PRIVACY NOTICE – drsionahlannen

drsionahlannen | PRIVACY NOTICE

50838

page-template-default,page,page-id-50838,eltd-core-1.0.3,ajax_fade,page_not_loaded,,borderland-ver-1.10,vertical_menu_enabled, vertical_menu_left, vertical_menu_width_290,smooth_scroll,paspartu_enabled,paspartu_on_top_fixed,paspartu_on_bottom_fixed,vertical_menu_inside_paspartu,wpb-js-composer js-comp-ver-6.1,vc_responsive

DR. SIONAH LANNEN PRIVACY NOTICE (REVIEWED 23 MAY 2018)

MY VALUES regarding Client Privacy and Data Protection

User privacy and data protection is a human right
I have a duty of care to the people whose personal data I collect
Data will only be collected and processed when absolutely necessary
I will never sell, rent or otherwise distribute or make public your personal information

LEGISLATION

The computer I use to do assessments, create reports and my website comply with the EU General Data Protection Regulation 2018 (GDPR).

PERSONAL INFORMATION THAT I COLLECT, AND WHY I COLLECT IT

Assessment/Reports data

In this notice the term “your” will, where relevant, include your child or pupil.

The legal basis processing your personal data is the contract that I have with you. I also need to process your data before I have a contract with you. The legal basis for processing your data before the contract is the legitimate interest that I have in providing you with assessment services.

To provide you with my services, I need to collect personal information, (such as your name and date of birth), contact details (such as your phone number), information about significant events in your life, education history, health details and assessment scores. I collect this information so that I can communicate with you in a personal way, provide you with assessments/reports for learning difficulties, and process your payments for my services. If you are not prepared for me to process your data, it will not be possible to provide you with my assessment services.

My website collects and uses personal information for the following reasons:

Site visitation tracking

Like most websites, this site uses Google Analytics (GA) to track user interaction. I use this data to determine the number of people using my site, to better understand how they find and use my web pages and to see their journey through the website.

Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. GA also records your computer’s IP address. This could be used to personally identify you, but Google do not grant me access to this. I consider Google to be a third-party data processor (see section below).

GA makes use of cookies, details of which can be found on Google’s developer guides. Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.

Contact forms and email links

Should you choose to contact me using the contact form on my ‘Contact’ page or an email link, none of the data that you supply will be stored by this website or passed to/be processed by any of the third-party data processors defined below. Instead, the data will be collated into an email and sent to me. All emails are retained on my password protected computer.

DATA STORAGE

I keep your information in the stores described below:

On my Laptop Computer, ‘Back-up’ Laptop and External Hard Drive

I use a personal laptop computer and a ‘back-up’ laptop and external hard drive. All devices are password-protected, and the hard drives are encrypted. Passwords are changed every 90 days. Your assessment and report is produced digitally and stored on my laptop and the ‘back-up’ devices.Your report is kept for seven years from the date of your assessment. Hand-written notes that I take during the assessment process are destroyed after the report is completed.

RECIPIENTS OF YOUR DATA (INCLUDING THIRD-PARTY DATA PROCESSORS)

I send your report to you and/or to anyone you have consented to be provided with a copy of your report, and to anyone we are required by law to inform. All reports that are sent electronically are sent as attachments that are encrypted and password- protected.

YOUR RIGHTS

You have the right to:

be informed;
access;
rectification;
erasure;
restrict processing;
data portability;
object; and
not to be subject to automated decision-making

How can I see all the information you have about me?

You can make a Subject Access Request (SAR) by contacting the me (Data Protection Officer). I may require additional verification that you are who you say you are to process this request. I may withhold such personal information to the extent permitted by law. In practice, this means that I may not provide information if I consider that providing the information will violate your vital interests or the vital interests of other parties.

What if my information is incorrect?

Please contact me (Data Protection Officer). I may require additional verification that you are who you say you are to process this request. If you wish to have your information corrected, you must provide me with the correct data. I will locate the computer file that contains the your report and amend as appropriate. After I have corrected the report, I will send you a copy of the amended report.

How can I have my information removed?

If you want to have your data removed, I have to determine if I need to keep the data. If I decide that I should delete the data, I will do so and inform you.

Referral to a supervisory authority

Should you be unhappy with the way I process your personal data, you have the right to lodge a complaint with the ICO (Information Commissioner’s Office).

DATA BREACHES

I will report any unlawful data breach to any and all relevant persons and authorities within 72 hours of becoming aware of the breach.

DATA CONTROLLER

I am the “data controller” and my address is Drysdale, Queens Road, Dunbar, EH42 1LN.

DATA PROTECTION OFFICER

Dr Sionah Lannen

Telephone: 07966551181

email: sionahlannen@gmail.com