B E T A - V E R S I O N

TherapyForms

Privacy Policy

Introduction

We respect your privacy and are committed to protecting your personal data. This policy explains how we collect, process, and protect your personal data when you use therapyforms.co.uk (the "Website"), including any data you may provide when signing up or using our digital tools and forms ("Resources"). It also outlines your privacy rights and how the law protects you.


By using the Website, you agree to this policy and the Terms and Conditions. If you do not accept this policy, please stop using the Website immediately.


This Website is not intended for children, and we do not knowingly collect data related to them.



Data Controller

Therapy Forms is the controller and responsible for your personal data.



What Information We Collect

We collect and process the following types of personal data when you use the Website:

  • Personal Information: names, email addresses and other details you may provide us when creating an account or contacting us
  • User generated content: any content you submit into the Website such as therapy session notes.

    • To the extent that you supply the Website with personal data about third parties, you are confirming that you are entitled and authorised to disclose such data to the Website and that the Website is entitled to use such information in the same way that we use information about you as described in this Privacy Policy.



    How We Use Collected Data

  • To Provide Access and Ensure Functionality: We use your data to enable login functionality and provide secure access to the platform.
  • For Your Professional Use: The primary purpose of the platform is to allow you to securely input, store, and manage session notes and other data for your professional work only.
  • To Comply with Legal Obligations: If required, we may process your data to comply with legal requirements or defend Therapy Forms in the event of a dispute.


    • Data Retention

    We will only retain data associated with your account for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. You have full control over the information you input to the Website and can save, edit, and delete this data at any time.


    Please note that it is your responsibility to manage this data as needed. Upon termination of your account, all data associated with it will be deleted unless retention is required for legal purposes, to resolve disputes, or to enforce our agreements. In specific cases, if legal obligations or disputes arise, we may retain your data beyond account termination to comply with applicable laws or for resolution purposes.



    Cookies

    Therapy Forms uses cookies to enhance user experience, ensure the platform functions seamlessly, and to maintain a secure and efficient browsing environment. Cookies ensure users are recognised, preferences are remembered, and support for essential features of the platform.


    We only use cookies that are essential for the operation of the Website. These cookies do not collect personally identifiable information and are necessary for providing key functionalities; secure access and navigation. Without these cookies, some parts of the platform may not work as intended.


    Other cookies are used to maintain a user's login state and ensuring they remain logged in while navigating the platform. These cookies are temporary and are deleted once the browser is closed.


    Security Cookies protect user accounts by verifying logins and preventing unauthorized access.


    As we only use essential cookies, these cannot be disabled without impacting the functionality of the platform.


    We may occasionally update this Cookie Policy to reflect; changes in the way we use cookies and/or updates to relevant laws and regulations. When updates are made, we will notify users either through the website or via direct communication, if appropriate. Please check this page regularly to stay informed about how we use cookies.



    Data Sharing and Disclosure

    Data may be shared if required by law, regulation, or legal process (e.g., court orders). Therapy Forms will not sell or rent user data to third parties for marketing purposes.



    Data Security

    We have implemented robust security measures to protect your personal data from unauthorized access, loss, or disclosure. This includes SSL encryption for all data transmitted between you and the Website. Access to data is restricted to authorized personnel, who are bound by confidentiality.


    If a data breach occurs, we will notify affected users and the appropriate authorities where required by law.



    Legal Basis for Processing

    Therapy Forms processes personal data based on the following lawful bases under the General Data Protection Regulation (GDPR):

  • Consent: We rely on consent for processing when you voluntarily provide personal information, such as when creating an account or submitting data into the Resources.
  • Legitimate Interests: We process certain data under our legitimate interests to improve our platform, ensure security, and enhance user experience. Examples include maintaining website functionality. We ensure that our legitimate interests do not override your rights and freedoms.
  • Legal Obligation: We may process data when it is necessary to comply with legal obligations, such as responding to regulatory requirements or ensuring the platform’s compliance with data protection laws.


    • Clarification of Data Subject Rights

    Under GDPR, you have specific rights regarding your personal data. Therapy Forms is committed to supporting these rights, and we provide the following clarifications and examples:

  • Right to Data Portability: You may request that we transfer your personal data to you or a third party in a structured, machine-readable format. This applies to data processed based on your consent or for contract performance.
  • Response Times for Requests: Therapy Forms aims to respond to all legitimate data subject requests within one month. In cases of complex or multiple requests, we may require additional time and will keep you informed of any extensions.
  • Identity Verification: To protect your privacy, we may ask you for proof of identity before responding to data requests. This ensures that only authorised individuals access personal data.

    • These rights, including access, rectification, erasure, and objection, can be exercised. We will assist in fulfilling these rights, respecting legal and operational obligations.



    Use of Third-Party Processors

    To provide certain functions, Therapy Forms may engage third-party service providers who act as data processors. We ensure that these processors comply with GDPR and maintain strict confidentiality and data security measures. Examples of third-party processors include:


  • Analytics Providers: We may use analytics services to understand user engagement and improve the platform’s functionality. These services collect anonymous usage data and comply with GDPR standards.
  • Hosting and IT Service Providers: Our website and data storage are hosted by providers that securely manage data storage and backup. All providers are vetted to ensure GDPR-compliant security standards.

    • Therapy Forms maintains contracts with third-party processors that restrict data use solely to the services provided to us and ensures adherence to GDPR requirements. If we engage additional processors in the future, we will update this policy accordingly.



    User Rights

    You have the following rights regarding your personal data:

  • Right to Access: You can request access to your personal data (commonly known as a “data subject access request”). This allows you to receive a copy of the personal data we hold about you and check that we are lawfully processing it.
  • Right to Rectification: You can request correction of the personal data we hold about you. This allows you to have any incomplete or inaccurate data corrected. We may need to verify the accuracy of the new data you provide.
  • Right to Erasure: You can request the deletion or removal of your personal data where there is no valid reason for us to continue processing it. You can also request erasure if: You have successfully exercised your right to object to processing (see below), We have processed your information unlawfully or we are required to erase your personal data to comply with local law.
  • We may not always be able to comply with your request for erasure for specific legal reasons, which will be notified to you at the time of your request if applicable.
  • Right to Object: You can object to the processing of your personal data where we rely on a legitimate interest (or those of a third party), and something about your situation makes you feel it impacts your fundamental rights and freedoms. You also have the right to object to the processing of your data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information that override your rights and freedoms.
  • Right to Restrict Processing: You can request that we suspend the processing of your personal data in the following scenarios; If you want us to verify the data’s accuracy, Where our use of the data is unlawful but you do not want it erased, Where you need us to retain the data, even if we no longer require it, to establish, exercise, or defend legal claims, If you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
  • Right to Data Portability: You can request the transfer of your personal data to you or a third party. We will provide your data in a structured, commonly used, machine-readable format. This right only applies to automated information you initially provided consent for, or where we used the data to perform a contract with you.
  • Right to Withdraw Consent: You can withdraw your consent at any time where we are relying on it to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will inform you of this at the time of withdrawal.

    • You will not have to pay a fee to access your personal data or exercise any of your other rights. However, we may charge a reasonable fee if your request is unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.



    Complaints and Disputes

    You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).