GDPR - Policy
The ISPC is serious about data security and confidentiality and this document will explain what data we hold, why we hold it and how it is kept safe. The ISPC holds only information that has been supplied to us by our members. We will also explain your rights and how to contact us should you wish for any data to be edited or removed.
The lawful basis for collecting this data is Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
– Your consent. You are able to remove your consent at any time. You can do this by contacting registrar@ispc.org.uk
– We need it to perform a public task – By providing a public register of counsellors
– We have a legitimate interest
What data is held?
We only hold data that has been formally submitted to us. This includes; Names, addresses, contact details (phone, email), specialism, signed documents (contracts) and professional photos, and assignments including case studies, presentations and personal journals
Where is my data stored?
Any data that has been submitted by a member to the ISPC will be stored in their respective folders which is found on our local servers. This ranges from basic information, signed documents i.e. class confidentiality agreements, assignments etc.
In addition, personal information is stored on our provider database.
Is my data secure?
All data that we hold is located on secure local servers that can only be accessed by the ISPC staff who have been given permission. This means that only the ISPC staff can access this data. Furthermore, this information is safeguarded using appropriate anti-virus and firewall software that is regularly monitored and updated. We may have physical copies which are stored in a locked cupboard in our office.
What is my data used for
Contact details are used so that we can contact individual members about updates. Signed documents such as contracts are saved so that we have proof that you as a member, comply with our rules and code of ethics.
Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at registrar@ispc.org.uk if you wish to make a request.
The ISPC will not hold your data for longer than is deemed necessary for the purposes of therapy or any other service we provide and in accordance with and following best practice and legal guidance. If you wish to know how long we hold data or notes for please contact us.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at registrar@ispc.org.uk or 01522 546554.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk