Creative-Connections takes the confidentiality of our clients seriously. This page explains how we comply with the General Data Protection Regulation Act (2018) regarding what data we hold and how and why we store, process and dispose of it.
This policy therefore sets out the basis on which any personal data I collect from you, or that you provide to me, will be processed.
Please read the following carefully to understand my views and practices regarding your personal data and how Creative-Connections will treat it. By visiting www.creative-connections.uk you are accepting and consenting to the practices described in this policy.
User privacy and data protection are human rights.
We have a duty of care to the people within our data.
Data is a liability, it should only be collected and processed when necessary.
We will never sell, rent or otherwise distribute or make public your personal information.
Data Protection Compliance
Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
UK Data Protection Act 1988 (DPA)
EU Data Protection Directive 1995 (DPD)
EU General Data Protection Regulation 2018 (GDPR)
Personal Information Collection
Creative-Connections may collect and use the following personal information:
Information that you provide by filling in forms on our site, www.creative-connections.uk. This includes information provided when contacting us through our site, posting material, training or requesting further services.
Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access to improve our site, products/services and customer service;
Contact you when necessary or requested, including responding to your questions and comments and providing customer or public support; to provide you with information that you have requested from us; send you marketing communications; training events.
Where Creative-Connections discloses your personal information to its agents or sub-contractors for these purposes, the agent or sub-contractor in question will be obligated to use that personal information in accordance with the terms of this privacy statement.
In addition to the disclosures reasonably necessary for the purposes identified elsewhere above, Creative-Connections may disclose your personal information to the extent that it is required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and to establish, exercise or defend its legal rights.
Storing Personal Data
We store all client details in a locked filing cabinet, with personal contact details stored separately from private therapeutic notes that hold minimal information and do not identify clients. Information is also held on my personal password protected laptop that has anti-virus protection. For the protection of the therapist and client, personal details and private therapeutic information will be retained for a period of 7 years, after which it will be destroyed via a cross cut shredder. Creative-Connections uses encrypted email services and is registered with the Information Commissioners Office (ICO) .
Our website is hosted on Wix.com Ltd. Your data is stored through Wix’s data storage, databases and the general Wix application. They store your data on a secure server behind a firewall. By submitting your personal information, you agree to the transfer, storing or processing of this data. For more insight, you may also want to read Wix’s Terms of Service or Privacy Statement
Third Party Services
Wix has partnered with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting and server co-location services, communications and content delivery networks (CDNs), data and cyber security services, billing and payment processing services, domain name registrars, fraud detection and prevention services, web analytics, e-mail distribution and monitoring services, session recording and remote access services, performance measurement and data optimization services, content providers, and our legal and financial advisors (collectively, “Third Party Service(s)”). Such Third-Party Services may receive or otherwise have access to our Visitors’ and Users’ Personal Information and/or Users-of-Users’ Personal Information, in its entirety or in part – depending on each of their particular roles and purposes in facilitating and enhancing our Services and may only use it for such purposes.
Wix has implemented security measures designed to protect the Personal Information you share with us, including physical, electronic and procedural measures. Among other things, we offer HTTPS secure access to most areas on our Services.
We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways and Third-Party Services for further enhancing the security of our Services and protection of our Visitors’ and Users’ privacy.
However – regardless of the measures and efforts taken by Wix, we cannot and do not guarantee the absolute protection and security of your Personal Information, your Users-of-Users’ Information or any other User Content you upload, publish or otherwise share with Wix or anyone else.
These technologies are used mostly for stability, security, functionality, performance and advertising purposes. In order for some of these technologies to work properly, a small data file (“cookie”) must be downloaded and stored on your device. By default, we use several persistent cookies for purposes of session and user authentication, security, keeping the User’s preferences (e.g. regarding default language and settings), connection stability (e.g. for uploading media etc.), monitoring performance of our services and marketing, and generally providing and improving our Services.
You may block, opt-out of or otherwise manage such tracking technologies by yourself, through your browser settings or other sources – but please note that this may adversely affect the way you experience our services.
What data do we hold
Clients’ personal details such as name, address, date of birth.
Contact details for parents/guardians/advocates such as name, address, phone number and email address.
Clients’ private therapeutic notes including background information, assessments and any paper or electronic correspondence relevant to the therapy. Private therapeutic notes that hold minimal information will always be kept secure and separate from any contact details.
Why do we hold it
We will use the above information ONLY in relation to the specific therapy programme that has been requested and the administration of the delivery of that therapy. We hold contact details securely and for the sole purpose of contacting you about the child/adult’s therapy.
Do we share it
We will under no circumstances share any personal details with any third party unless legally obliged to do so. Assessments will be shared if there is reasonable cause to do so in the therapeutic interests of the client, and then only with your explicit consent. In such cases the document will be sent directly and securely to the approved recipient and, where transmitted by email, will be protected by a password only accessed via a separate method of communication, such as a phone call or a text.
Creative-Connections holds and processes personal details relating to a client’s therapy programme only as specified above in accordance with the General Data Protection Regulation.
Where there is lawful basis under the GDPR, clients/their advocates have the right to:
Request a copy of this data;
Request correction of any inaccurate or out-of-date data;
Request erasure of this data when it is no longer necessary to hold it;
Request the transfer of this data to another data controller
Withdraw consent to the processing of this data at any time
Right to be forgotten
You have the right to ask for information to be deleted that is held about you, , including personal information that is no longer relevant to original purposes- for example when our therapeutic relationship has ended or if you wish to withdraw consent, in all cases and when considering such requests these rights are obligatory unless its information that Creative-Connections has a legal obligation to retain.
You have the right to receive your personal information as previously provided, and to transfer the information to another party.
All the above complies with the General Data Protection Regulation using contract as a lawful basis for processing the data Creative-Connections holds. Creative-Connections 01/07/2019