top of page

Privacy notice for organisational consultancy clients

This privacy notice tells you what to expect us to do with your personal information. 

What information we collect, use, and why 

We collect or use the following information to provide and improve products and services for clients: 

  • Names and contact details 

  • Addresses 

  • Pronoun preferences 

  • Occupation 

  • Transaction data (including details about payments from you and details of services you have purchased) 

  • Usage data (including information about how you interact with and use our website, products and services) 

  • Information relating to compliments or complaints 

  • Records of meetings and decisions. 

 

We collect or use the following personal information for research or archiving purposes: 

  • Names and contact details 

  • Job title and/or job description.  

 

We also collect or use the following information for research or archiving purposes: 

  • Employee health information, and/or any other information which has a bearing on the particular consultancy question you have posed – for example whether particular difficulties are preventing someone from carrying out their role as anticipated.  This information will be collected from employees themselves only if they provide fully informed consent to this.  

 

We collect or use the following personal information for dealing with queries, complaints or claims: 

  • Names and contact details 

  • Address 

  • Purchase or service history 

  • Information relating to health and safety if these are relevant to the consultancy question you have posed (including incident investigation details and reports and accident book records) 

  • Employee health information, and/or any other information which has a bearing on the particular consultancy question you have posed – for example whether particular difficulties are preventing someone from carrying out their role as anticipated.  This information will be collected from employees themselves only if they provide fully informed consent to this 

  • Correspondence. 

 

Lawful bases and data protection rights 

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website. 

Which lawful basis we rely on may affect your data protection rights which are in brief set out below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website: https://ico.org.uk/for-organisations/advice-for-small-organisations/create-your-own-privacy-notice/your-data-protection-rights/#rte 

 

If you make a request, we must respond to you without undue delay and in any event within one month. 

​

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice. 

 

Our lawful bases for the collection and use of your data 

Our lawful bases for collecting or using personal information to provide and improve products and services for clients are: 

  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object. 

 

Our lawful bases for collecting or using personal information for research or archiving purposes: 

  • Consent - we have permission from you or your employees after we gave you/them all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time. 

 

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are: 

  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object. 

​

Where we get personal information from 

We get personal information directly from you or any staff members who have consented to be involved in the consultancy project, rather than any third parties. 

 

How long we keep information 

We keep a client’s personal data as well research data relating to the consultancy project for a period of seven years following the final counselling session.  This duration of information retention is in line with the recommendations made for independent psychologists by the British Psychological Society (see https://explore.bps.org.uk/content/report-guideline/bpsrep.2017.inf115/chapter/bpsrep.2017.inf115.9

 

Who we share information with 

Data processors: Microsoft  

This data processor does the following activities for us: Storage of research data and provider if email service.

 

How we keep your data secure 

We keep sensitive information, i.e. meeting notes or raw research data, separately from personal information which can identify the individuals involved.  Sensitive information is stored on OneNote on the Microsoft 365 platform, a system which is GDPR compliant.  Personal information is kept in a separate area of OneNote, and if needed in a password protected document on a secure computer’s hard drive.   

 

Sharing information outside the UK 

Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place. 

​

For further information or to obtain a copy of the appropriate safeguard for any of the transfers below, please contact us using the contact information provided above. 

Organisation name: Microsoft  

Category of recipient: Storage provider and email client  

Country the personal information is sent to: United States  

 

How the transfer complies with UK data protection law: Addendum to the EU Standard Contractual Clauses (SCCs). 

 

How to complain 

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice. 

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

​

The ICO’s address:            

Information Commissioner’s Office 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire 
SK9 5AF 

​

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint 

 

Last updated: 30 September 2024 

bottom of page