Privacy Policy
Introduction
This privacy policy document for Ealing Music Therapy (EMT) describes how and why we might collect, store, use and/or share your information when you use our website. We are aware of our responsibilities under the General Data Protection Regulations (GDPR) and are committed to keeping your data secure and being transparent in the ways we use it.
What data do we collect?
We collect personal data that you provide to us through the ‘contact’ and ‘request a brochure’ forms on our website (ealingmusictherapy.org). We also collect relevant personal data provided to us through email or telephone enquiries. We only collect personal data that is needed to provide the best service and support to you, and that you consent to us collecting. Personal data will be collected depending on what you share with us. This can include identifiable information about you such as:
- Your name, email address and phone number(s)
- Your gender
- Your child’s diagnosis
- Photos, videos, or other images
- Other relevant information that you might share with us not strictly related to our services.
Personal data is collected when:
- You make a telephone or email enquiry, or complete a contact form on our website about our services.
- You have consented for you or your child to be filmed or photographed as part of receiving music therapy with the Charity.
How do we collect your data?
When you complete the contact form on our website, it will be sent to our email address: info@ealingmusictherapy.org. Your queries will then be stored in our password-protected email account and we will use the information accordingly so as to respond and provide the best service or advice according to your query.
Additional information provided by email or telephone will be stored on a contact list which will be kept and stored on EMT’s secure, password-protected, G Drive cloud storage systems.
Our website will collect data through cookies. This will include:
- Information about your browser, network and device
- Web pages you visited prior to coming to this website
- Your IP address.
This information may also include details about your use of this website, including:
- Clicks
- Internal links
- Pages invited
- Scrolling
- Searchers
- Timestamps
How will we use your data?
We will use your data to respond to your queries and/or to provide you with more information about our services.
Additionally, if you have signed up to receive our newsletters or further information, we will use your contact details to provide you with periodic news and updates on our charity and services. This may include our Annual Report, news from our Annual General meeting and events such as workshops. If you have not already consented to receiving newsletters and updates, we will ask for your consent prior to adding your information to any mailing list that is used for these purposes.
If you have given consent, we may use photos and/or film of you or your child/children to help us promote the services we provide via our website, social media, posters or flyers.
How do we store your data?
Your personal data will be kept and stored on EMT’s secure, password-protected, Google Drive cloud storage systems. This information will be kept confidential and not shared with third parties. Files stored in the Google Drive are encrypted in-transit and at rest. This means even if an unauthorised user accesses the files, they remain protected.
Marketing
We will gain your consent for using your contact details before providing you with marketing information such as EMT’s brochure, newsletters or updates on our services, charity meetings, events and workshops. We do not collect information for any other marketing purposes.
How long will data be personal data be kept?
In line with data protection principles set out in the UK GDPR, personal data will be kept for no longer than necessary for the purpose for which it was processed and no longer than six years.
At the point at which your data will be destroyed, EMT will carry out the follow steps to put your data beyond use. The Data Controller:
- is not able, or will not attempt, to use the personal data to inform any decision in respect of any individual or in a manner that affects the individual in any way;
- will not give any other organisation access to the personal data;
- surrounds the personal data with appropriate technical and organisational security;
- commits to permanent deletion of the information if, or when, this becomes possible.
Protecting and securing your data
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented secure processes to guard against such.
All personal information is treated confidentially, and staff at EMT who process your data have all undergone data security training in accordance with GDPR compliance guidelines.
What are your data protection rights?
The law on data protection gives you certain rights in relation to the data we hold on you. These include:
- the right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice.
- the right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request. You can read more about this in our Subject Access Request policy which is available from the Data Controller.
- the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it.
- the right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it.
- the right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct.
- the right to portability. You may transfer the data that we hold on you for your own purposes
- the right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests.
- the right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in ways that adversely affects your legal rights.
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where so permitted by having a legitimate reason for doing so.
For consent to be valid, it must be voluntary and informed, and the person giving consent must have the capacity to make the decision. As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.
What are cookies?
Cookies are small blocks of data created by a website while a user is browsing and placed on the user’s computer or device by the user’s web browser. They serve as useful functions on the web. They enable web servers to store information of a users activity on a website, including clicking particular buttons, logging in or recording which pages were visited. They can also be used to save information that the user previously used including information typed in the contact form such as names and email addresses for subsequent use.
How to contact us?
If you have any questions or concerns about Ealing Music Therapy’s Privacy practices with regard to your personal information please do get in contact with us:
Santosh Bhanot, Chairperson
Ealing Music Therapy
126-128 Uxbridge Road, Ealing, London W13 8QS
info@ealingmusictherapy.org
ealingmusictherapy.org