Flying Colours Educational Psychology Service treats the privacy of its customers and website users very seriously and we take appropriate security measures to safeguard your privacy. This policy explains how we protect and manage personal data* you share with us and that we hold about you/your dependent, including how we collect, process, protect and share that data.
*Personal data means any information that may be used to identify a living person, including, but not limited to, a first and last name, a home or other physical address and an email address or other contact information, whether at work or at home.
This privacy policy has been compiled to better serve those who are concerned with how their ‘Personally identifiable information’ (PII) is used. PII, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information.
In addition to the company’s safeguards, your personal data is protected by the General Data Protection Regulation (GDPR). This provides, amongst other things, that the data we hold about you should be processed lawfully and fairly. It should be accurate, relevant and not excessive. The information should be kept up to date, where necessary, and not retained for longer than is necessary. It should be kept securely to prevent unauthorised access by other people. You have the right to see what is held about you, to transmit it to another provider, to correct any inaccuracies and to obtain from us restriction of processing. You also have right to request that any data we hold about you is permanently erased.
Table of Contents
- Privacy statement
- How we obtain your personal data
- How we use your personal data
- How we secure your personal data
- Information about cookies
- Sharing information
- Data subject rights
- Important information and contact details
Privacy Statement
Flying Colours Educational Psychology Service Ltd. (‘we’) respects your privacy and do not sell, rent or loan any identifiable information collected by us. Any information that you give us will be treated with the utmost care and security. It will not be used in ways to which you have not consented.
This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or servicing you, so long as those parties are reputable and comply with General Data Protection Regulation (GDPR). We may also release your information when we believe release is appropriate to comply with the law, enforce our site policies, or protect ours or others’ rights, property, or safety.
How We Obtain Your Personal Data
Information Provided by You
You provide us with your/your dependent’s personal data on our online contact forms, over the telephone, via email, via face to face discussions during assessments and on our Engagement Letter, Parental Consent and Pre-assessment Questionnaire documents.
This information includes name, address, date of birth, email address, postal address, place of study or work.
We do not carry out automated decision making or any type of automated profiling.
Information we get from other sources
Your/your dependent’s place of study/work may also provide information via our online contact forms, over the telephone, via email, via face to face discussions during assessments and on our Parental Consent and Pre-assessment Questionnaire documents. You will have given your consent to your/your dependent’s place of study/work for this information to be shared with us.
We may also receive information about you from other third parties acting as agents for the work undertaken by Flying Colours Educational Psychology Service. This information, as relevant to us, will only be obtained from reputable third-party companies that operate in accordance with the General Data Protection Regulation (GDPR). Your/your dependent’s place of study/work will have already have submitted your/your dependent’s personal data to these companies and specifically given your permission to allow them to pass information to other companies.
This information includes name, address, date of birth, email address, postal address, place of study or work.
How We Use Your Personal Data
The information collected may be used to send you the information you have requested, compile psychological reports and to provide information that may be useful to you.
The legal basis of our holding your personal data is for the performance of a contract or to provide marketing information that you have consented to receive.
We undertake at all times to protect your personal data, in a manner which is consistent with psychologist’s duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR). We will also take reasonable security measures to protect your personal data in storage.
We may share non-personal aggregate statistics (group) data about our site visitors’ traffic patterns with partners or other parties. However, we do not sell or share any information about individuals.
Do We Use Your Personal Data for Marketing Purposes?
Any information that you choose to give us will not be used for marketing purposes by us, without your express consent.
You can opt in to receive marketing information from us about our services, products and upcoming events. You can withdraw your consent at any time via an ‘unsubscribe’ link in the emails and your contact information will be immediately and permanently deleted. You can also update your personal information using a ‘preferences’ link in the emails. Your information will only be used for the purposes stated above and will not be shared with any third party with the exemption of ‘Mailchimp’ (GDPR compliant) who will process your data as described below, in order to provide this service.
