Privacy Policy
Personal data is an increasing concern for individuals and it is understandable that service users are interested in how companies look after their data and privacy. EMDR ZONE not only provides care for your well-being; we aim to apply that same level of care to your data and privacy.
This Privacy Notice covers how EMDR ZONE: Collect; Use; Disclose; Transfer; Store your data; and Your Rights according to your data when you use or visit our website to obtain and access mental health support.
Our commitment to you
EMDR ZONE is committed to protecting and respecting your privacy. Any decision we make regarding data will have considered the 6 principles for processing personal data contained in Data Protection Legislation.
Data Protection Legislation means the Data Protection Act 2018 (DPA 2018), United Kingdom General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the aforementioned legislation. Where data is processed by a controller or processor established in the European Union or comprises the data of people in the European Union, it also includes the EU General Data Protection Regulation (EU GDPR). This includes any replacement legislation coming into effect from time to time.
Scope
This Privacy Notice applies to online therapy services (provided by our website) users and visitors to our website.
We may change this Privacy Notice from time to time, so please check back regularly to keep informed of any updates. This version of the Privacy Notice was updated on _____
Processing of Your Personal Data
Your personal data, including;
-
Name, Surname, Email address, country of residence, and billing address and card details for card payments;
-
You can upload a photo or image of yourself to use as your profile image
-
We collect your date of birth to make sure you are 18 or over before using our online therapy services.
-
The check in for mood, anxiety and depression collect health data regarding your mental health so you can track and monitor your symptoms and keep track of your progress (they are not intended as a diagnostic tool.)
-
The online self assessments, helps us match you with the most appropriate therapists and therapy options available to provide you with support and therapy. This assessment will ask a number of questions about your gender, age, physical and mental health, previous treatments, medication, work status, mood and lifestyle such as drug and alcohol use.
-
If you book an online therapy session or used the messaging facility we will keep details of contact we have had with you throughout your sessions with our therapists Treatment notes and reports about your health/mental health and any treatment you have received;
-
Details of the services you have accessed;
-
Your feedback and treatment outcome information;
-
Information surrounding complaints and incidents which may have arisen;
-
Recordings of inbound and outbound telephone calls you make to our support team;
-
Details of visits to our website (including your IP address, login information, and other analytical information).
is processed under the legal grounds specified in Article 6 of the GDPR. The processing is carried out for the following purposes:
-
To enhance the quality of your interactions with our website and experts,
-
Provision of healthcare services and assessments,
-
To create your registration with the personal data you provide,
-
Record keeping and administration purposes,
-
To address you correctly during conversations,
-
To confirm your legal capacity to receive our services,
-
To provide services within the scope of our consultancy services,
-
To analyze and fulfill the needs and requests you convey during conversation,
Legal Purposes for Processing Your Personal Data:
Contractual necessity: We will process your Personal Data when it is necessary to perform a contract you have entered into, when booking a therapy session and making an online payment or in order to take steps at your request prior to entry into a contract.
Consent: You can choose to upload an image of yourself to add to your profile.
Explicit Consent: We require explicit consent to process your Health Data. We provide transparency information at each and every point when collecting your health data to make sure that you are aware of how your health data will be used and that you can withdraw your consent at any time by contacting us.
Vital interests: In rare instances, we may need to process your data to protect your vital interests, for example, if we become concerned for your or anyone else’s health and safety during the course of your therapy.
As a provider of healthcare services and assessments, our clinicians are under a legal requirement to document your treatment. These treatment notes will necessarily include data pertaining to your health which is defined as ‘special category data’. Further to the legal grounds for processing above we will process this data special category data on the basis:
-
That it is necessary for medical diagnosis and the provision of health care services – processing of this data will be done by professionals under a common law and contractual duty of confidentiality; or
-
Explicit Consent to process your health data, during your interactions with our experts to determine the most suitable expert to provide you with the best service, conduct diagnostic tests as necessary, and improve your overall service experience. If you have given consent, you can change your mind at any time and withdraw it by contacting us.
In certain circumstances where we need to process ‘special category data’ in the context of our services but outside the scope of our services, for example, in order for us to audit the quality of our service, for the establishment, exercise or defense of legal claims or in the public interest in the area of public health, such as protecting against cross-border threats to health or ensuring high standards of quality and safety of health care.
Use
We will only use your Personal Data for the purpose, or purposes, for which we have obtained it. If we reasonably consider that we need to use it for another reason we will only do so if that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will inform you and explain the legal basis which allows us to do so.
Please contact our DPO (info@emdrzone.com) using the details above if you would like further information on the exact lawful basis for any specific data processing activity.
