Our Privacy Charter
This is a working document so will be updated regularly. Here is a list of what we do to protect your personal information:
“The Academy aspires to be a role model for data privacy in a positive way,believing that your privacy is very important“
1. All our files are held within a cloud-based file management system which is password protected for access. These files are limited to our tutors and administrator, on a need to know basis.
2. Every person having access to those files has signed a confidentiality agreement with our company.
3. We require all companies working with us (such as website building & newsletter management) to sign a confidentiality agreement. In practice this is likely to be a standard part of contractual arrangements.
4. Any specific files, such as databases, also have their own password for a second level of protection. This includes our master password list which is itself password protected. Where possible two-step authentication is implemented.
5. Wherever emails are sent to more than one person, apart from internal emails amongst staff members, or student groups, all recipients of emails are blind copied, with the sender sending the email to themselves so that no one else shows in the received line. This is known as “bcc”. We will not send you emails about our courses and publications unless you have actively given us your permission. Our newsletters are managed within MailChimp for efficient and compliant data storage purposes.
6. Where files are of a personal nature they are sent using a specific web-based encrypted service, WeTransfer.com. Alternatively we may send them using a password-protected file attached to an email. If we use this second method we send the password via a different method, either using a mobile phone message or a Signal (Android and apple app) message.
7. We only use software where data security is fully implemented and where their adherence to GDPR compliance is confirmed in their Terms and Conditions. In particular we use zoom for all our teaching, supervision and therapy sessions: https://support.zoom.us/hc/en-us/articles/360000126326-Official-Statement-EU-GDPR-Compliance.
8. We will never share or sell your information. In the case where the company is sold, all data will go as part of the sale, but you retain your rights to erasure at all times.
9. If you would like to have your details removed from our system, partially or entirely, we will be happy to do so, providing that there is no adverse reason (such as a complaint or a legal reason) for us to do so. If you want your information removed we invite you to write to firstname.lastname@example.org putting “right to erasure” in the email subject field.
10. We will review our data protection management annually to ensure it is still fit for purpose and complies with current regulations.
11. We have appointed a member of staff to oversee GDPR on behalf of the Academy. This is Anne Frost. She can be contacted at email@example.com.
12. When we undertake any new project we will implement a Data Protection Impact Assessment to ensure we think through your privacy.