Privacy and Data Protection Policy

Beyond Psychology Ltd takes the issue of your privacy seriously. Beyond Psychology Ltd aims to be as clear as possible about how and why we use information about you so that you can be confident that your privacy is protected. This policy describes the information that we collect when you contact us or use our services, how we manage your information and when we contact you. This information includes personal information as defined in the General Data Protection Regulation (GDPR) 2016 [and the subsequent UK Data Protection Bill that is expected to be enacted in 2018].

Beyond Psychology Ltd uses the information we collect in accordance with all laws concerning the protection of personal data, including the Data Protection Act 1998 and the GDPR 2016. As per these laws, the directors of Beyond Psychology Ltd (Dr Kirsty Hughes and Hannah Waugh) are the Data Controllers; if another party has access to your data, we will tell you if they are acting as a Data Controller or a Data Processor; also who they are, what they are doing with your data and why we need to provide them with the information. Dr Kirsty Hughes is the appointed Data Protection Officer.

If you have any questions concerning our privacy policy that are not addressed here, please contact as below:

Email : office@beyond-psychology.co.uk
Telephone: 07715218975. (If we can’t answer your call do leave a message and we will get back to you as soon as we can).

Information we collect and use

www.beyond-psychology.co.uk collects the information you provide us, including your name, contact details and email address. You would have been asked to provide your consent when you signed up to receive emails from us or to attend one of our workshops, training sessions, assessment sessions or therapeutic input.

What personal information do we collect?

For us to provide you with services, we need to collect the following information:

  • Your name
  • Your contact details including telephone number(s) and electronic contact such as email address
  • For assessment and therapeutic work we also need your postal address and GP contact

When we collect personal information

We collect this information directly from you when we begin to organise workshops or therapeutic services for you, or in the case of staff and associates, when you begin to supply services on behalf of Beyond Psychology Ltd. Consent is always asked for when we do this.

We may also collect information about you from third parties; for example, if we need to gather information from other professionals (such as your GP or school) to provide a complete health assessment.

Why we need to collect information about you.

So that we:

  1. Know who you are so that we can communicate with you in a personal way. The legal basis for this is a legitimate interest; more information about the criteria for this can be found on the ICO website.
  2. Can deliver services to you. The legal basis for this is the contract we have in order to engage with you; more information about the criteria for this can be found on the ICO website here.
  3. Can process your payment for the services we provide. We use your banking details to process payments for our services. The legal basis for this is the contract we have with you.
  4. Verify your identity so that we can be sure we are dealing with the right person. The legal basis for this is a legitimate interest.
  5. Optimise your experience on our website. The legal basis for this is a legitimate interest.
  6. Provide you with details about future events with us, our newsletter and useful and relevant websites or resources. The legal basis for this is legitimate interest.

How we use the information we collect

  • To communicate with you so that we can inform you about your appointments with us we use your name and the contact details provided by either yourself or a third party such as a social worker;
  • To send reports and letters to you and the relevant professionals involved we use your name and email address;
  • To create your invoice for payment for our services, we use your name and email address

Where do we keep the information?

We keep your information in the stores described below:

On our company computers and laptops: all the computers and laptops we use are password-protected and the hard drives are encrypted.

Your customer record and report: We use Microsoft Office 365 to store our customer records, notes and reports. This system is password-protected. Passwords are changed every 90 days and it is company policy that passwords are not shared. This system stores information in a data centre within the EU, and is GDPR compliant. We back up our electronic data weekly using an encrypted external hard drive that is kept in a locked filing cabinet away from our main business premises.

As a paper copy: We take hand written notes when we meet you. These notes are used to create reports which are stored with any printed personal information or reports within a locked filing cabinet. Paper copies of documents are scanned and uploaded onto Office 365. Most paper copies are then shredded; those which have to be kept are held in a locked filing cabinet at our business premises. If papers have to be carried to client meetings, they are never out of sight of the therapist who is carrying them.

Email opt in/opt out

We may use your email address to send periodic email newsletters regarding our service and upcoming workshops and events. However, we will only do so if you have given us your permission. We keep your data until you inform us that you no longer wish to receive news from us. If you change your mind at a later date simply click on the word ‘Unsubscribe’ on the email newsletter.

Correcting, updating or removing personal information

Anybody attending Beyond Psychology Ltd may modify or remove any of their personal information at any time by contacting us directly using the contact details shown above. You can also request that we give you a copy of the data we hold on you.

Sharing and disclosure of information we collect

We only send your information to anyone involved in your care, or anyone we are required by law to inform. All reports that are sent electronically are sent as attachments that are password protected. Audio files may be sent by secure electronic means. Third parties receiving your information will be aware of the requirement for confidentiality and data protection, and will have processes in place similar to our own. We will never sell or trade your personal data or disclose your personal information to any third party unless we believe that disclosure is necessary in order to:

  1. Conform to legal requirements;
  2. Protect our rights;
  3. Protect the safety of members of the public or those using our services

We also send the details about your access to our website to our web analytics provider. They are based in the EU and are GDPR compliant.

How long do we keep your information?

We keep electronic invoices for seven years as this is the required length to comply with HMRC requirements. After seven years we delete the invoices from our electronic storage system.

We keep personal details for seven years after the end of assessment and/or therapy, as required by the British Psychological Society, the regulatory body for Psychologists.

How can you see all the information we have about you?

You can make a subject access request (SAR) by contacting the Data Protection Officer. We may require additional verification that you are who you say you are to process this request. We may withhold such personal information to the extent permitted by law. In practice, this means that we may not provide information if we consider that providing the information will violate your vital interests.

How can you have your information removed from our system?

If you want to have your data removed we have to determine if we need to keep the data, for example in case HMRC wish to inspect our records or for safeguarding reasons. If we decide that we should delete the data, we will do so without undue delay.

What happens in case of a breach of privacy?

In the unlikely event of a breach in our privacy system, we will first act to stop the breach, and will then inform you if your information has been affected. If it is possible that your information has allowed someone to identify you, we will inform the Information Commissioner’s Office (ICO).

If your questions are not fully answered by this policy, please contact our Data Protection Officer (office@beyond-psychology.co.uk). If you are not satisfied with the answers you receive, you can contact the Information Commissioner’s Office (ICO) https://ico.org.uk.

Use of Cookies

We use cookies on our website. For more information please visit our Cookie Policy page. Below is a summary of the main cookies used on this website:

WooCommerce

Functional

Usage

We use WooCommerce for webshop management. Read more

Sharing data

This data is not shared with third parties.

Functional

Name
Expiration
session
Function
Store items in shopping cart
Name
Expiration
session
Function
Store performed actions on the website
Name
Expiration
persistent
Function
Name
Expiration
session
Function
Store items in shopping cart
Name
Expiration
1 day
Function
Store items in shopping cart
Name
Expiration
session
Function
Store performed actions on the website

WordPress

Functional

Usage

We use WordPress for website development. Read more

Sharing data

This data is not shared with third parties.

Functional

Name
Expiration
session
Function
Store browser details

Stripe

Functional

Usage

We use Stripe for payment processing. Read more

Sharing data

For more information, please read the Stripe Privacy Statement.

Functional

Name
Expiration
1 year
Function
Provide fraud prevention
Name
Expiration
30 minutes
Function
Provide fraud prevention

Automattic

Statistics

Usage

We use Automattic for website development. Read more

Sharing data

For more information, please read the Automattic Privacy Statement.

Statistics

Name
Expiration
30 minutes
Function
Provide functions across pages

Complianz

Functional

Usage

We use Complianz for cookie consent management. Read more

Sharing data

This data is not shared with third parties. For more information, please read the Complianz Privacy Statement.

