PRIVACY POLICY

1. INTRODUCTION

This communication concerning our Privacy Policy informs you of how the National Institute for Cognitive Psychology (NICP) website at https://cognitivepsychology.org.uk looks after your personal information. It includes what we learn from you either as a professional member of NICP or as a member of the public visiting our website with regard to what you tell us, as well as any choices you may select regarding the way we communicate with you.

NICP take your privacy seriously. This policy embraces the collection, processing and other use of personal data under the Data Protection Act 1998 (DPA) and also the General Data Protection Regulations (GDPR).

For DPA and GDPR purposes NICP are the data controller and any enquiry regarding the collection or processing of your data should be made to Robert Russell at the following:
Address: Longcroft House, 2 – 8 Victoria Avenue, London, EC2M 4NS
Tel: 020 7175 7275
Email: Email [email protected]

This notice explains how NICP protects your information, including the data that is collated when you use our website and our services.

Through using this website you consent to the NICP Privacy Policy. NICP are registered with the Information Commissioner’s Office for this purpose.

This policy will be updated from time to time in line with the General Data Protection Regulations (GDPR) or current legislation.

2. LAWFUL BASIS FOR PROCESSING INFORMATION
In order to carry out and perform its role as a membership organisation, NICP needs to collect and use certain types of information about people applying for membership or who are existing or past members, as well as members of the public who visit its website or who wish to locate a member’s details. NICP deem that our lawful basis for processing information is one of legitimate interest, since without the collection and the retaining of your information we are unable to provide the necessary services required by our members.

NICP is dedicated to the lawful and correct handling of personal information in line with the General Data Protection Regulations and have taken all reasonable precautions with regard to storing and processing of your information to ensure that it is protected.

The Data Controllers are:
The NICP Administrators

The Data Processors are:
The NICP Administrators

From time to time we will contract with external agencies to provide services on our behalf. In all instances we will seek written assurance that these agencies are compliant with the GDPR principles.

3. GDPR PRINCIPLES

NICP will ensure personal data is:

 Processed lawfully, fairly and in a manner transparent in relation to the data subject
 Collected for legitimate, specified and explicit purposes that is not further processed for additional purposes incompatible with those purposes
 Processed in a way that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
 Kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed
 Relevant, adequate and limited to what is necessary in relation to the purposes for which data is processed
 Accurate and, where necessary, kept up to date

4. USE OF YOUR INFORMATION

NICP may use personal information provided by members and those seeking membership for the necessary purpose of registration, on-going membership requirements or matching site visitors with requested member information. We will also supply any information given by members of the public who wish to communicate with NICP members.

Information gathered by NICP may also be used for the following purposes:

 To consider and decide upon eligibility for membership
 To enable the general public to search the Register to check members registration status and to make contact with members
 To administer, update and maintain the Directory of NICP therapists and maintain the database, which includes all levels of membership
 To process and respond to requests, enquiries and complaints received from members
 To process and respond to requests, enquiries and complaints received by others about any member’s standards and fitness to practise
 To process data relating to barred individual members
 To communicate with members about our services, news and events
 To communicate with members regarding membership benefits – eg any general collective or individual communications and provision of certificates
 To compile statistics through the analysis of profiles and trends
 To ensure any member supervision is tailored to individual needs
 To liaise with member’s supervisors, with a member’s consent, concerning any areas of development identified following a complaint
 To survey registrants
 To prevent or detect fraud
 For audit purposes

NICP does not store bank or card details except for the purposes of processing refunds that you have requested us to make and such data will be deleted immediately after our part has been actioned.

NICP will hold members’ personal information on our systems for the duration of your membership in order to comply with company law requirements, and thereafter for a period of 7 years after your membership lapses.

After this time, in compliance with Article 5 of the GDPR, NICP will delete members’ records in a secure manner unless there has been a complaint about a member’s fitness to practice.

All details of complaints from the public and members against members of the NCH are retained for 3 years. After 3 years any identifying details will be removed and only unattributed information will be stored for the purposes of precedent and identifying training improvements.

All historic data pertaining to NICP Administrative decisions and actions will be stored for the duration of the existence of the National Institute of Cognitive Psychotherapy in compliance with company law requirements.

5. COLLECTING PERSONAL INFORMATION

The details of any criminal convictions disclosed to NICP will also be held for the duration of a decision making process. If we conclude the conviction does not impede a member from maintaining membership, we will delete all reference to this. Should we decide it does mean a member can no longer maintain membership of NICP, that member will be informed of this by us. Thereafter we will remove the relevant member information from public view. However in such an instance, a past member’s data will continue to be retained for one year.

NICP will process personal information from all new applicants to perform its function. If an individual is not content to allow us to process their personal information, that individual will not be eligible for membership.

6. MEMBER INFORMATION THAT WILL BE VISIBLE TO THE PUBLIC

Certain information members provide to NICP will be made visible by us to anyone visiting our website and/or enquiring about any member. The public can inspect the following information on the online register:

 Full name of member
 Registered discipline and qualifications of a member
 The practice address and post code provide to us by a member

NB This information can be details of your practice premises or, if you do not have a separate practice address, details of your home address

 The practice address, including Town/City/County/Country provided to us by a member
 The practice telephone number(s) provided to us by a member
 The appropriate practice website address(es) provided to us by a member
 A member’s NICP registration number
 Any photograph or logo provided to us by a member
 Relevant professional details provided to us by a member for NICP profile purposes

A member’s home address details (unless the same as the practice address), date of birth and other data are not available to the public unless given by a member to NICP specifically for that purpose.