The personal data of subscribers or contacts will be transferred to, and processed by, ‘MailChimp’. ‘MailChimp’ will collect information provided via sign-up forms on our website and will store personal data within the Flying Colours ‘MailChimp’ account in order to allow us to create and use distribution lists, send marketing email campaigns, and place online advertisements. Personal data is transferred to certain ‘MailChimp’ sub-processors (who, as described the ‘MailChimp’ Data Processing Agreement, perform some critical services, such as helping ‘MailChimp’ prevent abuse and providing support to customers).
Opting in
If you check the box on forms on this website to receive emails from Flying Colours, you can withdraw your consent at any time via an ‘unsubscribe’ link and your contact information will be immediately and permanently deleted. You can also update your personal information using a ‘preferences’ link in all emails sent from Flying Colours. Your information will only be used for the purposes stated above and will not be shared with any third party with the exemption of Mailchimp (GDPR compliant) who will process your data in order to provide this service.
How we secure your personal data
We do our best to keep your Personal Data safe:
- We use safe protocols for communication and transferring data (such as HTTPS).
- We monitor our systems for possible vulnerabilities and attacks.
- We use a firewall.
- We use strong passwords for all accounts where Personal Data can be accessed.
- We use two-factor authentication where possible.
- We use anonymising and pseudonymising where suitable.
- Personal data stored in paper format is kept in a locked filing cabinet.
- Personal data stored electronically are stored as password protected documents on a password protected computer.
- When not in use, computers are stored in a locked filing cabinet.
- Data is backed up periodically onto an external hard drive, kept in a locked filing cabinet.
Even though we try our best, we cannot guarantee the security of information. However, we promise to notify suitable authorities of data breaches. We will also notify you if there is a threat to your rights or interests. We will do everything we reasonably can to prevent security breaches and to assist authorities should any breaches occur.
If you have an account with us, note that you have to keep your username and password secret.
Information About Cookies
Cookies are small text files stored on your browser, for example Internet Explorer.
Where we use cookies on our website these are only to enhance your viewing experience and no data received from cookies is used to personally identify users of this website nor is such information stored.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Internet Explorer) settings. Each browser is a little different, so look at your browser’s Help menu to learn the correct way to modify your cookies.
How do we protect website visitor information?
We use regular Malware Scanning.
Our website is secured by an SSL certificate.
Sharing Information
We will keep information about you/your dependent confidential. We will only disclose your information with other third parties with your express consent, with the exception of the following categories of third parties:
- Anyone to whom we may transfer our rights and responsibilities under any agreement we have with you, for example, Associate Psychologists and/or other professional associates.
- Any legal or regulatory request if we have a duty to do so or if the law allows us to do so.
With permission, we may also share your data with school staff and other agencies. If there are safeguarding concerns or other legal reasons, then no permission is required.
We have third-party processing partners, who process your data on our behalf.
Our processing partners:
- Giraffical – our website developer and website host. Their Privacy Policy can be found at https://giraffical.co.uk/privacy-policy/.
- Mailchimp – our email marketing software provider. Their Privacy Policy can be found at https://mailchimp.com/legal/privacy/.
- Dropbox – as our cloud storage provider. We send backups of our website to Dropbox. Their Privacy Policy can be found at https://www.dropbox.com/en_GB/privacy.
How Long Do We Keep this Information About You?
Our retention periods are in line with the length of time we need to keep your personal information in order to manage and administer our services as requested by you and also to allow a period of time for any follow up queries. As such, paper based materials will be kept for 12 months and computer based files, including reports, will be kept until the young person has reached the age of 25 years. For adults (those aged 25 years and over), the computer based files (including reports) will be kept for 5 years. However, where we need to retain personal information to meet legal, statutory and regulatory obligations our retention periods will be longer; this can vary from one piece of information to the next. In all cases our need to use your personal information will be reassessed on a regular basis and information which is no longer required will be disposed of.
Data Subject Rights
Subject Access Requests
The General Data Protection Regulation (GDPR) grants you/your dependent (hereinafter referred to as the ‘data subject(s)’) the right to access particular personal data that we hold about you/your dependent. This is referred to as a subject access request. We shall respond promptly, and certainly within one month from the point of receiving the request and all necessary information from you. Our formal response shall include details of the personal data we hold about you/your dependent, including the following:
- Sources from which we acquired the information;
- The purposes for processing the information; and
- Persons or entities with whom we are sharing the information.
