Information Governance and GDPR Policy

This Information Governance and GDPR Policy outlines how Isn’t It Wonderful collects, stores, and protects client information in line with UK GDPR (2018) and the Data Protection Act 2018. This policy applies to all data held, whether in written, electronic, or other form.

Purpose and Scope

The purpose of this policy is to ensure that how isn’t it wonderful upholds the rights and freedoms of all clients by managing personal and sensitive information responsibly, lawfully, and transparently. This policy applies to all data processed by the practice, including client information, communications, and records of therapy sessions.

Data Protection Principles

In accordance with the principles of data protection, Isn’t It Wonderful to ensure that all personal data is:

      • Processed lawfully, fairly, and transparently.
      • Collected for specified, explicit, and legitimate purposes.
      • Adequate, relevant, and limited to what is necessary.
      • Accurate and, where necessary, kept up to date.
      • Retained only for as long as necessary.
      • Processed securely to prevent unauthorised access, loss, or damage.

    Lawful Basis for Processing
    Isn’t It Wonderful processes personal data under the following lawful bases:

      • To fulfil contractual obligations in providing therapy services.
      • To comply with legal obligations and professional regulations.
      • To protect the vital interests of clients or others where necessary.
      • With explicit consent from the client for specific purposes such as communication or testimonials.

    Data Retention and Disposal
    Client records, including session notes, consent forms, and correspondence, will be held securely for eight years following the final session, in accordance with CNHC and professional body guidance. Records relating to children will be held until their 25th birthday, or 26th birthday if aged 17 when treatment ends. After the retention period, paper documents will be cross-shredded and electronic files will be permanently deleted.

    Data Security
    All personal data held by Isn’t It Wonderful is protected through secure storage and appropriate safeguards:

      • Electronic data is password-protected and stored on secure devices.
      • Hard copy notes are kept in a locked cabinet within secure premises.
      • Any portable devices containing data are encrypted and password-protected.
      • Personal data will not be shared with third parties unless required by law or with client consent.

    Data Breach Procedure
    In the event of a personal data breach, Isn’t It Wonderful will comply with Article 33 of the GDPR. Any breach likely to risk the rights or freedoms of individuals will be reported to the Information Commissioner’s Office (ICO) within 72 hours. Clients affected will be notified without undue delay. A record of all breaches will be maintained.

    Client Rights
    Clients have the following rights under UK GDPR: 

      • To be informed about how their data is used.
      • To access their personal data.
      • To request correction of inaccurate information.
      • To request erasure of their data (‘right to be forgotten’).
      • To restrict or object to data processing.
      • To request data portability to another provider.
      • Requests should be made in writing to Isn’t It Wonderful and will be responded to within one month.

    Website and Cookies
    The isntitwonderful.com website may use cookies and analytics tools to improve user experience. Cookies collect non-identifiable information only. Users can disable cookies in their browser settings. Any information collected through the website will be used solely to respond to enquiries or improve services.

    Policy Review
    This policy will be reviewed annually or sooner if legislation changes. Isn’t it wonderful is committed to maintaining the highest standards of data protection and client confidentiality.

    Contact
    For any queries or to exercise your data protection rights, please contact:

    Isn’t It Wonderful
    Email: isntitwonderful@gmail.com
    Telephone: 07825185966
    Website: www.isnt-it-wonderful.com

    If you are unsatisfied with how your data is handled, you may contact the Information Commissioner’s Office (ICO) at www.ico.org.uk or call 0303 123 1113.