NCFED Ltd is a training organisation. The National Centre for Eating Disorders is a counselling organisation providing therapy services via a membership association of affiliated psychotherapists; and which has an agreement with overseas individuals to deliver NCFED trainings. Each organisation is a different aspect of the same business, with the same Director and employees.
Reasons & purposes for processing information
1. Counselling services
We process personal information to enable us to provide mental health counselling, to advertise our services, to maintain our accounts and records and to support and manage our employees.
Type/classes of information processed
We process information relevant to the above reasons/purposes with respect to clients, enquirers, suppliers, business contacts and employees & professional organisations in the case of complaint. This information may include: personal contact details and information about family, lifestyle and social circumstances. We also process sensitive classes of information that may include physical or mental health details. We process financial details for business reporting.
Who the information may be shared with
We may need to share the personal information we process with the individual themself. We follow the common law duty of confidence for Mental Health practitioners which means that your identifiable information is treated as confidential and retained to provide you with direct care which you have requested, or other services. In this case the legal basis for holding your data is for Legitimate Interest.
We are committed to securing your information. It is not disclosed to third parties in accordance with the requirements of the General Data Protection Regulation. Nor is it transferred outside of the European Economic Area.
We share your data only with your consent, such as writing a confidential report to a therapist you have asked to see. The circumstances where we may need to share some personal information we process may include: service providers, for example if there is a problem with the website booking process. Retaining your data allows us to process any complaint you may make, in which case we may share your data with our Registrant Body, The British Psychological Society (BPS). In this case the legal basis of our holding your personal data is for contract administration.
All mental health providers may use information where there are safeguarding issues. If we think your life is in danger we may contact an appropriate authority such as social services in the case of a child or vulnerable adult, or a GP. We may use your data if there is a legal requirement such as a formal court order. In this event we are using the legal basis of vital interests.
All business contractors such as accountants work under terms of strict confidentiality.
2. Training and Related Services
We process personal information to enable us to provide education and training to our customers; to promote our services, to maintain our accounts and business records and to support and manage our employees.
Type/classes of information processed
We process information relevant to the above reasons/purposes with respect to clients, enquirers, suppliers, business contacts & employees & professional organisations in the case of complaint. This may include: contact details, professional affiliations, booking emails, training details, goods & services, financial details and NCFED awards. We also process sensitive personal data if it is provided in Award essays which are marked by the Director. The legal basis for holding this data to deliver the service you have requested is for legitimate interest.
Who the information may be shared with
We may need to share the personal information we process with the individual themself but not otherwise without your consent. We comply with the requirements of the General Data Protection Regulation. We may need to share some of the personal information we process with the following types of organisation as explained below.
Only where necessary, your data could be shared with debt collection agencies, or service providers such as our accountants. Retaining your data allows us to process any complaint you may make, in which case we may share your data with our Registrant Body, the BPS. In this case the legal basis of our holding your personal data is for contract administration. No information is transferred outside the European Economic Area.
How We Collect and Store Your Personal Data
We may collect and process your information as follows:
- Via forms on our website when you book our counselling or training services.
- Contact details you provide on the phone, or by email when making enquiries.
- Data you provide to purchase our services for counselling, training, consultancy or for membership of the therapist network.
- Data you provide via a confidential questionnaire which you complete when requesting an assessment with one of our therapist members.
- Email or other Communications regarding your ongoing care, including reports which have been prepared at your request.
- Essays to obtain awards.
Any requests for details of data collection and storage should be sent to firstname.lastname@example.org. We keep our Privacy Notice under regular review; the last being April 2018.
If we need to keep more information, than stated, it would only be with your express consent in which case the legal basis of holding this information is consent.
The information we hold is kept in secure locations with restricted access to authorised personnel only. We have suitable physical, electronic, managerial and reasonable security procedures to safeguard the information we store. We ensure that our external data processors are legally and contractually bound to ensure that security arrangements are in place where data that could identify a person is processed. Personal data held on equipment such as laptops or handheld devices is encrypted.
Credit card information provided directly to us for payment of fees is processed by Barclaycard Online which whom we are Data Compliant via their Data Security Scheme. Paper records are shredded when payment is completed.
Security of our website and computer systems is important. Our website uses software to provide high level encryption technology. Although we use advanced security measures to protect your information against loss, misuse and alteration, as is the case with all computer networks linked to the internet including for cloud data storage such as Dropbox, we cannot make absolute guarantees over the security of these Processors and as such we cannot be held responsible for it.
Every individual has the right to see, and have a copy of, personal data that can identify you.
You can make a subject access request in writing to email@example.com or to the therapist you have asked to see. We shall respond within 20 working days. Our response will include the details of the personal data we hold on you such as how we acquired the information, why we keep it and those with whom we have shared it, if this was subject to your consent.
You have the right to ask to have your information corrected or updated where it is no longer accurate. The right to ask us to stop keeping your information provided that we aren’t required to do so by law or in accordance with Professional Regulatory Guidelines.
If you would like to invoke any of the above rights, write to the Data Controller at NCFED, 54 New Road Esher Surrey KT0 9NU or email firstname.lastname@example.org
Our data role
We act as a data controller for use of your personal data to provide the service you have requested. We also act as a controller and processor for processing your data to other healthcare providers such as a GP only where this is necessary for your care and with your consent. We act as a data controller and processor for processing credit card and online payments.
We will only keep personal data if there is a legitimate basis for doing so and any processing we do is fair and lawful. If we use your data for marketing purposes such as newsletters, this only if you give us your express consent.
NCFED Ltd and The National Centre for Eating Disorders are registered with the Information Commissioner’s Office (ICO) each as a data controller to collect data for the purposes already described. A copy of the registration is available through the ICO website (search by business name).
How long do you hold confidential information for?
All records held by us will be kept for the duration specified by guidance from our professional association (The British Psychological Society) or The Registrant Body of your therapist. In the case of counselling clients this is about 5 years and for other customers as long as we need to deliver our services.
If there is any complaint about your data use, contact us by writing to the Data Controller at NCFED, 54 New Road Esher Surrey KT0 9NU or email email@example.com and we will do our best to help you. If your complaint is not resolved to your satisfaction you can approach the Information Commissioner’s Office (ICO), on 01625 545745 or 0303 1231113.