Everlief Privacy Policy (“Privacy Policy”)
This Privacy Policy is designed to ensure that the rights to privacy of individuals are protected.
Everlief, everlief.co.uk, and theyarethefuture.co.uk are trading names of Everlief Child Psychology Limited (“Everlief”, “we”, “us”, or “our”).
The registered company address for Everlief Child Psychology Limited is Everlief Child Psychology Limited, Aston House, West Wycombe, Buckinghamshire HP14 3AG. We are registered in England. Our Company Registration number is 7910700.
www.everlief.co.uk and www.theyarethefuture.co.uk are websites, owned and operated by us (each a “Site” and together with the “Sites”).
Everlief is committed to the principles set out in the General Data Protection Regulation 2016/679 (“GDPR”), as implemented in the Data Protection Act 2018, and aim to be as clear as possible about how and why we use information about you so that you can be confident that your privacy is protected.
This Privacy Policy was last updated on 30th December 2020.
This Privacy Policy describes how Everlief manages your information when you use our services and/or our Site(s), if you contact us or when we contact you.
It also provides extra details to accompany specific statements about privacy that you may see when you use our websites (such as cookies). With respect to cookies, the policy includes information about the types of cookies used and how you may disable these cookies.
Everlief Child Psychology Limited is the data controller in relation to the personal data that you disclose to us. f another party has access to your data we will tell you if they are acting as a data controller or a data processer, who they are, what they are doing with your data, and why we need to provide them with the information.
“data controller”, “data processor” and “personal data” have the meanings given to them in the GDPR. Personal data broadly means any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
If you have any questions regarding this Privacy Policy, you can contact our Data Protection Officer, Michael Russell at contactus@everlief.co.uk.
If you are not satisfied with the answers from the Data Protection Officer, you can contact the Information Commissioner’s Office (ICO) via https://ico.org.uk,Email: casework@ico.org.uk, Telephone: 0303 1231113. Everlief ICO certification number is Z3109168.
- Why does Everlief need to collect your personal data?
We need to collect information about you so that we can:- Know who you are so that we can communicate with you in a personal way. The legal basis for this is a legitimate interest.
- Deliver goods and services to you. The legal basis for this is the contract with you.
- Process your payment for the goods and services. The legal basis for this is the contract with you.
- Verify your identity so that we can be sure we are dealing with the right person. The legal basis for this is a legitimate interest.
- Optimise your experience on our website. The legal basis for this is a legitimate interest.
- Provide you with useful and relevant Sites. The legal basis for this is a legitimate interest.
- Provide you with useful and relevant marketing material. The legal basis for this is consent (we will request specific consent).
- What personal information do Everlief collect and why do we collect it?
- When you access our Sites: On our Sites, we use cookies to gather information about visitors in order to monitor the quantity of website traffic. Everlief does not identify you or any other individuals from this information.
- When you make an enquiry through our Sites: If you contact Everlief through our Site(s), we will ask your permission to store the following information to ensure that the Site works correctly:
- Your name
- Your email address
- Your telephone number
- When you purchase Psychology Services (as defined in our Terms and Conditions) from Everlief: Should you choose to engage us to provide Psychology Services, we need to collect information through our pre-assessment forms so that we can provide the best possible service to you:
- You and your child’s names, contact details and your child’s date of birth
- Your health insurance details (where applicable)
- Details of the issue that led you to contact us
- Information on your child’s developmental history and relevant family history
- We will not contact your GP or child’s school without explicit permission
- When you sign up for updates on theyarethefuture.co.uk, register interest in future courses or purchase a course on theyarethefuture.co.uk: We will ask you for:
- Your name
- Your email address
We will not send you any marketing communications without your express consent.
- How do Everlief use the information that we collect?
Everlief uses the data we collect from you in the following ways:- Operate and improve our Sites, services, and product;
- Send you advertising or promotional materials (if you have consented to this on theyarethefuture.co.uk)
- Provide and deliver products or other services you request, process transactions, and send you related information;
- Respond to your comments, questions, and requests and provide you with requested customer support;
- To create your invoice.
- Where do we keep the information?
Everlief keep information in the stores described below. Please note that we do not transfer or store any personal data outside the UK.- On Everlief devices: We store documents that contain personal data on a secure cloud-based system and these are deleted within 6 months of completion of any commissioned work.
