Dr Anna Janssen Ltd (“We”) are committed to protecting and respecting your privacy.
This privacy statement (together with our terms and conditions) describes how Dr Anna Janssen Ltd protects and makes use of the information you give us. If you provide, or are asked to provide, information when contacting us, it will only be used in the ways described in this privacy statement.
This statement is updated from time to time and was last updated on May 25th, 2018.
For the purpose of the Data Protection Act 2018, the General Data Protection Regulation (Regulation (EU) 2016/679) and any replacement or amending legislation, the data controller is Dr Anna Janssen Ltd, a company registered in England and Wales under company number 08841045 and with our registered office at Flat 9, 102 Westminster Bridge Road, London, SE1 7XT.
If you have any questions about this policy, please email or write to us at:
Data Protection Lead
Dr Anna Janssen Ltd
85 Wimpole Street
London W1G 9RJ
Dr Anna Janssen Ltd needs to gather and use certain information about clients and prospective clients in line with the information contained within our Terms and Conditions document. This policy describes how this personal data is collected, handled and stored to meet the company’s data protection standards – and to comply with the law.
What data we gather
We may collect the following information from you or about you to enable us to work with you safely and effectively, and to enable the efficient dissemination of appointment reminders and invoicing:
- “Contact Information” – name and address (postal and email).
- “Personal Background Information” – date of birth, GP details, name of educational establishment (where relevant) and details of private health insurance policies (where relevant).
- “Payment Information” – financial and credit card information.
- “Marketing and Communications Information” your preferences in receiving marketing from us and our third parties and your communication preferences.
- “Technical Information”, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, device type, screen size and scale, time zone setting, browser plug-in types and versions, operating system and platform, the full Uniform Resource Locators (URL) clickstream to, through and from our website (including date and time); services you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call us.
During the course of initial contact and then subsequent therapy, we will inevitably also collect a significant amount of other personal data relevant to assessing and treating your presenting psychological difficulties i.e. to enable us to offer you the service you have sought from us. This is special category (sensitive) personal data.
How we use this data
By law, we can only use personal information about you on a limited number of defined bases – the “lawful bases”. The lawful bases are as follows:
- The data subject has consented to such use.
- The use is necessary for the performance of a contract with the data subject.
- The use is necessary for compliance with a legal obligation that we owe.
- The use is necessary to protect the vital interests of the data subject or another person.
- The use is necessary for the performance of a task carried out in the public interest, or in the exercise of official authority.
- The use is necessary for the purposes of legitimate interests of us or a third party (except where such interests are overridden by your fundamental rights and interests).
Of particular concern to us are the bases identified in 1, 2, 3 and 6 above. Where you provide special category (sensitive) personal data, we will also need to have a further lawful basis which in our case will either be your consent or to protect your vital interests.
The table below shows what uses we make of the information we collect and what category of information is involved in that use. It also shows what lawful bases are applicable to each use:
To register you as a client
To process your bookings, including to:
- Provide you with updates in relation to your booking;
- Manage payments, fees and charges;
- Collect and recover money owed to us
To deliver our services including undertaking psychological assessments, delivering therapy and preparing on-going treatment plans
To manage our relationship with you which will include:
- Asking you to leave a review or take a survey
To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
Personal Background Information
Special Category Information
Marketing and Communications Information
Performance of a Contract
Performance of a Contract
Necessary for our legitimate interest (to recover debts due to us)
Performance of a Contract
Consent – in respect of any special category (sensitive) personal data that you provide to us.
To protect vital interests
Performance of a Contract
Necessary to comply with a legal obligation
Necessary for our legitimate interests (to keep our records updated and to study how clients use our products/services)
Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
Necessary to comply with a legal obligation
Disclosing data for other reasons
Pursuant to the uses set out in the table above, we may share your information with selected third parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
We may disclose your personal information to third parties:
- In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
- If Dr Anna Janssen Ltd or substantially all of its assets are acquired by a third party, in which case personal data held by it about its clients will be one of the transferred assets.
