S&S van Scoyoc LLP
Effective 25 May 2018
Stephen van Scoyoc
Data Protection Officer
Suite 93 Dorset House
How We Use Your Information
In order to provide you with services such as training, updates, therapy, or consulting, we need information from you which may include your identity, your address, your email, and your telephone. In the case of therapy, additional details may be taken to provide the service you are expecting such as notes about your sessions, medical records, school records, insurance reports, personal history, sexual preferences, relationships, etc. In addition to any requirements of the GDPR, this information may be further protected by the British Psychological Society code of ethics and the regulating body Health and Caring Professions Council.
We may use your information in our accounting system to bill for services, take payments, file tax returns, and track your financial obligations to us. Once our financial relationship is concluded we will continue to hold that information until no longer required by HMRC or any other party with a legitimate interest. We do not hold credit card details.
If you have asked us to include you on a mailing list to announce training sessions or classes, we will use your email and name (optionally) to provide this to you. This information is not sold, transferred or used for purposes other than emails from us to advise you of our services.
Our website may use or set cookies if you subscribe to us or send emails through the site. Our website will ask your consent the first time you visit. You may turn off cookies on your device, but some features of our website may not work properly.
Lawful Basis for Processing
Our basis for processing your information is legitimate interests. This is information that both you and we might reasonably expect to be provided and maintained in order to provide the service or information you want. In the case of our email list you will have volunteered that information for the purposes stated on our sign up form and you always have the right to end the processing. You may have also provided this information when meeting in person at a conference or business meeting.
Our basis for processing special category information such as gender, sexual preference, marital status, business details and similar is also legitimate interests and this will be information you have consented to provide to us in order for us to provide you with the services you have requested. It is information that we both would reasonably expect to be shared between us with a clear understanding of how it will be used and protected.
Categories of Personal Data Obtained
We do not obtain data from third parties unless it has been released to us with your informed consent. Examples of this may be legal, medical, criminal, educational, social, or other records released by your solicitor for use in preparing a report on your behalf.
Data we receive will nearly always be obtained either directly from you, your representative, or your guardian. In the case of children, this information will be obtained from the child and/or the guardian.
We may access public records such as but not limited to Companies House, County Courts, social media sites, Information Commissioner’s Office, and others if deemed necessary to pursue legal claims for the recovery of debts owed to us.
Recipients of Data
Data received from you will be used only within our partnership for the purposes you and we reasonably expect for the services being provided. Except as required by law, courts, or police, we do not release data to recipients outside of our business. If you pay for our services via credit or debit card then you will provide that information directly to the processor via a website or point-of-sale machine.
Transfers Outside of the EU
We do not transfer data outside of the EU for processing, meaning to be handled, viewed, manipulated, scanned, or otherwise accessed by someone outside of our business. However, data may be moved and stored outside of the EU for our own purposes such as accounting, storage, video consultations, emails, and similar circumstances. We make an effort to ensure these providers are GDPR compliant, to minimise our use of such providers, and to consider if security measures are in place that are reasonable and reliable. It is also likely that we may work with you or communicate with you while we are located outside of the UK or EU. In any event, our company will continue to comply with the GDPR and respect your rights.
How Long We Hold Your Data
We hold data only as long as we are required by law for accounting and tax purposes, which may be three years or longer. If you make an enquiry via our website we will keep that correspondence only as long as your enquiry is active. Emails received directly and related to services we are providing you will be kept only as long as we are working with you and will typically be deleted 30 days after we cease working with you. Notes maintained as part of therapy or supervision with you will be deleted 30 days after you advise us we are no longer working with you. If we hold your details as a subscription to receive notices of training or other services we will delete such information immediately upon your request, which will normally be through an automated link. The email we receive to confirm your sign up to our list will be maintained until you cancel your subscription.
A complete summary of your rights is available at the Information Commissioner’s Office website. You may request copies of data we hold on you and we must provide this information free-of-charge within 30 days. However, if your request is unreasonable or you have made repeated requests for the same information, we may refuse to comply unless and until a fee is paid or an agreement reached on the data to be provided. You always have the right to file a complaint with the Information Commissioner’s Office if you feel we have violated your rights under the GDPR. We will do our best to provide your information in a format that you can understand and use.
Source of Personal Data
We do not obtain data from third-parties without your consent except in the case of children or vulnerable persons and then this data will be obtained from a responsible party, solicitor, or a party holding power-of-attorney. If you are asking us work in a legal case in which you are a party, we may receive information from the courts, the police, the Crown, or your legal team. In this case such a release is made on your behalf by parties you have authorised. We may receive data from an insurance company or medical providers, again on your authorisation and knowledge.
Your Obligations to Provide Data
You are under no obligation to provide information to us, but we may not be able to provide you with the services you are requesting. In such a case, we may choose to not provide you with services that you are seeking.
Automated Decision Making
We do not engage in any automated decision making with your data.