- On an electronic note-keeping system: Everlief will take notes when we meet with you on paper. All our clinical notes and personal data are uploaded into an encrypted package by Astute Data Systems Limited t/a PracticePal (“Practice Pal” designed as a specialist system for confidential notes and holding full GDPR compliance. PracticePal is classified as an additional data processor. PracticePal runs in a secure environment using the very latest 256-Bit SSL encryption on every page. The web servers themselves are hosted in a state-of-the-art UK based data center behind hardware and software firewalls patched up to the minute. Everlief has its own Microsoft SQL Server database separate from any other customer data which is automatically backed up every night. Both the application and data layers behind PracticePal are both hosted on dedicated, UK based servers with Rackspace. Any process notes that have been made on paper are shredded following the end of your sessions at Everlief. While you are seeing one of the team these are kept in the locked filing cabinet.
- In our accounts package: We use a cloud-based accounts package known as Sage, provided by Sage Group plc that stores the information in the UK and has stated they are GDPR compliant. Our accountants firm is called Azets who are classified as an additional data processor and who have access to the online book-keeping accounts for accounting purposes. They keep no physical storage of personal data records and have stated their processes are GDPR compliant.
- Our parent support courses are provided in conjunction with Kajabi, LLC, a California limited liability company t/a Kajabi (“Kajabi”). Kajabi will require you to register your information which will be subject to Kajabi’s own privacy policy (available at https://kajabi.com/policies/privacy, and is not within our control.
- How long do we keep the information?
If you decide that you do not wish to proceed with Everlief services, your information will be kept for a maximum of one year before being safely destroyed. This is to ensure we provide the best possible service should things change and you contact us again.
Everlief complies with the Department of Health’s recommendation that data is retained for whichever is later of 7 years or until the patient’s 25th birthday or 26th if the young person was 17 at the conclusion of treatment or 8 years after death. An annual check is made and the client’s data removed as appropriate.
http://www.bma.org.uk/ethics/health_records/retentionrecords.jsp All retained personal information is subject to the controls of our data protection policy and will be confidentially disposed of when it is considered to be of no further value. The Sage accounts package keeps financial data/invoices indefinitely. We will manually delete the records after the period of 7 years required by HMRC. - Who does Everlief send the information to?
We will only send the information necessary to achieve business purposes. We send invoices and reports to health insurance companies and other professionals as required professionally.
As previously stated, cloud storage providers will have information shared with them in compliance with GDPR. Information is shared to the degree necessary for accounting and tax purposes. Everlief never permanently stores any personal information in cookies that can be used to identify you, such as your name or account numbers. The exceptions to the above rule would be:- Risk of harm: If we perceived that the child, or someone else, was at risk of harm. If we needed to breach confidentiality for any reason (and this is very rare) we would always discuss this with you first unless in an emergency situation e.g. we felt the child be in immediate danger.
- To comply with applicable laws; respond to governmental enquiries (or enquiries from a legal, governmental, or quasi-governmental or local authority agency); comply with a valid legal process or procedure, or protect our rights or property.
- Informed consent and sharing information from therapeutic sessions
All children and young people, whatever their age or status, have a right to express their views freely and be involved in any decision-making that affects their lives. Therefore, we will gain their informed consent. Any direction or guidance provided by parents or other caregivers must be ‘in accordance with the child’s evolving capabilities’ and support the ‘exercise by the child of his or her rights’. The onus is then on the adults to provide appropriate support to enable the child or young person to express their views and contribute to decision-making. Our team will discuss and agree on how information is shared with parents with an awareness that young people who are ‘Gillick competent’ can consent to information not being shared with parents.
The exceptions to the above rule would be:- Risk of harm: If we perceived that the child, or someone else, was at risk of harm. If we needed to breach confidentiality for any reason (and this is very rare) we would always discuss this with you first unless in an emergency situation e.g. we felt the child be in immediate danger.
- To comply with applicable laws; respond to governmental enquiries (or enquiries from a legal, governmental, or quasi-governmental or local authority agency); comply with a valid legal process or procedure, or protect our rights or property.
- How can I see all the information you have about me?
You can make a subject access request to us. This does not need to be in writing and may be made in person or by phone. We may require further additional verification that you are who you say you are to process this request. We may withhold personal information to the extent permitted by law. In practice, this means that we may not provide information if we consider that providing the information will violate your vital interests. - What if my information is incorrect or I wish to be removed from your system?
