Our policies regarding privacy, data collection and data protection
This policy outlines how agcl treats your data when you’re using this website or when you’re working with agcl.
We do all we can to comply with the following national and international legislation with regards to data protection and user privacy:
- UK Data Protection Act 1988 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
This means that this site is likely to be compliant with the data protection and user privacy legislation.
Personal information our website collects, why we collect it and your rights with regard to that data
Measuring the use and effectiveness of this website
Unlike most websites, this site does not use Google Analytics (GA) to track user interaction. agcl does not use any data to determine the number of people using its site, nor to understand how they use the website.
Contacting you with things we genuinely believe you’ll find useful
When it comes to email marketing, agcl does not upload its contacts to a database and then spam everyone on this list. agcl does not have a mailing list.
While your email address may be retained by agcl, you will not be contacted with information that’s no use to you. agcl may email you occasionally with news.
Your data will remain within agcl’s system for two years or until you specifically request its removal. You can do this by requesting removal via email. When requesting removal via email, please send your email to agcl using the email account from which you were contacted.
Your right to access and control your personal information
If you have previously agreed to us using your personal information to contact you, you may change your mind at any time by emailing agcl at email@example.com.
Please contact us in the same way if you require details of the personal information which we hold about you, or if you believe any information we are holding on you is incorrect or incomplete.
Links to other websites
agcl’s website does not contain links to other websites.
How we store individual client data
As practicing psychologists, coaches, facilitators and teachers agcl may take notes during the course of its work as those notes help deliver on the work agcl is contracted to do. These are stored in one or both of two places: on paper and on computers. Notes held on paper are stored in a locked cabinet when not in use, and shredded when the time comes to destroy them. Those held electronically are stored on computers protected by passwords, antivirus software and encryption. The British Psychological Society advises that client notes be kept for seven years. Given the nature of our relationships with client organisation’s, we keep records for a minimum of seven years or until our work with the organisation in question ends, whichever is later. So, if you wish for your records to be destroyed prior to that, please let us know by email to: firstname.lastname@example.org.
Where files are shared across devices or stored in the cloud, they are encrypted at source. agcl’s policy is not to send coaching notes, or similarly sensitive personal data via email. Should this prove unavoidable for some reason, then such data will be wherever possible be password protected. Should individual client data is stored or transported between sites on USB sticks or other portable media these are protected by passwords and encryption.
agcl also makes use of psychometrics. agcl uses a range of psychometric test providers. It is agcl’s understanding that all of them are GDPR compliant. The vulnerabilities of email security mean that should agcl be required to send psychometric reports by email they are wherever possible password protected.
agcl holds the names and contact details of their clients and other contacts. We do not keep a central database of everyone’s contacts. However, for specific projects we may share the contact details of participating individuals. We will only do so when this is necessary for project-related communications with those participants.
Sharing information about you
When agcl is working with other consultants with the same participants, we may compare notes to help us coach, facilitate or teach more effectively. If this is the case, this will always be made clear to all participants. Our default is that we do not share personal client information with any other third party organisation’s other than the ones we are collaborating with on a project. The only exceptions to this rule are as follows:
- When an individual client’s employer asks for attendance data.
- When generating certain psychometric reports, we may be required to enter the client’s ‘best fit’, therefore we are ‘sharing’ that data with the publisher of the psychometric.
- When including participants in emails to fellow participants or the commissioning client (that is the organisation paying for our services) or both.
- When the individuals have given their express permission.
- When quoting feedback anonymously to give other clients and potential clients a feel for our work – where possible, we would seek permission to use these quotes and we will always take care to ensure anonymous feedback is truly anonymous.
- During coaching supervision, where the ‘data’ is spoken and not recorded.
- When we are required to do so by law.
The following individual rights under GDPR apply to the data we hold:
- The right to be informed.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to object.
- The right not to be subject to automated decision-making including profiling.
The right to data portability in the GDPR applies only to personal data an individual has provided to a controller, where the processing is based on the individual’s consent or for the performance of a contract and when processing is carried out by automated means. We don’t use automated processing.
Your right to access this data
On some occasions, we may be unable for legal or ethical reasons to share some of the data we might hold. The clearest examples are where we are privy to sensitive management information or references or feedback or both provided in confidence by others. Under the GDPR, this kind of data is protected if it is judged likely to “prejudice the business or other activity of the organisation”.
We will report to the ICO and any and all relevant persons and authorities any unlawful data breach of our computers or our paper-based storage within 72 hours of the breach, if it is apparent that personal data stored in an identifiable manner has been stolen. If the breach has been made to the database(s) of any of our third-party data processors we will take the same action within 72 hours of them notifying us of such a breach.
The data controller for this website and all activities conducted by agcl, is agcl UK company number 3957571.
The nature of our business and scale of our operations mean there’s no need for a dedicated Data Protection Officer. If you have any questions or concerns, please contact agcl’s Director, Andrew Gudgeon.
May 2018: updated to reflect GDPR.