Stay in touch
Accreditation
The UK general data protection regulation or (UK GDPR) for short, is a government policy that aims to protect personal data businesses and organisations may collect from people. DAPL are committed to protecting your personal data and have to tell users how we store the information we collect and how we use it.
At referral, we collect non-sensitive personal data including your name and contact details, date of birth and GP details where necessary. We will use your non-sensitive personal data to (a) register you as a new client, (b) to manage our relationship with you. We also collect sensitive personal data: session notes, supervision notes and assessment information.
We will use your personal data for the purposes of providing our services to you or if we need to comply with a legal obligation. Non-sensitive and sensitive personal data will be held in the strictest confidence.
In all cases, you will be encouraged to pass on the information yourself. In line with professional requirements, counsellors/supervisors/coaches/consultants may discuss sessions with a supervisor external to DAPL. In this process, your anonymity will be maintained.
Our legal grounds for processing your data are in relation to points(a) & (b) above and are for performance of a contract with you. We will not share your details with third parties for marketing purposes.
We may have to share your personal data with (i) service providers who provide IT and system administration support, (ii) professional advisors including lawyers, bankers, auditors, and insurers (iii) HMRC and other regulatory authorities (iv) to fulfil our contract with you.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. They are only allowed to process your personal data on our instructions.
Protecting your data is important to us and we have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We also limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator of a breach where we are legally required to do so. In certain circumstances, you can ask us to delete your data. See the section entitled ‘your rights’ below for more information.
We may anonymise your personal data (so that you can no longer be identified from such data) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
We will only keep your personal data for as long as is necessary to fulfil the purposes for which we collected it. In most cases, we will only retain your data for 3 years after you cease to be a client. The only exceptions to this will be in cases where we have to satisfy any legal or reporting requirements. You will be informed of this if it affects you.
You have the right to ask us to delete the personal data we hold about you in certain circumstances. See section 5 below.
You are able to exercise certain rights in relation to your personal data that we process. These are set out in more detail on the ICO website.
In relation to a Subject Access Right request, you may request that we inform you of the data we hold about you and how we process it. We will not charge a fee for responding to this request unless your request is clearly unfounded, repetitive or excessive in which case we may charge a reasonable fee or decline to respond.
We will, in most cases, reply within one month of the date of the request unless your request is complex or you have made a large number of requests in which case we will notify you of any delay and will in any event reply within 3 months.If you wish to make a Subject Access Request, please send the request to enquires@dapl.net or to DAPL 1-2 Parkdale, Leven Fife KY8 5QA.
We have a duty to keep your personal data up to date and accurate so from time to time we will contact you to ask you to confirm that your personal data is still accurate and up to date.
If there are any changes to your personal data (such as a change of address) please let us know as soon as possible by writing to or emailing the addresses set out in section 6 above.
We are committed to protecting your personal data but if for some reason you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
We would be grateful if you would contact us first if you do have a complaint so that we can try to resolve it for you. We may change this Privacy Notice from time to time and shall notify you of any changes.