EFT Devon Privacy Policy

Introduction

We understand that privacy and security of your personal information is extremely important. This policy sets out what personal data we may use and hold, how we use it and what we do to keep it secure. It also explains why we collect personal data, as well as your rights over any personal information we hold about you.

This Policy applies to our websites and other interactions you may have with us, whether as website user, EFT client, trainee, mentee or course participant.

If you have any questions about our privacy practices, please contact us using our website contact form.

What personal data we collect

The personal data we hold about you may include:

  • Your name, phone number, date of birth, email address, postal address, emergency contact details, GP details.
  • Emails and email attachments, SMS/Whatsapp messages we have exchanged.
  • Any form(s) you complete at the beginning of our work together.
  • Information about your previous and current training/education
  • Brief notes for each EFT or training session.
  • Audio/video files of our online sessions, if you have given consent/requested for these to be recorded.

How we keep your personal data secure

  • Your personal information, if written on paper, is stored securely in a locked filing cabinet. Electronic data is stored on a PC, laptop or mobile device, which is password protected.
  • Your phone number is stored on your practitioner or trainer’s mobile phone under your first name or initials (no surname is used), unless we have had contact via Whats App or Messenger, in which case those Apps may include your full name. Our phones are code-locked and kept secure at all times.
  • Transactions in our financial records are recorded using your first name and initial of surname only.
  • Our email correspondence is password-protected and our email service provider ensures that the emails are secure and encrypted.
  • Session records are kept in written form in a locked filing cabinet or stored electronically on a password-protected device.
  • Audio/video files are encrypted and password-protected and do not contain your surname in the file title.
  • Appointments are booked in a diary or electronic calendar with your first name only. The name and email address that you entered when using our calendaring app is stored securely within that app (Calendly).

Our purposes for holding your personal data

  • To be able to communicate with you via phone, email or post as necessary.
  • So that we have a record of your attendance and a note of important factual information that may be of significance in our work together.
  • For purposes of supervision/mentoring which is a professional requirement for EFT Practitioners.
  • To provide you with appropriate and individualised services
  • To ensure that, if I found that there was serious risk to you, or to a vulnerable person or child, I could take appropriate safeguarding action.
  • It is a requirement of our insurance provider, Balens and, for financial information, a requirement of His Majesty’s Revenue and Customs (HMRC).
  • With your consent, to send you information about our services or other interesting health- or EFT-related information in the form of e-newsletters, advice, articles. You may withdraw this consent at any time by clicking an unsubscribe button, emailing us or using the contact form on our website.

How long we keep your personal data

Our insurance provider, Balens, requires us to keep any client records for 7 years after completing EFT sessions. HMRC requires financial information to be kept for 7 years.

After 7 years from completion of our work together, we may permanently delete all electronic data and shred and dispose of any paper copies. You can ask us specifically to delete your records if you wish, otherwise we may retain your records indefinitely. If we retain records it is so that we can provide you with the best possible service should you want to work with us at some future date.

    Your legal rights in relation to the personal data we hold

    You have rights under data protection laws in relation to your personal data. These include:

    • the right to be informed about the collection and use of your personal data. This is the purpose of providing this policy document.
    • the right of access to, and to receive a copy of the personal data that we hold about you. If you would like to receive this, or to make any other requests relating to your personal data, you may make your request verbally or in writing. However, it will help us respond most efficiently if you contact us via our website contact form or by email. The name of our Data Controller is Jacqui Footman. We will respond to your request within 30 days wherever possible.
    • the right to have inaccurate personal data rectified, or completed if it is incomplete.
    • the right to have personal data erased. This right is not absolute and only applies in certain circumstances.
    • the right to request the restriction of processing of your personal data. This right is not absolute and only applies in certain circumstances.
    • the right to object to the processing of your personal data in certain circumstances. You have an absolute right to stop your data being used for direct marketing. For other purposes the right applies only in certain circumstances.

    You can find out more about your data protection rights here https://ico.org.uk/for-the-public/

    Disclosures of personal data to third parties

    We never sell or share your personal data other than in a limited number of circumstances in which we may share your personal data and other information with third parties, either

    • to ensure the effective functioning of our website and web-based services
      or
    • for any of the following legitimate reasons related to therapeutic work
      • where required by a court of law
      • if your safety or that of a vulnerable adult or child is imminently at risk
      • if you request and/or give us consent to share your information with another health professional for the purposes of improving your care

    As required by our professional code of conduct we may discuss some aspects of our client work with a supervisor/mentor. Clients discussed are anonymised, (e.g. using a fictitious name). The supervisor/mentor is an experienced practitioner or trainer, also bound by rules of confidentiality, with the usual exceptions (as outlined above).

    Disclosures of personal data to third parties – website specific

    (this section relates only to use of our online course platform at https://courses.eftdevon.co.uk)

    When you use our online course platform, we may share your personal data with:

    • Zenler.com. Our online course platform provider, Zenler, based in the UK, is our data processor and we have entered into data processing agreement for the processor to protect your personal data
    • Other companies in the Zenler group who provide IT and system administration services and undertake leadership reporting.
    • Service providers who provide cloud infrastructure, video hosting, live video platforms, email provider, IT and system administration services.
      • Amazon
      • Sendgrid
      • Filestack
      • Vimeo
      • Zoom
    • Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
    • Government bodies that require us to report processing activities. require reporting of processing activities in certain circumstances.
    • Third parties to whom Zenler sell, transfer, or merge parts of our business or our assets.

    Zenler requires all third parties to whom they transfer your data to respect the security of your personal data and to treat it in accordance with the law. They only allow such third parties to process your personal data for specified purposes and in accordance with their instructions.

    International data transfers

    Zenler.com share your personal data within the Zenler group of companies, which involves transferring your data outside the European Economic Area (EEA).

    Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data, so European law has prohibited transfers of personal data outside of the EEA unless the transfer meets certain criteria.

    Many of Zenler’s third party service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.

    Whenever Zenler.com transfer your personal data out of the EEA, they do their best to ensure a similar degree of security of data by ensuring at least one of the following safeguards is implemented:

    • Zenler will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
      or
    • where Zenler use certain service providers, they may use specific contracts or codes of conduct or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe;
      or
    • where Zenler use providers based in the United States, Zenler may transfer data to them if they are part of the EU-US Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. Where Zenler use providers based in the United States (for example Amazon, Sendgrid) they may transfer data to them where Zenler have signed data processing addendums for the provider to provide protection of data shared between the Europe and the US.

    If none of the above safeguards is available, Zenler may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.

    Please use our website contact form if you are using our online course platform, https://courses.eftdevon.co.uk and you want further information on the specific mechanism used by Zenler when transferring your personal data out of the EEA. We will then forward your request to Zenler to provide this technical information.

    Third party links

    We may include links to third-party websites, add-ons and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

    Cookies

    Our website at https://eftdevon.co.uk does not use cookies to track your personal data.

    You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies.

    On our online course platform website https://courses.eftdevon.co.uk, if you disable or refuse cookies, please note that some parts of the website may become inaccessible or not function properly. For more information about the cookies we use at https://courses.eftdevon.co.uk, please see our separate Cookie Policy.

    How to contact us

    You can contact EFT Devon at any time if you have any questions about this privacy policy or our practices, or if you are seeking to exercise any of your statutory rights.
    Please contact us via the support/contact us form on either of our websites.

    Data protection authority

    If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues: https://ico.org.uk/for-the-public/.

    The Information Commissioner requires, and we would appreciate, if you do have a complaint, that you first contact the Data Controller concerned, so that we can try to resolve it for you. Jacqui Footman is Data Controller for EFT Devon.