Privacy Policy
We respect your privacy and are committed to protecting your personal data. This Privacy Notice will inform you as to how we look after your personal data when you visit our website/use our services via the website and tell you about your privacy rights and how the law protects you.
By using our site, you consent to us processing your data.
This Privacy Policy is designed to ensure that the rights to privacy of individuals are protected.
Kindlekids, Kindlekids.org,uk and the P.O.W.E.R/ POWER course are trading names for Leanne Cowan Clinical Psychologist (“KindleKids”, “we”, “us”, or “our”).
www.KindleKids.org.uk is owned and operated by us
KindleKids is committed to the principles set out in the General Data Protection Regulation 2016/679 (“GDPR”), as implemented in the Data Protection Act 2018, and aim to be as clear as possible about how and why we use information about you so that you can be confident that your privacy is protected.
This Privacy Policy was last updated on 15th August 2022.
This Privacy Policy describes how KindleKids manages your information when you use our services and/or our Site, if you contact us or when we contact you.
It also provides extra details to accompany specific statements about privacy that you may see when you use our websites (such as cookies). With respect to cookies, the policy includes information about the types of cookies used and how you may disable these cookies.
KindleKids Child Psychology Limited is the data controller in relation to the personal data that you disclose to us. If another party has access to your data we will tell you if they are acting as a data controller or a data processer, who they are, what they are doing with your data, and why we need to provide them with the information.
“data controller”, “data processor” and “personal data” have the meanings given to them in the GDPR. Personal data broadly means any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
If you have any questions regarding this Privacy Policy, you can contact us at info@kindleKids.org.uk
If you are not satisfied with the answers from the us, you can contact the
Information Commissioner’s Office (ICO) via https://ico.org.uk,Email: casework@ico.org.uk, Telephone: 0303 1231113. KindleKids (Leanne Cowan) ICO certification number is ZA102760.
1. Why does KindleKids need to collect your personal data?
We need to collect information about you so that we can:
- Know who you are so that we can communicate with you in a personal way. The legal basis for this is a legitimate interest.
- Deliver goods and services to you. The legal basis for this is the contract with you.
- Process your payment for the goods and services. The legal basis for this is the contract with you.
- Verify your identity so that we can be sure we are dealing with the right person. The legal basis for this is a legitimate interest.
- Optimise your experience on our website. The legal basis for this is a legitimate interest.
- Provide you with useful and relevant Sites. The legal basis for this is a legitimate interest.
- Provide you with useful and relevant marketing material. The legal basis for this is consent (we will request specific consent).
2. What personal information do KindleKids collect and why do we collect it?
We need to collect information about you so that we can:
- Know who you are so that we can communicate with you in a personal way. The legal basis for this is a legitimate interest.
- Deliver goods and services to you. The legal basis for this is the contract with you.
- Process your payment for the goods and services. The legal basis for this is the contract with you.
- Verify your identity so that we can be sure we are dealing with the right person. The legal basis for this is a legitimate interest.
- Optimise your experience on our website. The legal basis for this is a legitimate interest.
- Provide you with useful and relevant Sites. The legal basis for this is a legitimate interest.
- Provide you with useful and relevant marketing material. The legal basis for this is consent (we will request specific consent).
3. How do KindleKids use the information that we collect?
KindleKids uses the data we collect from you in the following ways:
- To operate and improve our Sites, services, and product;
- To send you advertising or promotional materials (if you have consented to this)
- Provide and deliver products or other services you request, process transactions, and send you related information;
- Respond to your comments, questions, and requests and provide you with requested customer support;
- To create your invoice.
4. Where do we keep the information?
KindleKids keep information in the stores described below. Please note that we do not transfer or store any personal data outside the UK.
- On KindleKids devices: We store documents that contain personal data on a secure cloud-based system.
- On an electronic note-keeping system: KindleKids will take notes when we meet with you on paper. All our clinical notes and personal data are uploaded into an encrypted package by Cliniko, designed as a specialist system for confidential notes and holding full GDPR compliance.
- Our parent support courses are provided in conjunction with Thinkific.
5. How long do we keep the information?
If you decide that you do not wish to proceed with KindleKids services, your information will be kept for a maximum of one year before being safely destroyed. This is to ensure we provide the best possible service should things change and you contact us again.
KindleKids complies with the Department of Health’s recommendation that data is retained for whichever is later of 7 years or until the patient’s 25th birthday or 26th if the young person was 17 at the conclusion of treatment or 8 years after death. An annual check is made and the client’s data removed as appropriate.
https://www.bma.org.uk/ethics/health_records/retentionrecords.jsp All retained personal information is subject to the controls of our data protection policy and will be confidentially disposed of when it is considered to be of no further value. With regard to invoices and accounts, we will manually delete the records after the period of 7 years required by HMRC.
