Creative Space OT

Privacy Policy

Background

Creative Space OT understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our customers, partners and suppliers, and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.

Information about us

Business name:Creative Space OT
Business type:Sole trader
Founder and owner:Delphine Durand
Health and Care Professions Council (HCPC) registration:OT60168
Data Protection Officer:Delphine Durand
Email:
delphinedurand26@yahoo.com
Creative Space OT is registered with:Information Commissioner’s Office (ICO).Registration reference: ZB234911

What Does This Policy Notice Cover?

This Privacy Information explains how Creative Space OT use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.

Information we collect

Your personal data comes to us when you engage our services or when you contact us by email. If you work with us or email us, we will have asked you if you want your email added to our mailing list.

If you have made an enquiry, consultancy or resources, the personal data that we collect may include:

Basic information: your name, your child’s name, school/company and job title.

Contact information: postal address, email address, phone number.

We may also collect and process health and developmental information, including:

  • Medical history and diagnoses
  • Developmental history
  • Assessment results and therapy records
  • Reports and professional correspondence
  • Information from schools or other professionals (where appropriate)

Why do we need your personal information?

We hold your personal data for these reasons:

  • To respond to queries by email or telephone
  • To perform and manage the services and support we provide to you
  • To check and improve the quality of our services
  • To help with research and planning to improve our services [1]
  • To send out information about our events

Our lawful basis for processing

Under UK data protection law, we rely on the following lawful bases for processing personal data:

  • Contract- where processing is necessary to provide occupational therapy services
  • Legal obligations- where we are required to retain records for regulatory or legal purposes
  • Legitimate interests- to manage and improve our services
  • Consent- for therapeutic interventions, marketing communications and use of testimonials.

Do we share your data?

We do not sell or rent your data to third parties.

We may share your information, where appropriate, with:

  • Parents or carers
  • Schools, nurseries or local authorities (e.g. for an EHCP)
  • Other health or education professionals involved in the care of the individual

We only share your data with trusteed third parties, known as Data Processors. All our Data Processors comply with the GDPR. They therefore only use your data as instructed by us and never share it with anyone besides us.

How do we protect, store and/or transfer your information?

We will only store or transfer your personal data for use within Creative Space OT. This means it will be fully protected under the GDPR.

We will ensure we hold records about you (on paper and electronically) in a secure way. Examples of our security include:

  • Keeping up to date with latest security measures
  • Encryption and password protection
  • Secure storage for paper-based records and portable electronic devices when not in use
  • Controlling access to systems to ensure your personal information is only accessed by our Data Processors (i.e. Creative Space OT)

How long do we keep your data?

We will only retain your information for as long as we need it in order to fulfil the purposes for which we have initially collected it. This is in line with the Health and Care Professions Council and the Royal College of Occupational Therapist guidelines and policies.

Data Breaches 

We will report any unlawful data breach of this website’s database or the database(s) of any third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

Links to other websites

This Privacy Notice does not cover any websites that you can link to from within this website. Please remember to read the Privacy Notice on other websites that you visit.

Your Rights

Under GDPR you have the following rights regarding your personal data:

  • The right to be informed – how we collect and use your personal data
  • The right of access – to request access to your personal data
  • The right to rectification – to have your personal data corrected if it is inaccurate and to have incomplete personal data completed
  • The right to erasure – to have your personal date erased
  • The right to restrict processing – to request the restriction or suppression of your personal data
  • The right to data portability – to obtain your personal data, and reuse it for your own purposes
  • The right to object – to us processing your personal data
  • Rights in relation to automated decision making and profiling – to request information about the processing
  • The right to challenge a decision

Changes to this Privacy Notice

This Privacy Notice may change from time to time in line with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes.

[1] If we use your personal information e.g. testimonials for publicity on our website, we will only do so with your consent.