CONTENTS 

1. How we gather your information 

2.Where we store your personal data 

3.How long do we keep your notes for? 

4.Your rights 

5. In the event of a data breach 

6. Disclosure of your personal information

 7. Changes to this privacy policy 

8. Recording consent 

9. How do we contact you? 

1. How we gather your information  

• Information that you provide by emailing via the website http://the-m-wordcic.co.uk and via Social Media Platforms, email and/or by phone to request further information about our services. 

• The pre-therapy questionnaire and personal information forms 

• Brief notes that we take during sessions. 

• Regarding online therapy, we use Zoom Pro. Zoom has the ability to record sessions. All  these platforms are securely encrypted. Any chat sessions and therapeutic email exchanges  are stored alongside the video recordings and are downloaded onto inhouse hard drive which  is also encrypted. 

2. Where we store your personal data 

Personal data that we collect from you via any form of contact, whether email, phone or online form - will be kept securely. 

• The pre-questionnaire form (for online therapy), personal information form, therapy  agreement, session video recordings and brief session notes are stored securely on our  inhouse server, which is a fully GDPR compliant service.  

• The pre-questionnaire form (for online therapy), personal information form and therapy  agreement completed on Googledocs. These will be removed from this service within 7 days  and uploaded to our inhouse server. 

• We will keep your email address and phone number within Google Contacts. Google have data  storage facilities inside and outside the EEA, and are protected by the Privacy Shield  agreement between the EU and US. These contact details will be deleted at the end of our  agreed period of work. 

• Any electronic contact we have during the process of your ongoing sessions will be stored on  our computer hard drive for a period of seven years after the end of our working relationship. 

Your phone number will be stored on our phone if we communicate via text and/or direct  calling, or engage in ‘real-time‘ sessions using direct calling, VSee, Zoom or Signal, and will be  deleted at the end of the therapy contract.

• We use Xero Accounting Software to invoice clients and to send receipts. Xero Accounting  Software is GDPR compliant. Your name and email address will be stored on Xero Accounting  Software servers in order for us to send invoices and receipts. We are obliged to keep  financial data for the HMRC for a minimum of 6 years, so your data on Xero Accounting  Software will be deleted 7 years after the end of our working relationship. 

• We may use Stripe to collect payments and send receipts during in-person sessions. If you pay  by credit card, Stripe will remember your details and pre-fill your email address when you use  the same payment card again. Stripe is fully GDPR compliant. We are obliged to keep financial  data for the HMRC for a minimum of 6 years, so your data on Zettle will be deleted 7 years  after the end of our working relationship. 

• Zoom recordings. Will be stored on our internal server/hard drive and will be deleted 7 years  after the end of our working relationship. 

3. How long do I keep your notes for? 

• We will retain your pre-therapy questionnaire, agreement, contact details, session video recordings and brief sessions notes for as long as we are working together and thereafter for a  period of 7 years.  

Your pre-therapy questionnaire, video recordings and session notes we will retain on our in  house server and your invoices and receipts on Xero Accounting Software and Stripe. These  will all be kept for a further seven years after we end our working arrangement, and, with  regard to the notes, in case you decide to return to therapy with us. 

• After 7 years as part of our ongoing commitment to your safety, your contact details, pre therapy questionnaire and brief session notes, video recordings will be securely removed  from our internal servers. 

4. Your rights 

You are entitled to make a subject access request (i.e. to view, amend, or delete the personal  information that we hold). All requests have a month to be carried out (30 days). To contact us about  anything to do with your personal data and data protection, including to make a subject access  request, please use the address and contact details at the bottom of this page.

5. In the event of a data breach 

We have a legal obligation to report a data breach to you and the Information’s Commissioners Office  (ICO) within 72 hours. 

6. Disclosure of your personal information 

If we are under a duty to disclose or share your personal data in order to comply with any legal  obligation. For example, if we are subpoenaed to court, or as a legal requirement such as safeguarding children or vulnerable adults, terrorism or money laundering. 

7. Changes to this privacy policy 

We will notify you of changes we may make to this privacy policy in the future. 

8. Recording consent 

Your use and undertaking of the services of The M Word (Emotional Problem Solving) C.I.C. constitutes your approval and acceptance of this agreement, and you are consenting to our use, and  storage, of your personal information that you have disclosed to us, as detailed above. 

9. How do I contact you? 

Mr John Abbott is registered as the data controller for our organisation. To contact us about anything  to do with your personal data and data protection, including to make a subject access request, please  use the following details: 

T: 07928 232037 |  

E: info@the-m-wordcic.co.uk 

M: The M Word (Emotional Problem Solving) C.I.C, Grange Farm, Main Street, Buckminster, NG33 5SA