GDPR

Privacy Policy

On 25th May 2018 it became a legal requirement under the GDPR (General Data Protection Regulation) for your Art Therapist to be explicit with you about their data processing procedures. Most importantly the GDPR made it a legal requirement for you to actively opt in and consent to these arrangements and the handling of your data.

In compliance with the GDPR, our new Privacy Policy explains in detail what information we receive from you and why. It also outlines in which circumstances and how we may share your personal information and with whom we share it with. The latest revision of this Privacy Policy was published on 15ht July 2023. Please read the following carefully to understand our views and practices regarding your personal data. By visiting our website you are accepting and consenting to the practices described in this policy. Please check back regularly to keep track of any Privacy Policy updates.

How we store and manage client data

Who we are

This website belongs to Mind Your Self, a trading name of Are & Be Limited, a registered company (12114950) in England and Wales. The registered address is Eldo House, Kempson Way, Suffolk Business Park, Bury St Edmunds, Suffolk IP32 7AR.

In the context of this Policy, Mind Your Self is both the ‘Data Controller’ and the ‘Data Processor’ of the personal data you provide to us, and we will sometimes refer to ourselves in this Policy as “we”, “us” or “our”.

Data controller & Data processor

The term Data Controller means that Mind Your Self determines the purposes and way in which any personal data you provide to us is, or will be, processed. The term Data Processor means that Mind Your Self is responsible for processing personal data you provide to us.

We will always adhere to codes of confidentiality set by our professional and supervising bodies (British Association of Art Therapists (BAAT) and Health Care Professions Council (HCPC). We also adhere to legislation upheld by the conditions of our Insurer. Without your permission to store your personal information we are unable to provide you with therapeutic services.

We never sell on data or use it for unethical reasons

By inputting your data into this website, including the contact form, you give us the consent to store your information. Any of your information we collect, and store, will be kept securely on an encrypted computer system protected by up-to-date antivirus software. Mind Your Self is the only entity with access to this computer account. Your information will be stored for up to 8 years in line with GDPR requirements, for children, this time scale runs from the point of their 18th birthday; after this time information will be destroyed.

Mind Your Self will check personal data annually to ensure any data is deleted at the end of its retention period. You can request to view the data that we hold on you at any time. If you would like to view the data that Mind Your Self holds on you, the request must be given to us in writing which can be emailed to bisha@mindyourself.uk and we will send your data to you within 28 days of receiving the request. If we do not agree to work together any information I have on you will be destroyed securely.

Please remember if you choose to email us from an insecure email address, please consider limiting content in order to protect your privacy when sharing information via email with us.

We only use your personal information to keep record of you, provide you with therapeutic service and invoice you. Personal information may be collected through use of this website or through other points of contact relevant to Mind Your Self services you wish to engage with.

For example:

  • Contacting us by email or the contact form on our website.

  • Registering to attend an event.

  • Submitting any other information in connection with our services.

The types of information we may ask for could include your name, surname, gender, age and your preferred contact details.

We gather this information from you to allow us to provide you with a therapeutic service and agree on a therapeutic contact. This includes paying for our service. When you pay for Mind Your Self services your name will appear on bank statements and your contact details are stored within our accounting software. With this in mind, please consider the identifying information you share when making a payment.

You do not have to provide your personal information when using our website; however we cannot provide you with any specific information or services unless you do so.

At the start of therapy and throughout therapy, Mind Your Self will gather and store your contact details. This is in addition to other information about you, relevant to the therapeutic process such as relevant historical information, or information about other professionals supporting you, including your doctor (GP). The data protection legislation regards such information as sensitive or special categories of personal data. For example, information relating to your physical or mental health, by completing and signing our therapeutic contract form you will signify your consent to such data being processed by us.

This enables us to complete a thorough assessment of your needs and ensure you receive the best therapeutic support. Your GP maintains medical responsibility for you. We will also collect brief session notes which will form a record of the content of our sessions together. This will be collected in line with safeguarding procedures and for the purpose of providing all clients with an art therapy service based on best practice. Any such information provided will be held in the strictest confidence and used only for the purpose stated.

At Mind Your Self all client communications are confidential, except for the following:

  • Clinical supervision of our practice, your name and artwork will be anonymised.

  • If a client indicates there is a risk of harm to self or others, in which case guidance is sought from other emergency care professionals. Breaks in confidentiality for these reasons will be discussed with you beforehand when possible. ​

  • In the unexpected event that your therapist is unable to work with you and unable to make contact with you, a 'Clinical Executor' will have access to your details to get in touch with you, they are also bound by comparable rules of confidentiality.

Mind Your Self may contain other links and websites of interest, please note that we do not have control over these websites and therefore can not be responsible for the protection and privacy of any information which you provide while visiting them, they are not governed by this Privacy Policy. You should look at the privacy policy for each website you visit.

GDPR - Your rights

Under applicable data protection laws you are entitled to request the following:

  • Right of access - to request access to your personal information and how it is processed.

  • Right to rectification - to have our personal information corrected if it is inaccurate or incomplete.

  • Right to erasure - (also known as the right to be forgotten), however this is subject to any legal rights or obligations we have to retain data.

  • Right to restriction - you have the right to request limits on how your personal information is used.

  • Right to data portability - under certain circumstances you can request a copy of your personal information held electronically so you can reuse it in other systems.

  • The right to object - to say no to processing of your personal information.

  • The right to complain - to lodge a complaint with the Information Commissioner’s Office (ICO): if you feel your details are not correct, if they are not being used in a way you have given permission for, or if they are being stored when they don’t have to be.

  • Rights in relation to automated decision-making and profiling.

These are called your Data Subject Rights, full details of your rights can be found at www.ico.org.uk. Mind Your Self is registered with the ICO.

If you wish to exercise any of these rights, please contact us using the contact form quoting 'Data Subject Rights' or email me at bisha@mindyourself.uk.

If you are not satisfied with our response, you can make a complaint to the Information Commissioner’s Office; their contact details are at www.ico.org.uk.​

Cookie Policy

A cookie is a piece of data sent from a website and stored in your web browser on your computer, mobile or other handheld device, while you are browsing a website. Cookies can store your account identifier, personalisation or website tracking. They can also be used for technical purposes such as keeping track of your current browsing activity, collecting information about your computer, including (where available) your IP address, operating system and browser type, for system administration.

We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information such as your name, email, password, communications and payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.

You have the ability to accept or decline cookies by modifying the settings in your web browser; however, you may not be able to use all the features of the website if cookies are disabled.