Amber Valley Mediation is committed to protecting the privacy of our clients. We understand the importance you place on the privacy and security of information which personally identifies you, and we value our relationship with you. This document sets out our Privacy Policy and defines data processing of personal records in accordance with General Data Protection Regulations.
Scope
This policy is applicable to all areas processing personal records containing personal data at Amber Valley Mediation.
Responsibilities
DPO – Aileen Chapman
Privacy Policy Data Controller or Processor
If Amber Valley Mediation is provided with personal information under contract via a third party, it is likely we will be acting as a Data Processor or acting as Joint Controllers. If this is not the case, then Amber Valley Mediation will be acting as the Data Controller.
To progress your enquiry, we will ask for your consent based on your acceptance of this privacy policy and understanding how we process your personal data.
Collecting personal information
We ask you for personal data only when it is needed to provide services you have enquired about, or asked us to provide, or to respond to your requests for information.
We may collect, store and use the following kinds of personal information:
(a) information that you provide when requesting our service including your name, address, gender, date of birth, relationship status, health records, employment records and payment details;
(b) information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters;
(c) information that you provide to us when using the services, or that is generated in the course of the services we provide;
(d) information relating to any purchases of services or any other transactions that you enter into through our contact centre including your name, address, telephone number, email address and card details;
(e) information that you provide when responding to customer service feedback or complaints;
(f) information contained in or relating to any communication that you send to us, email or telephone calls (call recording) including the communication and content associated with the communication; and
(g) Information we receive from other sources. We may receive information about you from third parties. We also work closely with third parties (including, for example, solicitors, accountants, other professionals and any third-party affiliate) who may provide services on your behalf and we may receive information about you from them;
(h) payment data when purchasing services.
(i) where relevant information that may fall under special categories such as race, ethnic origin, politics, religion, trade union membership, genetics, health, sex life; or sexual orientation;
We may also record phone calls for the purposes of staff training, mitigation of disputes and the collection of consent from data subjects.
Using personal information
Personal information submitted to us through phone calls, emails or in person will be used for the purposes specified in this policy.
We may use your personal information to:
(a) administer business;
(b) pass information to the Legal Aid Agency for the purpose of auditing our services;
(c) enable your use of our services;
(d) send you information;
(e) process payments;
(f) send statements, invoices and payment reminders to you, and collect payments from you;
(g) send you non-marketing commercial communications;
(h) send you email notifications that you have specifically requested that form part of the service;
(i) send you our email newsletter, if you have requested it (you can inform us at any time if you no longer require the newsletter);
(j) provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information);
(k) deal with enquiries and complaints;
(l) We will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party’s direct marketing.
(m) All our financial transactions are handled through our payment services provider, Lloyds Bank plc. We will share information with our payment services provider only to the extent necessary for the purposes of processing payments you make, directly, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
(n) Data supplied by you for the purposes of our services is stored in paper form only and destroyed after 6 years.
(o) We do not use any automated decision-making processes or profile of you based on the data you provide.
(p) Information we receive from other sources. We may combine this information with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
Disclosing personal information
We may disclose your personal information to any of our employees, officers, insurers, professional advisers, consultants, agents, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this policy and in the delivery of our services.
We may disclose your personal information:
(a) to the extent that we are required to do so by law;
(b) in connection with any ongoing or prospective legal proceedings;
(c) in order to establish, exercise or defend our legal rights including providing information to others for the purposes of fraud prevention and reducing credit risk;
(d) to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
(e) to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
(f) except as provided in this policy, we will not provide your personal information to third parties.
International data transfers
We do not transfer any personal data outside of the EEA, should this requirement change then we will contact you again to obtain your explicit consent to the transfers.
Retaining personal information
This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information.
Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary. The retention period is based upon consideration of the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirements.
Without prejudice to other obligations set out in this policy or legal obligations, we will usually delete personal data falling within the categories set out below at the date/time set out below:
(a) personal and sensitive data including marital status, religion, race, gender, sexual orientation, dependants, dependants’ names, medical history, criminal history, property related details, financial status – debt, CCJ, nationality, employment status, employer details where relevant, to which you explicitly consent;
(b) when you ask us to erase your data compliant with GDPR Article 17;
Notwithstanding the other provisions of this policy, we will retain documents and records containing personal data:
(a) to the extent that we are required to do so by law;
(b) if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
There is no statutory period defined in legislation, so our retention period is based on the matter type with Amber Valley Mediation retention policy.
Security of personal information
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
We will store all the personal information you provide on our secure facility.
All communications via, payment transactions, electronic documents and database records will be protected by encryption technology.
You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
Amendments
We may update this policy from time to time by publishing a new version on our website.
You should check this page occasionally to ensure you are happy with any changes to this policy.
We may notify you of any changes to this policy by email.
Please let us know if the personal information that we hold about you needs to be corrected or updated.
Your rights
You may instruct us to provide you with any personal information we hold about you; provision of such information will be subject to:
(a) there is no payment required; and
(b) the supply of appropriate evidence of your identity for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank, plus an original copy of a utility bill showing your current address.
(c) We may withhold personal information that you request to the extent permitted by law.
(d) You may instruct us at any time not to process your personal information as permitted by law.
(e) You can instruct us to erase your data, compliant to GDPR Article 17.
(f) You have the right to lodge a complaint with the Data Protection Authority, if you consider your rights have been breached in anyway.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.
Note: The UK Data Protection Authority can be contacted on the following link: https://ico.org.uk/global/contact-us/
Third Party Websites
Our website includes hyperlinks to, and details of, third party websites.
We have no control over, and are not responsible for, the privacy policies and practices of third parties if you register with them independently. If you follow any link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.
Data protection registration
We are registered as a data controller with the UK Information Commissioner’s Office.
Our data protection registration can be found here: https://ico.org.uk