7. INFORMATION FROM A WEBSITE ENQUIRER THAT WILL BE VISIBLE TO A MEMBER

Any information supplied by a member of the public enquiring about the services of a NICP member, whether through filling in an online form or providing details over the phone for such purposes, will be held by NICP for one year only. It will also passed as soon as practicably possible to any or all NICP members deemed professionally suitable to fulfil the therapy requirements of that member of public.

Public Enquiry Information passed on will be limited to:

 The enquirer’s name
 The contact details provided by the enquirer
 The personal details provided by the enquirer relevant to the therapy sought

8. SOCIAL AND BUSINESS MEDIA

NICP operate social media accounts. Members deciding to participate with these accounts and their associated posts must appreciate and accept that participation will be visible to the public.

9. LINKS AND LINKING TO OTHER WEBSITES

NICP’s website may include links to other websites of interest. Immediately upon accessing these links, you will have left the NICP website whereupon we have no control over other websites. NICP cannot be held responsible for the protection and privacy of any information that you provide when visiting other sites, which are not governed by our privacy policy. We suggest you always check the privacy statement applicable to these relevant websites when visiting them.

10. CONTACT WITH YOU FROM NICP

The purposes and nature of the relationship between NICP and its members mean you can be contacted through any of the following mediums: telephone, email or letter and we will seek consent from members to do so during the application process. If a member prefers not to be contacted through one or some of these mediums, this can be made clear by updating your preferences through logging onto your membership page. You will be given the opportunity to unsubscribe to emails at any time.

NICP will contact members of the public enquiring about NICP member services via the preferred and selected contact method provided at the time the enquiry is made. At any time during the communication process between an enquiring member of the public and either NICP, or a NICP member, the enquirer can elect and request that all further communication to be immediately ceased.

11. COOKIES

The NICP website, https://cognitivepsychology.org.uk uses cookies to better the users experience while visiting the site. As required by legislation, this website uses a cookie control system allowing the user to give explicit permission or to deny the use of and saving of cookies on their computer.

12. SECURITY AND PERSONAL DATA STORAGE

NICP take all reasonable steps to hold information securely in electronic or physical form and to prevent unauthorised access, modification or disclosure. Our information security policy is supported by a number of security standards, processes and procedures and information is stored in access-controlled premises or in electronic databases requiring logins and passwords.

All NICP Administrators with access to confidential information are subject to confidentiality obligations.

13. SHARING OF INFORMATION

NICP will not disclose your information with anyone without your written consent unless required to do so under a legal, regulatory or professional obligation except with your express written permission

14. YOUR RIGHTS
You have certain rights under existing data protection laws, including the right to (upon written request) access a copy of your personal data. If you are based within the UK or the EEA or within another jurisdiction having similar data protection laws, in certain circumstances you will also have the following rights:

 To ask NICP to provide you with information regarding the Personal Data we process concerning you
 To rectify, update or complement inaccurate or incomplete Personal Data concerning you
 To delete or request the erasure of Personal Data concerning you
 In certain circumstances to restrict the way in which I NICP processes Personal Data concerning you
 To withdraw any consent you may have given NICP to process Personal Data concerning you
 To object to NICP processing Personal Data concerning you
 To obtain from NICP the portability of Personal Data concerning you which we process using automated means on the basis of your consent or of a contract you have entered into with NICP; and
 In the European Economic Area, to lodge a privacy complaint with a supervisory authority if you are unhappy with the way I NICP has handled your Personal Data or any privacy query or request that you have raised with us

Where your exercise of any of the rights above is dependent on NICP’s actions, we will abide by the legal obligation to take reasonable measures to ascertain your identity and the legitimacy of your request, and may ask you to disclose to us any information necessary for that purpose.

NICP will respond to a legitimate request within 30 days, although in certain limited circumstances, we may need to extend our response period as permitted by law.

Please note that if you withdraw your consent to the use of your personal information for purposes set out in this Privacy Policy, NICP may not be able to provide you with access to all or parts of our services.

Please also note that some of the rights above may not be applicable to you (or to all of the information about you that NICP is processing) due to the application of one or more of the Exemptions set out below

If you consider NICP’s use of your personal information to be unlawful, you have the right to lodge a complaint with the UK’s supervisory authority, the Information Commissioner’s Office. Please see further information on their website: http://www.ico.org.uk/

15. EXEMPTIONS

Article 14 of the GDPR states that it is not necessary to supply information about the data NICP process where that information has not been received from the individual concerned and “where the personal data concerned must remain confidential subject to an obligation of professional secrecy regulated by [English] law”.

In addition, Schedule 2 of the Data Protection Act 2018 exempts us from providing information about:

Disclosures of personal data to us or by us where the disclosure is:

 Required by an enactment, a rule of law, or an order of a court
 Necessary for the purpose of, or in connection with, legal proceedings (including prospective legal proceedings)
 Necessary for the purpose of obtaining legal advice or otherwise establishing, exercising or defending legal rights
 Processing of personal data that consists of information in respect of which a claim to legal professional privilege could be maintained in legal proceedings

14. IF YOU DO NOT WANT TO RECEIVE MARKETING INFORMATION FROM NICP

If you receive marketing materials relating to NICP’s services by email, SMS or post, you may withdraw your consent for us to send these to you at any time, by sending a letter or email to the relevant contact details set out in Section 1 above of this Privacy Policy.

15. AUTOMATIC DECISION MAKING

NICP do not make decisions based solely on automated data processing, including profiling.

16. STATUS OF THIS POLICY

NICP review this Privacy Policy regularly and reserve the right to revise it or any part of it from time to time to reflect changes in the law or technology practices.

17. CONTACT AND FURTHER INFORMATION

If you have any questions about this Privacy Policy, or want to submit a written complaint to us about how we handle your personal information, please contact us through the relevant contact details set out in Section 1 above of this Privacy Policy.

Last updated: January 2019