing your data.  These are as follows:

  • If you have had coaching or supervision with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information.
  • If you are currently having coaching or supervision or if you are in contact with me to consider coaching or supervision, I will process your personal data where it is necessary for the performance of our contract.
  • The GDPR also requires me to take appropriate care of any sensitive personal information that you may disclose to me. This type of information is called ‘special category personal information,’ as defined on the website of the Information Commissioner’s Office.  The lawful basis for my processing any special categories of personal information is, in addition to the reasons given above, that you have given your explicit consent for me to do so.  Therefore please make sure that you are clear as to the kinds of sensitive personal information that I might process, and contact me if you have any questions or concerns.

How I use your information

Initial contact.

When you contact me with an enquiry about my services, I will collect information to help me satisfy your enquiry. This will include your name and contact details and a summary of the nature of your inquiry.  Alternatively, a professional colleague may send me your details when making a referral, or a trusted individual may give me your details when making an enquiry on your behalf.

I will keep these details in a secure, password-protected location and will not disclose them to any third party without your explicit agreement.  If you decide not to work with me, I will ensure all of your personal data is deleted within one month.  If you would like me to delete this information sooner, please let me know.

While we are working together

In line with the ethics of the coaching profession, your identity and the details of our work together are confidential; however, there are some limits to this confidentiality.  These are listed below.

  1. I receive supervision or professional consultation on all of my coaching and supervision work, either from a qualified supervisor or from experienced colleagues.  Our work might be discussed, but your identity will be protected.
  • In the unlikely event that you disclose information which indicates that you or another person is at risk, I will initially discuss this with you with the aim of reducing the risk.  However, it might prove necessary to contact another professional.  I will always seek to take such a step in consultation with you, and with your consent, but in an emergency I might decide to act promptly for safety’s sake.  I will always seek to consult an experienced colleague before doing this.
  • Under certain circumstances I am required by law to provide information about our discussions, for example relating to acts of terrorism, money-laundering, harm or potential harm to a minor, or if I am subpoenaed by a court of law.
  • I make a summarising note after each coaching or supervision session.  My notes are stored in password-protected electronic form; I also use a system of coding to anonymise individual clients.  Notes will usually be destroyed seven years after the termination of our work.

Your Rights

I try to be as open as I can be in relation to providing clients with access to their personal information. You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop processing your personal information.  You also have a right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances.  You can read more about your rights at ico.org.uk/your-data-matters

If I do hold information about you I will:

  • give you a description of it and where it came from;
  • tell you why I am holding it, tell you how long I will store your data and how I made this decision;
  • tell you who it could be disclosed to;
  • let you have a copy of the information in an intelligible form.

You can also ask me at any time to correct any mistakes there may be in the personal information I hold about you.  To make a request for any personal information I may hold about you, please put the request in writing addressing it to the email address given above.  

If you have any complaint about how I handle your personal data, please do not hesitate to get in touch with me by writing or emailing to the contact details given above. I would welcome any suggestions for improving my data protection procedures.  

If you want to make a formal complaint about the way I have processed your personal information, you can contact the Information Commissioner’s Office, which is the statutory body that oversees data protection law in the UK.  For more information go to ico.org.uk/make-a-complaint.

Data security

I take the security of the data I hold about you very seriously and I therefore take every effort to make sure it is kept secure.  Data are held electronically in password-protected cloud location with two-factor authentication.  Personal data such as your name and contact details are stored in a different location to my notes from our conversations.  Cloud services are provided by Microsoft Limited; the UK address is given below.

Microsoft Campus

Thames Valley Park

Reading

Berkshire

RG6 1WG

UNITED KINGDOM

Phone: (+44) 0344 800 2400

Fax: (+44) 0870 60 20 100