Functional

Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store accepted cookie policy ID
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store cookie consent preferences
Name
Expiration
365 days
Function
Store if the cookie banner has been dismissed

Vimeo

Statistics

Usage

We use Vimeo for video display. Read more

Sharing data

For more information, please read the Vimeo Privacy Statement.

Statistics

Name
Expiration
10 minutes
Function
Store and track audience reach
Name
Expiration
2 years
Function
Store the user's usage history

Miscellaneous

Purpose pending investigation

Usage

Sharing data

Sharing of data is pending investigation

Purpose pending investigation

Name
Expiration
Function
Name
bot_detector_pointer_data
Expiration
Function
Name
ct_mouse_moved
Expiration
Function
Name
bot_detector_event_token
Expiration
Function
Name
ct_has_scrolled
Expiration
Function
Name
bot_detector_user_agent
Expiration
Function
Name
ct_cookies_type
Expiration
Function
Name
apbct_headless
Expiration
Function
Name
e_globals
Expiration
Function
Name
e_kit-elements-defaults
Expiration
Function
Name
bot_detector_has_scrolled
Expiration
Function
Name
bot_detector_has_key_up
Expiration
Function
Name
mtnc_upsell_shown_timestamp
Expiration
Function
Name
ct_fkp_timestamp
Expiration
Function
Name
ct_screen_info
Expiration
Function
Name
bot_detector_page_hits
Expiration
Function
Name
bot_detector_headless
Expiration
Function
Name
bot_detector_browser_supports_cookies
Expiration
Function
Name
bot_detector_referrer
Expiration
Function
Name
bot_detector_referrer_previous
Expiration
Function
Name
ct_checkjs
Expiration
Function
Name
ct_timezone
Expiration
Function
Name
apbct_pixel_url
Expiration
Function
Name
ct_has_key_up
Expiration
Function
Name
ct_ps_timestamp
Expiration
Function
Name
mtnc_upsell_shown
Expiration
Function
Name
bot_detector_mouse_moved
Expiration
Function
Name
apbct_page_hits
Expiration
Function
Name
ct_has_input_focused
Expiration
Function
Name
gtm4wp_orderid_tracked
Expiration
Function
Name
bot_detector_screen_info
Expiration
Function
Name
ct_pointer_data
Expiration
Function
Name
WP_PREFERENCES_USER_1
Expiration
Function
Name
bot_detector_has_input_focused
Expiration
Function
Name
apbct_session_id
Expiration
Function
Name
apbct_prev_referer
Expiration
Function
Name
wordpress_apbct_antibot
Expiration
Function
Name
rank-math-option-titles-index
Expiration
Function
Name
wistia
Expiration
Function
Name
wistia-video-progress-fj42vucf99
Expiration
Function
Name
rank-math-option-sitemap-index
Expiration
Function
Name
wpr-hash
Expiration
Function
Name
rank-math-option-general-index
Expiration
Function
Name
wpfssl_upsell_shown_timestamp
Expiration
Function
Name
wistia-video-progress-j042jylrre
Expiration
Function
Name
wistia-video-progress-z1qxl7s2zn
Expiration
Function
Name
wfssl-tabs
Expiration
Function
Name
wpr-show-sidebar
Expiration
Function
Name
wistia-video-progress-7seqacq2ol
Expiration
Function
Name
wpfssl_upsell_shown
Expiration
Function
Name
rank-math-option-search-index
Expiration
Function
Name
wp-autosave-1
Expiration
Function
Name
apbct_session_current_page
Expiration
Function
Name
apbct_site_referer
Expiration
Function
Name
wp_lang
Expiration
Function
Name
bot_detector_cron_log
Expiration
Function
Name
sbjs_migrations
Expiration
Function
Name
sbjs_current_add
Expiration
Function
Name
sbjs_first_add
Expiration
Function
Name
sbjs_current
Expiration
Function
Name
sbjs_first
Expiration
Function
Name
sbjs_udata
Expiration
Function
Name
sbjs_session
Expiration
Function

Additional Documents

Updated April 2023.