6. Who does KindleKids send the information to
We will only send the information necessary to achieve business purposes. We send invoices and reports to health insurance companies and other professionals as required professionally.
As previously stated, cloud storage providers will have information shared with them in compliance with GDPR. Information is shared to the degree necessary for accounting and tax purposes. KindeleKids does not permanently store any personal information in cookies that can be used to identify you, such as your name or account numbers. The exceptions to the above rule would be:
- Risk of harm: If we perceived that the child, or someone else, was at risk of harm. If we needed to breach confidentiality for any reason (and this is very rare) we would always discuss this with you first unless in an emergency situation e.g. we felt the child be in immediate danger.
- To comply with applicable laws; respond to governmental enquiries (or enquiries from a legal, governmental, or quasi-governmental or local authority agency); comply with a valid legal process or procedure, or protect our rights or property.
7. Informed consent and sharing information from therapeutic sessions
All children and young people, whatever their age or status, have a right to express their views freely and be involved in any decision-making that affects their lives. Therefore, we will gain their informed consent. Any direction or guidance provided by parents or other caregivers must be ‘in accordance with the child’s evolving capabilities’ and support the ‘exercise by the child of his or her rights’. The onus is then on the adults to provide appropriate support to enable the child or young person to express their views and contribute to decision-making. Our team will discuss and agree on how information is shared with parents with an awareness that young people who are ‘Gillick competent’ can consent to information not being shared with parents.
The exceptions to the above rule would be:
- Risk of harm: If we perceived that the child, or someone else, was at risk of harm. If we needed to breach confidentiality for any reason (and this is very rare) we would always discuss this with you first unless in an emergency situation e.g. we felt the child be in immediate danger.
- To comply with applicable laws; respond to governmental enquiries (or enquiries from a legal, governmental, or quasi-governmental or local authority agency); comply with a valid legal process or procedure, or protect our rights or property.
Occasionally, a disagreement over consent may arise between parent/carer and child or young person and/or between parents/carers. The psychologist would make every effort to resolve the difference of views, perhaps seeking, with an agreement, the involvement of an appropriate family member and/or a colleague, although as discussed above, a young person who is ‘Gillick competent’ can legitimately request that family members (including parents) are not involved or informed of any involvement. If the disagreement is not resolved, the psychologist will draw on their professional experience to act in the best interest of the child or young person seeking consultation and support through appropriate channels, including safeguarding and legal departments, and consultation with appropriate colleagues including other professionals.
8. How can I see all the information you have about me?
You can make a subject access request to us. This does not need to be in writing and may be made in person or by phone. We may require further additional verification that you are who you say you are to process this request. We may withhold personal information to the extent permitted by law. In practice, this means that we may not provide information if we consider that providing the information will violate your vital interests.
9. What if my information is incorrect or I wish to be removed from your system?
Please contact us. We may require additional verification that you are who you say you are to process this request. If you want to have your data removed, we will have to determine whether we need to keep the data, for example, to comply with professional bodies or HMRC. If we decide that we should delete the data, we will do so without undue delay.
It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.
10. Will I send emails and text messages to you?
As part of providing a service to you, we may communicate via email or text message, keeping the information in the body of the text to a minimum. Any reports with personal data or sensitive information that we send to you will be password protected. All emails are deleted as soon as practically possible.
We will not send you any marketing communications without your express consent.
11. How do I opt-out of receiving emails and/or text messages
If you do not wish to receive information through these means or only wish to receive certain types of communications, please let us know.
12. What happens in the event of a data breach?
The data protection lead is responsible for responding to personal data breaches. He or she notifies the ICO as necessary and also data subjects where the risk to them is high.
Breaches that carry any risk to data subjects must be reported to the ICO within 72 hours, together with a summary of the nature of the breach, the steps taken to reduce the risk to data subjects, and measures to prevent the breach from happening again. All personal data breaches, however minor, and whether reportable or not being recorded.
13. Changes to this Privacy Policy
- We may change this Privacy Policy from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
- Any changes will be immediately posted on our Sites and you will be deemed to have accepted the terms of the Privacy Policy on your first use of either Site following the alterations, or if we have made you aware of the changes via email or text. We recommend that you check this page regularly to keep up-to-date.
14. Summary of your rights
Under the GDPR, you have the following rights, which we will always work to uphold:
- The right to be informed about our collection and use of your personal data. This Privacy Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the contact details given at the start of this Privacy Policy.
- The right to access the personal data we hold about you. Clause 8 will tell you how to do this.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Clause 9 will tell you how to do this
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Clause 9 will tell you how to do this.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent, it is in our legitimate interest or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business.
- Rights relating to automated decision-making and profiling – we do not use your personal data in this way.