Data Protection Policy

This statement confirms yoohoo Speech and Language Therapy Ltd.’s commitment to protect your privacy and to process your personal information in accordance with the Data Protection Act.

What personal information we might need and why

We may collect and process the following examples of personal information. Please note that we may, at times, also need to collect other personal information that is not listed.

The following list is relevant those accessing services from yoohoo Ltd and staff:

Your name
Contact information (for example address, telephone numbers, email addresses)
Information about your child’s age, ethnicity, gender, nationality, disability status
Job title/role
Registrations (e.g. HCPC, RCSLT, ASLTIP)
Information about your education and qualifications
Information about your skills and expertise

We may use/process this information to:

Carry out statutory functions
Handle complaints
Conduct investigations
Conduct research
Understand people’s views and opinions (for example through consultations)
Improve our services
Carry out administrative functions
Share it with third parties for obtaining professional advice and offering advice (e.g. schools, nurseries etc).  
Send you information that we think might be of interest to you
Comply with our legal and regulatory obligations.

Protecting your information

We have appropriate technical and organisational measures in place to protect your information.
We will handle and protect your information in line with data protection principles.
Personal data will be processed fairly and lawfully.
Personal data will be obtained only for specified and lawful purpose(s) and will not be processed in a manner that is not compatible with that purpose(s).
Personal data will be adequate, relevant and not excessive in relation to the purpose(s) for which they are processed.
Personal data will be accurate and where necessary, kept up to date.
Personal data will not be kept for longer than is necessary and in line with regularity bodies (ASLTIP, RCSLT, HMRC)
Personal data will be processed in accordance with the data subject’s rights under the Act.
Appropriate technical and organisational measures are in place to protect personal data from unauthorised or unlawful processing and from accidental loss, damage or destruction.

Accessing your information (Subject Access Requests)

Under the Act, you are entitled to ask for a copy of the personal information that we hold about you and to have any inaccuracies in your personal information corrected.
When you submit a request for your personal information, you are entitled to:
know what personal information we are processing or have processed;
why we have processed your personal data − the reason(s) and purpose(s) for the processing of your personal information;
know if we have shared your personal information and if so, with whom and for what purpose(s).
Requests for your personal information must be submitted to us in writing via info@yohoo.org.uk.

Sharing your personal information

We may need to share your information with third parties. This may be for a variety of reasons but will always be to enable us to undertake our statutory functions, to regulate effectively and/or to comply with our legal or regulatory obligations.

When your personal information is shared it will be done so in line with the Act. You are entitled to know why and how we are sharing your personal information (as noted above) and the organisation or individual receiving your personal information will be required to protect your information in line with the Act.

Logging and recording of communications with you

We may log communications between you and us for the purposes described earlier in this statement.

Links to Other Websites

Our website includes links to other websites (for example in our blogs). We are not responsible for the data protection and privacy practices of these organisations, including their website. This Data Protection Policy applies to yoohoo Ltd only.

Further information about the Data Protection Act

This policy applies to personal data as defined by the Act – that is, data from which a living individual can be identified, either from that data alone, or from that data and other information that is held by the data controller. This includes information held on computer, paper files, photographs and recordings.

The purpose of the Act is to make sure that personal data is used in a way that is fair to the individual and protects their rights, while enabling organisations to process personal data in pursuit of their legitimate aims. 

Conditions under which personal data can be processed

Listed below are possible conditions under which personal data can be processed. The processing of personal data can only take place if one of these conditions can be satisfied.

1 The data subject has given his consent to the processing. [This consent must be fully informed and freely given]

2 The processing is necessary –

(a) for the performance of a contract to which the data subject is a party, or [for example, a contract of employment or a consumer contract]

(b) for the taking of steps at the request of the data subject with a view to entering into a contract.

3 The processing is necessary for compliance with a legal obligation to which the data controller is subject, other than an obligation imposed by contract.

4 The processing is necessary to protect the vital interests of the data subject.[This condition is narrowly interpreted by the Information Commissioner and applies to emergency situations only.]

5 The processing is necessary –

(a) for the administration of justice,

(b) for the exercise of any functions of either House of Parliament,

(c) for the exercise of any functions conferred on any person by or under any enactment,

(d) for the exercise of any functions of the Crown, a Minister of the Crown or a government department, or

(e) for the exercise of any other functions of a public nature exercised in the public interest by any person.

6 (1) The processing is necessary for the pursuit of legitimate interests by the data controller or by the third party or parties to whom the data are disclosed, except where such processing is unwarranted in any case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject

(2) The Secretary of State may by order specify circumstances in which this condition is, or is not, to be taken to be satisfied.

The Information Commissioner’s Office

The Information Commissioner’s Office (ICO) is “the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals” (ICO website). It is responsible for administering the provisions of the Data Protection Act 1998 and the Freedom of Information Act 2000.

www.ico.org.uk

The Act requires every data controller who is processing personal information to register with the ICO (unless they are exempt). The ICO publishes a Register of data controllers4 on their website. Yoohoo Ltd is registered with ICO.

For more information

If you have any questions about this policy, please contact our Data Protection Officer via email at info@yoohoo.org.uk

Updated May 2018