Who we are?
We are Blue Rhythm Ltd. (“we” or “us”), a company that represents appropriately vetted and authorised medical professionals (“Coaches”), in the fields of substance abuse and mental health, in order to help professionals within creative industries.
What does this Policy cover?
Our services have privacy by design at their core to ensure that personal data that is processed is minimised and kept secure. This Privacy Policy explains our very limited use of personal data and your rights in relation to such use.
What personal data do we collect and why do we use it?
The table below explains who we collect personal data about, what that personal data is and the purpose. The last column sets out the ‘lawful basis’ we rely on for processing that personal data which is a requirement of data protection rules. Essentially, companies like us may only process personal data if they can identify a lawful basis from a list set out in the legislation.
Lawful Basis for Processing
Clients and Potential Clients
We only use your contact details, such as name, email address and, if applicable, a unique company code (whether you come to us directly or through a referring organisation such as a management company). These contact details and unique company code is provided to our secure scheduling providers who will set up the appointments for you with the relevant Coach.We may receive statistics about use of the service which is required for invoicing purposes but again this is all linked to the unique company code. For example we may know that company code ‘145688’ has had a coach session on a particular date.We do not have any access to any information which is disclosed by you to your Coach. Coaches are separately subject to data protection laws and will provide you with their own privacy notice explaining any processing by them of your personal data.We also don’t collect payment details since payments are managed by Stripe.If you separately choose to correspond with us, we will process that data in order to respond to and keep a record of that query.
The information we process is given to us by you/your agent/referring organisation. It is used for us to provide the service to clients and also to enable invoicing.
Our legitimate interests as a business in responding to and keeping a record of correspondence and services provided. Some information is also necessary for us to perform our contract – for example, we need client email details to allow scheduling of appointments.
Lawful Basis for Processing
Coaches
Contact details and provided correspondence. Contracts. Bank details for payment transfers. Resumes and accreditation details.
This information is given to us by you where you are a Coach. It is used by us to fulfil contracts, engage in business discussions and check the qualifications and experience of coaches.
Our legitimate interests as a business in responding to and keeping a record of correspondence. Some information is also necessary for us to perform our contract such as payment details.
Lawful Basis for Processing
Individuals Who Contact Us
Contact details provided and correspondence.
This information is given to us by you. It is used to respond to the query and keep a record of it.
Our legitimate interests as a business in responding to and keeping a record of correspondence.
Lawful Basis for Processing
Suppliers and Contractors
Contact details provided and correspondence.
This information is given to us by you. It is used by us to fulfil contracts and engage in business discussions.
Our legitimate interests as a business in responding to and keeping a record of correspondence. Some information is also necessary for us to perform our contract – for example certain contact details.
Lawful Basis for Processing
Candidates
CV, contact details, reference information and correspondence.
This is information given to us by you or from third party referees. It is used to assess the suitability of candidates applying for a position with us.
Our legitimate interests of assessing the suitability of candidates applying for a position with us. Any health or other sensitive information is only collected if you have chosen to give it to us/consented or it is required for diversity monitoring.
How long do we keep your personal data for?
We keep your information only for as long as is necessary for the relevant purpose. For example, if we have a contract with you, this will be for 6.5 years after expiry in order to assist us with any contractual claims. We use a number of criteria for determining the retention period including obligations under law, our need to defend or bring contractual claims within the statutory limitation period and consideration of the original purpose we collected it for.
Who do we share your personal data with?
Data may be shared in the following circumstances:
- As explained above, if you are a client we only provide contact details, such as an email address and name, and, if applicable, a unique company code for the purposes of scheduling appointments with Coaches. Scheduling is done through secure service providers such as Cogsworth or Upvio.
- If clients are referred to us by third party organisations, in order to invoice that organisation for the fees, we may need to share aggregate statistics about use of the service – for example, that X number of coaching sessions have been provided for referred clients during Y period. We do not provide the organisation with client names or personal data but, depending on the circumstances (for example if they have only referred one client), the organisation may be able to infer that that client has taken up the service from aggregate information provided.
- Any personal data you provide to a Coach is provided to them directly and is not shared with us. Your Coach is responsible for their own processing of your personal data and will provide you with a privacy notice explaining their use and your rights.
- If required by law.
What happens if you do not provide us with the information we request or ask that we stop processing your information?
If you do not provide the personal data necessary, we may not be able to respond to your query or provide the service to you.
Do we make automated decisions concerning you?
Automated decisions are those made without human intervention that have a legal effect on you or other similarly significant effect (for example determining whether you are eligible for a job). We do not carry out this type of processing activity.
Do we transfer your data outside Europe?
We may sometimes transfer your personal data to countries outside the UK and European Economic Area, for example if we are using a supplier based elsewhere. You can find the list of member states by clicking on the following link: https://europa.eu/european-union/about- eu/countries/member-countries_en. The privacy laws in countries outside the European Economic Area and UK may be different from those in your home country. Where we transfer data to a country that has not been deemed to provide adequate data protection standards, we always have security measures and approved European model clauses or other adequate safeguards in place to protect your personal data. Please contact us if you would like more details about our safeguards for data transfers.
What rights do you have in relation to the data we hold on you?
By law, you have a number of rights when it comes to your personal data. Further information and advice about your rights can be obtained from the data protection regulator in your country. In the UK, this is the Information Commissioner.
Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we will come back to you and let you know.
Rights
What does this mean?
1. The right to be informed
You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this Privacy Policy. If you have any additional questions, for example regarding transfers and locations of data or our legitimate interests basis, do please get in touch.
2. The right of access
You have the right to obtain access to your information (if we are processing it), and certain other information (similar to that provided in this Privacy Policy).
This is so you are aware and can check that we are using your information in accordance with data protection law.
3. The right to rectification
You are entitled to have your information corrected if it is inaccurate or incomplete.
4. The right to erasure
This is also known as the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it. This is not a general right, there are exceptions.
5. The right to restrict processing
You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of people who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
6. The right to data portability
You have rights to obtain and reuse your personal data for your own purposes across different services. This is not a normal scenario for companies of our nature but if you have any questions, you can contact us.
7. The right to object to processing
You have the right to object to certain types of processing, including processing for direct marketing or where we are relying on ourlegitimate interests for processing.
8. The right to lodge a complaint
You have the right to lodge a complaint about the way we handle or process your personal data with your national data protection regulator.
9. The right to withdraw consent
If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful).
How can you contact us?
If you are unhappy with how we have handled your information or have furtherquestions on the processing of your personal data, contact us here: 85 GreatPortland Street, London, W1W 7LT, contact@bluerhythm.co.uk.