At Bright-Side data is received into the company by
- text message
- voicemail message
- via our website http://bright-side.org
- via a referral
- In person
- Social Media
Once we identify that we receive personal data from a specific means, we next secure those means, protecting:
- mobile phones, physically secure and also ensured they are password-protected, ensuring there is security on the content
- computers and laptops are safeguarded where they are kept and that any access to information is not shared with other users.
- phone messages – everyone who takes messages on behalf of the company is fully trained on GDPR and understands it. We ensure that no one not entitled to over hear phone messages or voicemails don’t.
- hard copy files are stored in a locked cabinet behind a locked door. One locked door may be the therapists own front door, but files under a second kept lock and key.
- Internet sites are protected by security.
Lawful basis for processing personal data are:
- Consent for online opt in
- Legal Obligation where insurance companies require data to be held for a minimum period
- Legitimate Interests for personal clients requesting therapy
The age of children is verified either by consent from a responsible adult or by sight of ID.
The statute of limitations do not start for a child until they reach majority and they still have the right to bring a negligence claim within three years from then and six years for a breach of contract claim. Retention of the child’s personal data must be balanced against their personal rights and risks to your practice.
Where a breach is likely to result in a risk to the rights and freedoms of individuals, eg. If it could result in discrimination, damage to reputation, financial loss, loss of confidentiality, or any other significant economic or social disadvantage it will be notified to the ICO within 72 hours and the individuals involved will also be informed.
Records are kept of any personal data breaches, regardless of whether we are required to notify.
Data Protection Officers
The Data Protection Officer for Bright-Side is Nicola Rowe.
The lead data protection supervisory authority is the United Kingdom.