Transfer
Due to the location of our servers, your personal data may be transferred abroad in order to provide you with our services under the legal grounds of GDPR Article 44.
Your personal data is shared with the company providing the "Chatbot service" only to enable us to offer you the best support through the Customer Support/Chatbot program and to perform the necessary external services related to our activities based on the legitimate interests of the data controller.
Your personal data may also be shared with "Authorized Public Institutions and Organizations" as required by law to fulfill our obligations and protect our rights. Additionally, it may be shared with our "Suppliers" with whom we are in a business relationship for the performance of contracts, establishment or protection of rights, and fulfillment of obligations, including, but not limited to, lawyers, financial advisors, and auditors, under the legal grounds of GDPR Article 44.
EMDR ZONE may share your personal information, where required and to the extent permitted and on which we have a lawful basis, with:
-
Any 3rd party who provides your treatment (where we do, we will ensure that they process information in accordance with our confidentiality and security requirements).
-
Solicitors, Insurers, or any other instructing party;
-
Our auditors and external accreditation bodies;
-
Law enforcement agencies and regulators (e.g. CQC);
-
Parties contracted to provide accounting / finance service, including, for example, our auditors and advisors;
-
Public bodies;
-
Our external service suppliers who provide business support services (including IT, security, building maintenance, archiving, data storage, sales and marketing, communication platforms and workflow management);
-
Analytics and search engine providers who assist in improving our website; and,
-
Any other third party you may ask us to share your data with.
Where our professional duties of confidence as medical clinicians require that we seek your consent before sharing your Personal Data with a third party, we will do so. Such consent has a different legal basis to consent for the purposes of EU/UK privacy law and seeking consent further to our professional duties will not therefore affect the basis of processing in privacy law. The processing under privacy EU/UK privacy law will be on the bases as set out above.
Store
EMDR ZONE has in place physical, electronic and operational procedures intended to safeguard and secure the information we collect. These measures are updated as necessary and audited on a regular basis.
How long we retain your data for will vary from matter to matter but will be determined in accordance will the following criteria:
-
The length of time necessary to complete our contract with you;
-
Any time limits for establishing or defending legal claims or responding to complaints/incidents;
-
Any period necessary to comply with our legal obligations under EU/UK law; and,
-
Any periods for retention that are recommended by regulators or professional bodies.
EMDR ZONE provides healthcare services; as such there is a legal and regulatory obligation for records to be kept for a minimum period of time. We will typically keep your data processed in connection with these services for a period of 5 years, after which time it will be destroyed, if it is no longer required for the lawful purposes for which it was obtained. Closed files are archived after 12 months resulting in restricted access and additional security.
Your rights
You have the right to obtain confirmation from us as to whether we are processing your Personal Data and, if we are, to request a copy of the Personal Data we hold about you. This is known as a ‘subject access request’.
If you wish to make a subject access request, please request this at info@emdrzone.com
For all other types of data subject rights requests (below), please email info@emdrzone.com
You also have the right to ask that we update any information we hold about you that may be incorrect. It is important that the information we hold about you is accurate and up to date. If any of your personal information changes please let us know.
In certain circumstances you have the right to request that we restrict the way in which we process your data, or that we erase all personal information that we hold about you.
You have the right to object to certain types of processing.
We will try our best to comply with any request to restrict, object or erase your data, however processing of some data may still be required for legitimate business purposes or to comply with legal obligations. Please note that if you want us to restrict or stop processing your data this may prevent us from providing our services to you.
You have the right to request that we send a copy of your data, that you have provided to us, to another organization for your own purposes (e.g. if you wish to change service provider). This data must be provided in a structured and usable format. This right only applies to Personal Data processed by way of consent or in pursuant to our contract with you. If you wish us to transfer your Personal Data in accordance with this right please let us know.
As part of the processing of your personal and health data, decisions may be made by automated means using clinical algorithms. An automated decision is one that is made by our systems rather than a person. Under data protection laws, you have the right to:
-
Express your concerns and object to a decision taken by purely automated means; and
-
Request that a person review that decision.
-
If you would like us to review a decision we have made about you, such as a recommendation for a treatment pathway, please contact us.
Where you have used our digital services such as our online self-assessment and health applications and we have used your personal and health data to create a profile of you, your right to request a copy of the Personal Data that we hold about you includes not only the Personal Data used to create the profile but also the information on that profile itself. Where there are any inaccuracies in the profile (or the information that we have used to create that profile) you have the right to ask that we update the profile or any information we hold about you that is incorrect.