+ Data Controller
As a sole trader resident in the EU, I (Heather Borkowski) am the Data Controller.
+ Reasons for Collection of Information
I am only allowed to collect personal information for proper and lawful reasons. At every stage of my relationship with you, your information will only be processed if it meets at least one of the following conditions.
- To fulfil my contractual agreement with you. This includes the collection of information before we enter into a explicit or implicit contractual agreement, during our work together and after the process has concluded.
- To ensure I am giving you a professional and ethical service and comply with the requirements of my insurers.
- When it is my legal duty to collect, store, use or transfer information in order to comply with legislation or the instructions of a court of law
- When it is required to maintain my own safety, your safety or the safety of third parties.
- To monitor the effectiveness of my website, and/or other marketing activity
- To enable financial transactions between us
+ How Information is Collected
- The personal identifiable information I collect, store and use comes from our
- conversations (online, face to face & phonecalls)
- emails & texts
The information others may hold comes from our online communication, use of social media and/or from financial transactions between us.
+ Types of Information Held
If you subscribe to my newsletter I hold the following Personally Identifiable Information
- Your email address
- Your name If you choose to work with me I may hold the following Personally Identifiable Information-
- Your contact Information
- Socio-demographic & locational information, including age, gender, past & present location, employment and relationship history, ethnicity, education, health, financial status. and past/present relationships.
- Communication Information from letters, emails, texts, and phonecalls.
- Information derived from our sessions together
- Contracts & Consents. Information about Contracts & Consent such as signed letters of consent.
- Information required to fulfil the agreement between us.
- Information about financial transactions between us
- Information required to circulate my newsletter to you
Third Parties may also hold information gathered through your interactions with me and/or my website. This includes,
- Information derived from the circulation of my newsletter via Mailchimp
- Information derived from scheduling an appointment via the Acuity application
- Information derived from viewing my social media profiles.
- Information derived through email, SMS, phone contact between us (Note 1)
- Information derived from our use of videoconferencing applications (Note 1)
- Information about financial transactions between us
- Information derived from the location of our phones (Note 2)
Note 1 - this is meta-data such as date, time, IP address and duration of communication, and usually does not include the content of the conversations.
Note 2 - Modern Smartphone applications upload the location of the phone to the application server. This can result in applications such as Facebook deriving a connection between us.
+ Storage of Information
I store information in two forms
- Digitally -
- Contact information - Held on, Laptop and backed up in the cloud and locally
- Emails - These are held on a laptop, phone and backed up on local devices.
- SMS Texts -These are held on a phone, and backed up in cloud storage.
- Calendar appointments - These are held on a phone, laptop and online system. They are backed up both locally and online.
- In Paper form -
- Session notes and information from sessions
- Letters, signed consents and agreements, sociodemographic information.
- Information about financial transactions (bank statements). This is held in separately to the above in a file in an unlocked cupboard.
Third Parties may hold information in any form.
+ Sharing of Information
Who I may share personally identifiable information with
- Statutory bodies when required to by law or instruction of a court of law
- Statutory bodies when legally required to avoid harm to you, me or others
- My insurers and professional advisers in the case of you making a complaint against me
- My professional executor, in the case of my incapacity or death.
- A lawyer - If your information is requested by a court or you raise a legal action against me I may take legal advice, in order to clarify whether the court has jurisdiction, and whether the request meets the strict legal criteria required in such cases. In this situation I may consult a lawyer to help me make an informed decision about whether to release some or all the information I hold to the court. Personal information pertinent to the decision will be made available to the lawyer, who will be bound by a Professional Code of Conduct.
- With other senior trained peers as part of my continuous professional development process.
With your written permission I may share anonymised information with
- Professional peers, tutors and examiners in order to gain additional qualifications and accreditations.
With your written permission I may share non-anonymised testimonial information on my website and social media pages.
+ How long will I keep your information
I will keep your information for a variety of lengths of time depending on how it is held
- Digital Information - Basic contact information - contact information, emails, texts, messages and calendar appointments. For technical reasons this information cannot be entirely erased and could therefore remain accessible to a technically competent person until the storage device is destroyed or securely wiped and reformatted.
- Paper information - Notes and paper copies of contact information, emails, created media. These will be shredded 3 years after our work together ends.
I will never knowingly share your information with a third party.
+ Sending of information outside the EU.
I will not knowingly send your personal information outside the EU unless
- I am required to in order to comply with the instructions of a Court of Law
- I have to do so in order to defend myself against a legal action or a complaint brought by you.
+ Your rights
You have a range of legal rights including
- the right to access your personal information
- the right to require me to change any factual mistakes in the information I hold.
- the right to withdraw your consent to the non-essential processing of information (1)
- the right to request the deletion/destruction of your personal information*
(1) You can withdraw consent to the use of your personal information and/or request its destruction however there are limits to this right laid down in the legislation. For example you cannot demand the destruction of records of financial transactions.
For more information about your Information Privacy Rights or to make an Information Privacy orientated complaint you can contact the Information Commissioners Office through their website https://ico.org.uk/
+ Changes to this policy.
If I have to make changes to this policy that are inconsistent with the original purposes for which your data was collected I will notify you in advance wherever possible and give you the opportunity to withdraw consent for your information to be processed.