Contact Information

The HYP Space
Ashton Lane
Bishops Waltham
SO32 1FN

m. 07711 316985
www.thehypspace.com

The Hyp Space Ltd trading as The Hyp Space is a limited company, registered in England and Wales/Northern Ireland/Scotland. Company Number 13308714. The Data controller and Processor is Claire Wells

 

The Lawful basis for processing data

The basis on which we keep data is that of ‘Legitimate Interests’. This means that the data is necessary for us to fulfil the objectives of The Hyp Space and that it is data that would reasonably be expected for us to hold and use.

 

Data

The data we hold includes client information as provided on the paper forms required for treatment.

 

Sharing

Data is shared in the following circumstances:

  • With the client, if they request their personal records.
  • With our accountant who will see bank, credit card and Paypal records which will contain information that is submitted when making a payment. It asked we will redact identifiable data before sending it to the accountants.

The data is primarily used to enable us to provide the service that we have been engaged to provide. It may also be used for scientific and statistical purposes.

 

Where the data is held

Any emails are either help on a hard drive or are archived in cloud-based secure storage which in itself is GDPR compliant. Credit card information is shredded as soon as it proceeds. Standing order mandates are deleted as soon as payments commence.

Client data is kept for 7 years. After this time any paper records are shredded and computer records are permanently deleted.

 

Security

We take all the security of data seriously and as such:

  • All data is held securely (as detailed above).
  • Any sensitive data transmitted is sent encrypted where possible.
  • We are not in control of data (including emails) which are sent to us.
  • If there is any breach of data security, we will give full details to the Commissioner’s Office and any person affected within 72 hours of the breach and take any actions necessary to minimise potential impact.

 

Rights

Clients have rights with regard to the data held:

  • The right of access. We will provide all data we hold on you as soon as we can following a request (within 30 days unless impossible due to holiday, illness or pandemic).
  • The right to erasure. If a client request all their data is erased we will delete all computer records and shred any paper records.
  • The right to restrict processing. Correction of any errors as a stop-gap before erasure.
  • The right to data portability. This might apply if a client wants notes sent to another therapist. The easier option would be to grant the right to access, therefore the data would be sent to the client.
  • The right to object to. Processing based on legitimate interest or the performance of a task in the public interest/exercise of official authorities (including profiling). We do not engage in these things. Clients can opt out at any time.