Privacy Policy 

How I store and manage client data:

I will always make it clear to you when I collect your personal information and will explain to you what I intend to do with it and how long it is stored for.

As data controller for my business, I am fully committed to complying with the General Data Protection Regulations (Data Protection Act 2018). For the purpose of GDPR (General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), the data controller is Elle Gilbertson. I am registered with the ICO (Information Commissioner’s Office), and my registration number is ZA787195. I take the careful handling of your data seriously and abide by UK laws.

 

Collecting and Storing your information

At the start of therapy and throughout therapy, I will gather and store your contact details in addition to other information about you relevant to the therapeutic process. This information also includes brief session notes which form a record of the content of sessions.

I have a legitimate interest in this information and collect it in line with safeguarding procedures and for the purpose of providing you with an Art Therapy service based on best practice.    

By inputting data to this website, including the referral form, you will give me the consent to store your information. 

Any of your information I collect, and store, will be kept securely on an encrypted computer system protected by up-to-date antivirus software. I am the only person with access to this computer system. Your information will be stored for up to 8 years in line with GDPR requirements. You can request to view the data that I hold on you at any time. If you would like to view the data that I hold on you, the request must be given to me in writing and then I will send you data to you within 28 days of receiving the request. If the referral is not accepted, then the referral form will be destroyed securely. 

Your rights:

GDPR gives you the following rights: 

 

  • The right to be informed: To know how your information will be held and used (this notice).

  • The right of access: To see your therapist’s records of your personal information, so you know what is held about you and you can verify it. 

  • The right to rectification: To tell your therapist to make changes to your personal information if it is incorrect or incomplete.

  • The right to erasure (also called “the right to be forgotten”): For you to request your therapist to erase any information they hold about you.

  • The right to restrict processing of personal data: You have the right to request limits on how your therapist uses your personal information.

  • The right to data portability: under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems.

  • The right to object: To be able to tell your therapist you don’t want them to use certain parts of your information, or only to use it for certain purposes.

  • Rights in relation to automated decision-making and profiling.

  • The right to lodge a complaint with the Information Commissioner’s Office: To be able to complain to the ICO if you feel your details are not correct, if they are not being used in a way you given permission for, or if they are being stored when they don’t have to be.

 

Full details of your rights can be found at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

If you wish to exercise any of these rights, please contact me using my contact details given above. If you are dissatisfied with the response you can make a complaint to the Information Commissioner’s Office; their contact details are at www.ico.org.uk

Engaging with this website:

 

We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.

 

When you conduct a transaction on our website, as part of the process, we collect personal information you give us such as your name, address and email address. Your personal information will be used for the specific reasons stated above only.

 

We collect such Non-personal and Personal Information for the following purposes:

  1. To provide and operate the Services;

  2. To provide our Users with ongoing customer assistance and technical support;

  3. To be able to contact our Visitors and Users with general or personalized service-related notices and promotional messages;

  4. To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we or our business partners may use to provide and improve our respective services; 

  5. To comply with any applicable laws and regulations.

 

Our company is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall. 

All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.

 

We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone, text messages, and postal mail.

 

If you don’t want us to process your data anymore, please contact us at ellegilbertson@protonmail.com.

 

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. 

 

If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us at ellegilbertson@protonmail.com

Elle Gilbertson is committed to inclusivity and welcomes people of all ethnicities, LGBTQIA+, people with disabilities, and people of all ages. 

The information on this website is for informational purposes and is not intended to replace medical or psychological assessment and treatment. 

Please note that I do not offer a crisis or emergency service. In such situations, if you are living in the UK I would recommend that you contact your GP during clinic hours, attend your local Accident & Emergency department, or dial 999 in an emergency. If you are from outside the UK please have a look on the befrienders website for crisis support in your country. www.samaritans.org. and www.befrienders.org

All images and content on this site are ©Elle Gilbertson 2020 -22 and may not be copied, published or used without permission.