GDPR Compliance

Last updated: January 2024

This page provides detailed information about how glow-fang complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are committed to protecting your personal data and respecting your privacy rights.

Our Commitment to Data Protection

As a provider of psychological services, we handle sensitive personal information and understand the importance of robust data protection. We have implemented comprehensive measures to ensure compliance with UK GDPR principles:

  • We process personal data lawfully, fairly, and transparently
  • We collect data only for specified, explicit, and legitimate purposes
  • We ensure data is adequate, relevant, and limited to what is necessary
  • We keep personal data accurate and up to date
  • We retain data only for as long as necessary
  • We process data securely with appropriate protections

Data Controller Information

glow-fang is the data controller for personal information collected through our website and services. This means we determine the purposes and means of processing your personal data.

Contact Details:
glow-fang
47 Welbeck Street
Marylebone, London W1G 8DN
Email: [email protected]

Lawful Bases for Processing

Under UK GDPR, we must have a valid lawful basis to process your personal data. The bases we rely upon include:

Contract Performance

When you engage our services, we process your data to fulfil our contractual obligations. This includes scheduling appointments, delivering services, and managing payments.

Legitimate Interests

We process certain data based on legitimate business interests, such as improving our services, maintaining security, and communicating with enquirers. We always balance these interests against your rights and freedoms.

Consent

For certain processing activities, we rely on your explicit consent. You have the right to withdraw consent at any time. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

Legal Obligation

Sometimes we must process data to comply with legal requirements, such as maintaining financial records or responding to lawful requests from authorities.

Special Category Data

As psychological practitioners, we process special category data including health information. For this sensitive data, we rely on:

  • Your explicit consent to process health-related information for the purpose of providing psychological services
  • The provision of health or social care treatment under Article 9(2)(h) UK GDPR
  • Our professional and ethical obligations as registered practitioners

Your Rights Under UK GDPR

UK GDPR provides you with specific rights regarding your personal data:

Right to Be Informed

You have the right to clear information about how we use your data. This notice, together with our Privacy Policy, fulfils this obligation.

Right of Access

You can request a copy of the personal data we hold about you. We will provide this within one month of receiving a valid request. For clinical records, we may discuss the request with you to ensure access is provided appropriately.

Right to Rectification

If your personal data is inaccurate or incomplete, you have the right to have it corrected. For clinical notes, we can add supplementary information reflecting your perspective rather than altering the original record.

Right to Erasure

In certain circumstances, you can request deletion of your personal data. However, this right does not apply where we need to retain data for legal obligations, professional requirements, or the establishment or defence of legal claims.

Right to Restrict Processing

You can ask us to limit how we use your data in certain situations, such as when you contest its accuracy or object to processing.

Right to Data Portability

For data you have provided to us and which we process based on consent or contract, you can request this in a commonly used, machine-readable format.

Right to Object

You have the right to object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling grounds that override your interests.

Rights Related to Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects. All decisions regarding your care involve human judgment.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. We may need to verify your identity before processing your request. We will respond within one month, though this may be extended by two months for complex requests.

There is no fee for exercising your rights, except in cases of manifestly unfounded or excessive requests.

Data Protection Impact Assessments

Where processing is likely to result in high risk to individuals' rights and freedoms, we conduct Data Protection Impact Assessments to identify and minimise risks.

Data Breach Procedures

We have procedures in place to detect, report, and investigate personal data breaches. Where a breach is likely to result in high risk to your rights and freedoms, we will notify you without undue delay.

International Data Transfers

We primarily process data within the United Kingdom. If we transfer data internationally, we ensure appropriate safeguards are in place, such as:

  • Transfers to countries with adequacy decisions
  • Standard contractual clauses approved by the UK ICO
  • Other appropriate safeguards under UK GDPR

Third-Party Processors

We use carefully selected third-party providers for services such as secure email, practice management software, and payment processing. These processors are bound by data processing agreements ensuring UK GDPR compliance.

Supervisory Authority

The Information Commissioner's Office (ICO) is the UK supervisory authority for data protection matters. If you are unsatisfied with our response to any data protection concerns, you have the right to lodge a complaint with the ICO:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

Updates to This Information

We review our data protection practices regularly and may update this information accordingly. Material changes will be communicated through our website.

We use cookies to enhance your experience on our website. By continuing to browse, you agree to our use of cookies. Learn more

Cookie Preferences

Necessary Cookies

Essential for the website to function properly. Cannot be disabled.

Analytics Cookies

Help us understand how visitors interact with our website.

Marketing Cookies

Used to deliver relevant advertisements and track campaign effectiveness.