Privacy Policy
1. Introduction
The Next Steps Forward receives your information through various methods. We hold your information, and therefore we are committed to keeping it safe and secure.
New regulations have come into force recently which requires us to explain why we need your data, what we do with it, how we store it and who we may share it with.
Being an open and transparent company, we have set out the following document in the hope that you are able to fully understand exactly what we do (and do not do!) with your information.
Should you still have a niggling query, please feel free to get in touch and we shall be happy to explain further.
2. What is the GDPR?
There is no doubt that you will now be familiar with the term ‘GDPR’ after receiving lots of emails about it from various companies between April and May 2018, but a lot of people still do not fully understand what it means.
GDPR stands for The General Data Protection Regulations and it came into force on 25th May 2018. It replaces the Data Protection Act 1998 and means that companies based in the EEA (European Economic Area) are subject to stricter rules about how your personal data is stored and processed. It gives you more control over your personal information, what companies do with it, how they manage it, and how you access it.
When the UK leaves the EEA, these rules will still apply. It also applies to any company outside of the EEA who has dealings with individuals inside the EEA.
For example, if you, (an individual in the EEA) buy a product from a company in China, that Chinese company must comply with GDPR Regulations.
3. What are the legal bases for data collection?
Any individuals’ data which is collected and processed by a company now must fall within one of six ‘legal bases’ (or categories if you prefer).
The Next Steps Forward uses these bases:-
Contractual Obligations
Legal Compliance
Legitimate Interest
Consent
– Contractual Obligations
Processing is necessary for the performance of a contract with a client or to take steps to enter into a contract.
The data collected for the purposes of a contract will include:
Name
Contact number
Email Address
Home Address
(Home address is also needed for ‘Legal Compliance’ – see below.)
– Legal Compliance
Processing is necessary for compliance with legal obligations.
– Legitimate Interest
We may collect and process personal information and data for our own legitimate interests, in ways which are reasonably expected and assist us in the running of our business.
– Consent
We may collect and process personal information if you give us permission to.
4. What personal data does The Next Steps Forward collect and process?
Personal Data Collected will include:
Name, date of birth, address, contact number, email address, next of kin details and doctors’ details.
In addition to the above, there may be reason to collect what is known as ‘sensitive data’, which includes: race or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health condition, sex life and criminality, alleged or proven.
How we use that Data Legally.
When booking directly, or via our website we collect the following: -
Your name
Your address
Email address
We use this information to complete your booking with us.
Legitimate Interest
When you complete our contact us form, we use these details to ensure we have correct details of who is applying for the equine facilitated learning service and who the service is taken up by, for ongoing treatment.
Consent
We will ask for your specific consent for collecting data when services are engaged with The Next Steps Forward by way of a Confidentiality and Data Protection Agreement which will require your dated name and signature.
When you visit our website, we monitor information such as:
Your location
The pages visited
Time of visit, and time spent on each page of our website
This data is anonymous, and we do not collect your personal details. This is monitored to make relevant improvements to our website.
5. How does The Next Steps Forward store your data?
We will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy and GDPR Regulations.
All information you provide to us is stored on secure systems, protected by numerous levels of password protection and encryption.
Once The Next Steps Forward has received your information, we use strict procedures and security features to prevent any unauthorised access.
All data stored is backed up on a password protected cloud-based server.
6. How long do we keep your data?
When we collect or process your personal data we will only keep it for the duration of your treatment and for a period of one month after your treatment has ended. Your details will then be shredded. Session notes which are only identified by an Initial and company coding, will be kept for a period of 6 years, which is for legal purposes.
Online Enquiries.
When you make an enquiry through our website, we will keep any personal data you provide us whilst we deal with the enquiry. Once the enquiry has been dealt with, all personal information will be deleted if you do not take up services with The Next Steps Forward.
7. Who do we share your data with?
Your data will not be shared with any other agency. Exceptions to this are if you or others are at risk or if a court subpoenas notes.
8. Your Rights
Under the new guidelines, you have the right to request a copy of any information The Next Steps Forward currently holds about you, at any time and also to have that information corrected if it is inaccurate. To ask for your information please contact Data Protection,
The Next Steps Forward; sonia@thenextstepsforward.com
To ask for your information to be updated please contact as above.
Right to withdraw consent
Whenever you have given us consent to process your personal data, you have the right to change your mind and withdraw that consent at any time.
Where we rely on our legitimate interest
In cases where we are processing your personal data for legitimate business interests, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your data.
Any Questions
We hope that this information has answered your questions regarding Data Privacy and GDPR, but should you have any remaining questions please do not hesitate to get in touch.