Please contact us. We may require additional verification that you are who you say you are to process this request. If you want to have your data removed, we will have to determine whether we need to keep the data, for example, to comply with professional bodies or HMRC. If we decide that we should delete the data, we will do so without undue delay.
It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data. - Will I send emails and text messages to you?
As part of providing a service to you, we may communicate via email or text message, keeping the information in the body of the text to a minimum. Any reports with personal data or sensitive information that we send to you will be password protected. All emails are deleted as soon as practically possible.
We will not send you any marketing communications without your express consent. - How do I opt-out of receiving emails and/or text messages?
If you do not wish to receive information through these means or only wish to receive certain types of communications, please let us know. - What happens in the event of a data breach?
The data protection lead is responsible for responding to personal data breaches. He or she notifies the ICO as necessary and also data subjects where the risk to them is high.
Breaches that carry any risk to data subjects must be reported to the ICO within 72 hours, together with a summary of the nature of the breach, the steps taken to reduce the risk to data subjects, and measures to prevent the breach from happening again. All personal data breaches, however minor, and whether reportable or not being recorded. - Changes to this Privacy Policy
- We may change this Privacy Policy from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
- Any changes will be immediately posted on our Sites and you will be deemed to have accepted the terms of the Privacy Policy on your first use of either Site following the alterations, or if we have made you aware of the changes via email or text. We recommend that you check this page regularly to keep up-to-date.
- Summary of your rights
Under the GDPR, you have the following rights, which we will always work to uphold:- The right to be informed about our collection and use of your personal data. This Privacy Policy should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using the contact details given at the start of this Privacy Policy.
- The right to access the personal data we hold about you. Clause 8 will tell you how to do this.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Clause 9 will tell you how to do this
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Clause 9 will tell you how to do this.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent, it is in our legitimate interest or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business.
- Rights relating to automated decision-making and profiling – we do not use your personal data in this way.
Mediavine Programmatic Advertising (Ver 1.1)
The Website works with Mediavine to manage third-party interest-based advertising appearing on the Website. Mediavine serves content and advertisements when you visit the Website, which may use first and third-party cookies. A cookie is a small text file which is sent to your computer or mobile device (referred to in this policy as a “device”) by the web server so that a website can remember some information about your browsing activity on the Website.
First party cookies are created by the website that you are visiting. A third-party cookie is frequently used in behavioral advertising and analytics and is created by a domain other than the website you are visiting. Third-party cookies, tags, pixels, beacons and other similar technologies (collectively, “Tags”) may be placed on the Website to monitor interaction with advertising content and to target and optimize advertising. Each internet browser has functionality so that you can block both first and third-party cookies and clear your browser’s cache. The “help” feature of the menu bar on most browsers will tell you how to stop accepting new cookies, how to receive notification of new cookies, how to disable existing cookies and how to clear your browser’s cache. For more information about cookies and how to disable them, you can consult the information at All About Cookies.
Without cookies you may not be able to take full advantage of the Website content and features. Please note that rejecting cookies does not mean that you will no longer see ads when you visit our Site. In the event you opt-out, you will still see non-personalized advertisements on the Website.
The Website collects the following data using a cookie when serving personalized ads:
- IP Address
- Operating System type
- Operating System version
- Device Type
- Language of the website
- Web browser type
- Email (in hashed form)
Mediavine Partners (companies listed below with whom Mediavine shares data) may also use this data to link to other end user information the partner has independently collected to deliver targeted advertisements. Mediavine Partners may also separately collect data about end users from other sources, such as advertising IDs or pixels, and link that data to data collected from Mediavine publishers in order to provide interest-based advertising across your online experience, including devices, browsers and apps. This data includes usage data, cookie information, device information, information about interactions between users and advertisements and websites, geolocation data, traffic data, and information about a visitor’s referral source to a particular website. Mediavine Partners may also create unique IDs to create audience segments, which are used to provide targeted advertising.
If you would like more information about this practice and to know your choices to opt-in or opt-out of this data collection, please visit National Advertising Initiative opt out page. You may also visit Digital Advertising Alliance website and Network Advertising Initiative website to learn more information about interest-based advertising. You may download the AppChoices app at Digital Advertising Alliance’s AppChoices app to opt out in connection with mobile apps, or use the platform controls on your mobile device to opt out.
For specific information about Mediavine Partners, the data each collects and their data collection and privacy policies, please visit Mediavine Partners.