Privacy and Data Protection Policy
Ace Music Therapy CIC is aware of its obligations under the General Data Protection Regulation (GDPR) and the Data Protection Act and is committed to processing your data securely and transparently. The privacy and data protection policy explains, in line with GDPR, the types of data that we hold on you as a customer receiving music therapy services or subscribing to our newsletter to receive information on music therapy services. We are registered as a Data Controller with the Information Commissioner’s Officer reference number ZA567555.
This policy explains how we use your data, how long we keep it for and other relevant information. We encourage you to read this policy carefully and contact us if you have any concerns.
What information do we collect?
Ace Music Therapy CIC collects both personal information and where relevant, sensitive data about you. Personal information means any information relating to an identified or identifiable person.
The personal Information we collect includes:
- your name, address, date of birth, email address and contact telephone numbers
- your gender
- your medical history, current diagnosis and health
- name, addresses and contact details of other professions involved in your care (if this is included in the referral form)
- details of any correspondence we have had with you
- your bank account details if you are paying for our services
The sensitive data we collect includes:
- The reason for referral to our services
- Session note records and sensitive data from therapy or community sessions you have attended (including date, time and session length)
- Photos, videos or other images recorded during music therapy sessions
- Other information that you, a family member or carer shares with us that is not strictly relate to the services we provide.
Anonymous information – cookies
Online music therapy sessions
When conducting online music therapy sessions we may store information including:
- Names and locations of individuals connecting through online music therapy sessions
- Duration (minutes) of online music therapy sessions
- Software used
When do we collect your personal data?
- You contact us via telephone, email or post to enquire about our services
- You subscribe to our email newsletter
- You have consented to be filmed or photographed during a music therapy session or at one of our events.
When do we collect your sensitive data?
- You or someone on your behalf sends us a completed referral form for music therapy sessions
- An assessment, progress or closing report is written about the music therapy sessions you have received
- We contact another health professional regarding your care
How do we store your data?
Personal data is stored within our secure, password protected, IT systems. Sensitive data is also kept within our secure, password protected, IT systems which are regularly backed up.
Some staff members may keep records of their sessions in handwritten notebooks, if this is the case these are stored in locked cabinets.
How do we use your personal information?
- To process your referral before you receive music therapy services from us
- To provide you with music therapy services
- To raise invoices (where relevant)
- To provide you or your referrer with relevant documentation or reports
- To inform you of events or news relating to Ace Music Therapy CIC if you have opted for this
- To publicise the music therapy work we are doing (with your consent)
How do we use your sensitive information?
- To carry our an assessment of need for our services
- To liaise with other health professionals regarding your referral (where appropriate)
- To carry out appropriate risk assessments prior to services commencing
- To keep a weekly record of sessions received
- To manage the services you received from us, i.e. making ongoing recommendations and discharging into other services
When do we share personal data?
Your data will be shared with relevant staff members within Ace Music Therapy CIC where necessary for them to deliver services to you.
We may also share your data with third party professionals as part of delivering and monitoring the services we provide you with and in your best interests. This may include other health practitioners or those you have consented to us contacting.
When sharing the information with third parties we will ensure that:
- it is necessary to share the information
- we have your consent and permission to do so
- we only disclose relevant information
- third parties ensure the security of your data and commit to keeping it confidential.
In some cases, in accordance with the law, we may disclose your information without your consent if it is justified as necessary to protect public safety or prevent harm to other people.
We may also take appropriate action and share your information with local authorities or police if we have concerns about your safety or well-being. In this situation, the information will be shared in accordance we the Company’s safeguarding policy.
We do not share your data with bodies outside of the European Economic Area.
Protecting and securing your data
We understand the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. Your personal and sensitive data is treated confidentiality. Music therapists who process and store your data are registered and regulated by the Health Care Professions Council (HCPC). In accordance with HCPC guidelines we will take reasonable steps to keep information about you safe by:
- Making sure we have your consent if we are passing on your identifiable information or personal data (unless we need to protect public safety of prevent harm to others)
- Getting express written consent if we are using your information for a reason not relating to the services you receive (i.e. teaching, education, supervision)
- Only disclosing a minimum amount of information if and when necessary
- Telling you we have shared your information where practical and possible
- Keeping session notes and disclosure records on secure password protected devices or in the case of hand written notes keeping these in locked cabinets.
- Keeping up to date with relevant law and good practice guidance.
How long do we keep your personal data for?
In line with data protection principles, we only keep your data for as long we as need it for, which will be at least the duration of your receiving our services. We will keep your data for some time after you have finished receiving our services in accordance with HCPC guidance.
When your data is destroyed, Ace Music Therapy CIC will follow steps to put your data beyond use. This means that the data controller commits to the permanent deletion of the information and will not pass it on to any other organisation or person.
Your rights in relation to personal data
The law on data protection gives you rights in terms of the data we hold on you. These are as follows:
- The right to be informed. In other words we must tell you how we use your data
- The right of access. In other words you have a right to access the data we hold on you. To do so you should make a Subject Access Request, please email firstname.lastname@example.org for more information on how to do this.
- The right for any inaccuracies to be corrected.
- The right to have information deleted. If you would like us to stop processing your data you can ask us to do so.
- The right to portability. In other words you can transfer the data we hold on you for your own purposes.
- The right to object to the inclusion of any information.
Where you have consented to our use of your data, you also have the right to withdraw your consent at any time. Withdrawing your consent means that we will stop processing the data you previously consented to us using. There will be no consequences for withdrawing your consent. However in some case, we may continue to use the data where so permitted by having a legitimate reason for doing so.
Third party content on other websites
We do not take responsibility for any information or content on linked third party or partner company websites.
How to contact us
If you would like more information on our privacy practices, your personal information, or if you wish to file a complaint please contact the data controller:
Ace Music Therapy CIC
184 Watson Heights