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms and conditions and other agreements;
- To protect the rights, property, or safety of Dr Anna Janssen Ltd, our clients, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
We will only share the minimum information necessary for the purpose (which will never include any special category data without your consent) and will seek your express consent to share identifying information outside of above organisations or outside of the EEA (save for in the circumstances set out above).
In certain circumstances Dr Anna Janssen Ltd is permitted to disclose personal data (including special category (sensitive) personal data) without the your consent.
- Carrying out a legal duty or as authorised by a Secretary of State
- Protecting vital interests of a Data Subject or other person
- If the data subject has already made the information public
- Conducting any legal proceedings, obtaining legal advice or defending any legal rights
- Monitoring for equal opportunities purposes – i.e. race, disability or religion (in which case your data will be anonymised)
Under these circumstances, Dr Anna Janssen Ltd will disclose the minimum relevant data, anonymised where possible. However, we will take all reasonable steps to notify the individual whose personal data is being disclosed about the disclosure and ensure the onward security of that data.
We will also ensure that any such data request is legitimate, reasonable and necessary.
Controlling information about you
Your data will be kept for the lifetime of your status as a client with us. When you cease to be a client with us, your data will kept for a minimum period of five years, and a maximum period of ten years in accordance with British Psychological Society professional practice guidelines. You have the right to ask for your data to be destroyed after the minimum period of five years, but not before then.
Dr Anna Janssen Ltd has the right to retain your data for the five-year period in accordance with the professional guidelines and also so that it can respond effectively to any questions or complaints that may later be raised by you and/or your representatives, or other legal proceedings.
We will always hold your information securely:
- All paper client files and therapy notes (clinical records) are kept secure in a locked filing cabinet.
- Any information you send us on email is immediately transferred to your clinical record, following which the email is deleted.
- Access to your personal information is restricted on a ‘need-to-know’ basis only i.e. for those concerned directly with your care and with your account.
- Data held in electronic form is backed up regularly.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards. In the unlikely event of a data protection breach we will notify the Information Commissioner’s Office (ICO) so that their procedures can be followed. We will also notify all individuals whose data may have been accessed to alert them to the breach and any potential risks.
You have the following rights under law in respect of your personal information:
- The right to be informed about the collection and use of your personal information;
- The right of access to your information to verify the legality of our use of it;
- The right to request that inaccurate or incomplete information about you is rectified;
- The right to request the deletion or removal of your information where there is no further reason for us to use it;
- The right to restrict the use of your information;
- The right to obtain and reuse the information that we have about you for your own purposes;
- The right to object to certain uses (such as for marketing purposes); and
- The right not to be subject to a decision that has a legal effect on you that has been based on an automated decision.
Should you wish to exercise any of these rights, you may do so at any time by writing to us at the address given below. We will respond to any request to exercise any of these rights promptly, and in any event within 30 days.
If you feel that your rights have been breached in any way, you should contact us at the address given below, or lodge an official complaint with the Information Commissioner’s Office.
Should, during the course of your contact with us, any personal data be subject to change e.g. if you move house, change GPs, change your name etc., we would be grateful if you could notify us at the earliest opportunity so we can ensure our records are up to date.
Subject access requests
All individuals who are the subject of personal data held by Dr Anna Janssen Ltd are entitled to:
- Ask what information the company holds about them and why.
- Ask how to gain access to it.
- Be informed how to keep it up to date.
- Be informed how the company is meeting its data protection obligations.
If you would like to request a copy of the data we hold about you, this is called a subject access request. Subject access requests must be made in writing and we would be grateful if you could send your request by email to the Data Protection Lead firstname.lastname@example.org. We will provide the relevant data within 30 days. We will always verify the identity of anyone making a subject access request before handing over any information.
You have the right to ask us not to process your personal data for marketing purposes. We will ask for your consent (before collecting your data) if we wish to use your data for such purposes or if we wish to disclose your information to any third party for such purposes. You can update your marketing preferences at any time by contacting us at any time.
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.