Inner Focus is committed to protecting and respecting your privacy.
This Privacy Notice explains when and why we collect personal information about people who join the mailing list on our website and interact with Inner Focus via telephone, email and any other forms of correspondence. It covers how we use this information, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Notice from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using this website and corresponding with Inner Focus, you’re agreeing to be bound by this Notice.
Any questions regarding this Notice and our privacy practices should be sent by email to [email protected] or by writing to Inner Focus,138, Gunton Lane, Norwich, NR5 0AQ. Alternatively, you can telephone 079791801790
Data Controller: Sara Bradly
The wording in this document reflects the requirements of the General Data Protection Regulation (GDPR), which will come into effect in the UK on 25 May 2018. The word ‘process’ as applied to your information or data, for clarity, can be replaced with the words ‘use’, ‘record’, ‘store’, ‘obtain’, ‘keep’.
Who we are?
Inner Focus is the trading name of Sara Bradly MA MBACP. Inner Focus is a counselling and personal development service, offering personal therapy, one-to-one and group focusing sessions, workshops and courses. You can contact Sara Bradly by email: [email protected]; mailing address: 138 Gunton Lane, Norwich, NR5 0AQ; mobile: 07979180170.
How do we collect information from you?
We obtain information about you when you sign up for the mailing list on the website, email, telephone or correspond with Inner Focus, for example when you contact us about products and services.
What type of information is collected from you?
The personal information we collect might include your name, address, email address, and telephone number. We only collect information that you have given us. Below is a summary of the different categories of data we may use.
Communication Data that includes any communication that you send us whether that be through the mailing list sign up form on our website, through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, pursuance or defence of legal claims. Our lawful ground for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and to establish, pursue or defend legal claims.
Customer Data that includes data relating to any purchases of goods and / or services such as your name, title, billing address, delivery address, email address, phone number, contact details, purchase details (i.e. bookings through Eventbrite which is an online event-planning site). We process this data to supply the goods and / or services you have purchased and to keep records of such transactions. Our lawful ground for this processing is the performance of a contract between you and us and / or taking steps at your request to enter into such a contract.
Marketing Data (this is only applicable if you have signed up to our mailing list or one of our workshops / courses and have given your consent to be contacted by us) that includes data about your preferences in receiving marketing from us via our third party service providers (i.e. MailChimp which is a marketing automation platform that enables businesses to share email and ad campaigns; and Eventbrite, an event management and ticketing website) and your communication preferences. We process this data to enable you to partake in our workshops and courses. Our lawful ground for this processing is your consent to be contacted in this way by us.
Sensitive Data that includes information that you may share in the course of therapy, or information you may choose to share before starting or during one of our workshops or courses. We require your explicit consent for processing sensitive data, so your consent will be requested before any processing of sensitive information takes place. You will also be given explicit details about how your sensitive information is processed. For example, as a private therapy client your sensitive information is processed (recorded) in the form of brief handwritten notes which are kept confidentially in a locked file and are destoyed at the end of therapy, unless there is a legitimate reason for keeping the notes longer. Emails and texts which include sensitive information are encrypted and delivered by Stay Private, a secure email platform. They are password protected.
Very rarely we may process your personal data without your knowledge or consent where this is required by law, or in the interests of safety from harm in relation to any individual or group.
How is your information used?
We may use your information to:
- Process orders for services that you have submitted;
- Carry out our obligations arising from any contracts entered into by you and us;
- Seek your views or comments on the services we provide;
- Notify you of changes to our services;
- Send you communications which you have requested and that may be of interest
to you. These may include information about events, workshops, courses and other activities and promotions of our associated organisation, Norwich Focusing’s services;
Who has access to your information?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
Third Party Service Providers working on our behalf
MailChimp - for mailing lists; Eventbrite - for bookings and payment of courses/ workshops; Stay Private - for secure email and text communication and storage of sensitive data within these.
We may pass your information to our third-party providers (as above) for the purposes of providing services to you on our behalf (for example to send you mailings, take bookings and process payments, or to send secure communications). We ensure that our third party providers keep your information secure: MailChimp stores data in the US and is compliant with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework; Eventbrite stores data in the US and is GDPR compliant; Stay Private is GDPR compliant and stores data in the EU with military-level AES-256 encryption.
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us, then you can select ‘unsubscribe’ on any marketing email that you receive. You can change your marketing preferences at any time by contacting us by email: [email protected] or telephone on 07979180170. We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent.
How you can access and update your information – Your legal rights
Under data protection laws you have new rights in relation to your personal data. These rights include the right to request access, correction, erasure, restriction, transfer, to object to processing, to portability of data and where the lawful ground of processing is consent, to withdraw consent.
The accuracy of your information is important to us. If you change email address, or any other information we hold is inaccurate or out of date, or you wish to exercise any of the rights set out above, please email us at [email protected], or write to us at Inner Focus, 138 Gunton Lane, Norwich, NR5 0AQ. Alternatively you can telephone 07979180170.
You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data or to exercise any of your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
We aim to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case we will notify you.
Use of “cookies”
Links to other websites
We have put in place security measures to prevent your personal data from being accidentally lost, used, altered, disclosed or accessed without authorisation.
Any sensitive information is encrypted and protected. Emails or texts containing sensitive information will be sent via secure email (Stay Private), which will be encrypted and will need a password to access. It is your responsibility to keep your password safe.
Non-sensitive details (your email address etc.) are transmitted normally over the internet and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. We have procedures in place to deal with any suspected data breach and will notify you and any applicable regulator of a breach if we are legally required to do so.
Sara Bradly is the only person who has direct access to your information. In the case of an emergency where Sara is incapacitated or in the case of her unexpected death, a procedure is in place for her clinical supervisor to be able to gain access to your information for the purpose of notifying you of the situation. Your information will be treated confidentially by the supervisor.
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including the purposes of satisfying any legal, accounting or reporting requirements.
When deciding what the correct time is to keep data for we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes, if these can be achieved by other means and legal requirements.
- For tax purposes the law requires us to keep basic information about our customers (including contact details, financial and transaction data) for six years after they stop being customers.
- Sensitive information from therapy sessions, including sensitive information from email and text is destroyed at the end of therapy or six weeks from when I last hear from you unless there is a legitimate reason for keeping it longer.
- Basic personal information of therapy clients, such as name, address, email address, telephone number, how many sessions attended and the therapy outcome are kept for three years after the end of therapy.
- Email addresses submitted to our mailing list will be reviewed every two years.
Review of this Notice
We keep this Notice under regular review. This notice was last updated in May 2018.