Right to Rectification
You, the data subject(s), shall have the right to obtain from us, without undue delay, the rectification of inaccurate personal data we hold concerning you/your dependent. Taking into account the purposes of the processing, you/your dependent, the data subject(s), shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to Erasure
You/your dependent, the data subject(s), shall have the right to obtain from us the erasure of personal data concerning you/your dependent without undue delay.
Right to Restriction of Processing
Subject to exemptions, you/your dependent, the data subject(s), shall have the right to obtain from us restriction of processing where one of the following applies:
a) The accuracy of the personal data is contested by you/your dependent, the data subject(s), and is restricted until the accuracy of the data has been verified;
b) The processing is unlawful and you/your dependent, the data subject(s), oppose the erasure of the personal data and instead request the restriction in its use;
c) We no longer need the personal data for the purposes of processing, but it is required by you/your dependent, the data subject(s), for the establishment, exercise or defence of legal claims;
d) You/your dependent, the data subject(s), have objected to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections.
Notification Obligation Regarding Rectification or Erasure of Personal Data or Restriction of Processing
We shall communicate any rectification or erasure of personal data or restriction of processing as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you/your dependent, the data subject, with information about those recipients if you request it.
Right to Data Portability
You/your dependent, the data subject(s), shall have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.
Right to Object
You/your dependent, the data subject(s), shall have the right to object, on grounds relating to your particular situation at any time to the processing of personal data concerning you/your dependent, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you/your dependent, the data subject(s), or for the establishment, exercise or defence of legal claims.
Right to not be Subject to Decisions Based Solely on Automated Processing
We do not carry out any automated processing, which may lead to an automated decision based on your personal data.
Invoking your Rights
If you would like to invoke any of the above data subject rights with us, please write to:
Dr Victoria Tyrer-Davies, Company Director
18 Chester Street
Flint
Flintshire
CH6 5NR
United Kingdom
Or email: victoria@flyingcolourseducationalpsychology.co.uk
Accuracy of Information
In order to provide the highest level of customer service possible, we need to keep accurate personal data about you/your dependent. We take reasonable steps to ensure the accuracy of any personal data or sensitive information we obtain. We ensure that the source of any personal data or sensitive information is clear and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information, such as name or address changes and you can help us by informing us of these changes when they occur.
Important Information
Questions and Queries
If you have any questions or queries which are not answered by this Privacy Policy, or have any potential concerns about how we may use the personal data we hold, please write to:
Dr Victoria Tyrer-Davies, Company Director
Salisbury & Company
Irish Square
St Asaph
Denbighshire
LL17 0RN
United Kingdom
Or email: victoria@flyingcolourseducationalpsychology.co.uk
Policy Changes
This Privacy Policy is regularly reviewed. This is to make sure that we continue to meet the highest standards and to protect your privacy. We reserve the right, at all times, to update, modify or amend this policy. We suggest that you review this Privacy Policy from time to time to ensure you are aware of any changes we may have made, however we will not significantly change how we use information you have already given to us without your prior agreement. The latest version of this policy can be found at www.flyingcolourseducationalpsychology.co.uk.
Data Breach
We will take the following responsive action, should a data breach occur:
We will notify the data subject(s) and the Information Commissioner’s Office (ICO) via email or telephone within 72 hours of becoming aware of the breach.
Complaints
If you have a complaint regarding the use of your personal data or sensitive information then please contact us:
Dr Victoria Tyrer-Davies, Company Director
Salisbury & Company
Irish Square
St Asaph
Denbighshire
LL17 0RN
United Kingdom
Or email: victoria@flyingcolourseducationalpsychology.co.uk
If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’ Office (ICO), you can contact them on 01625 545745 or 0303 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under this regulation have been infringed as a result of the processing of your personal data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation.
Last reviewed on 18/05/18