Chatterminds Data Protection Policy

Chatterminds is committed to protecting the privacy, confidentiality and security of all personal information shared with us.

This policy outlines how personal information is handled, stored and protected in accordance with:

  • UK General Data Protection Regulation (UK GDPR)

  • Data Protection Act 2018

  • Relevant safeguarding and professional responsibilities

This policy applies to all personal information processed by Chatterminds, whether held electronically, verbally or in paper format.

Data Controller

The Data Controller for Chatterminds is:

Carol Powell
Founder, Chatterminds
Email: info@chatterminds.com

Information We May Process

Chatterminds may process personal information including:

  • Parent/carer contact details

  • Child names and dates of birth

  • Emergency contact information

  • Session notes and wellbeing observations

  • Educational, behavioural or emotional support information

  • Reports provided by schools or other professionals

  • Booking and payment information

  • Email correspondence and communications

Where appropriate, sensitive personal information relating to wellbeing or safeguarding may also be processed.

Lawful Basis for Processing

Personal information is processed under one or more of the following lawful bases:

  • Consent

  • Contractual necessity

  • Legitimate interests

  • Legal obligation

  • Safeguarding responsibilities and protection of vital interests

Sensitive information is processed only where necessary and appropriate safeguards are in place.

Data Protection Principles

Personal information is processed under one or more of the following lawful bases:

  • Consent

  • Contractual necessity

  • Legitimate interests

  • Legal obligation

  • Safeguarding responsibilities and protection of vital interests

Sensitive information is processed only where necessary and appropriate safeguards are in place.

Storage and Security of Information

Chatterminds takes appropriate technical and organisational measures to protect personal information.

These measures include:

  • Confidential documents are stored using secure, password-protected and encrypted cloud-based systems with access restricted only to authorised individuals.

  • Password-protected devices

  • Two-factor authentication where available

  • Secure handling of confidential reports and documents

  • Restricted access to personal information

  • Secure destruction of paper records

  • Careful management of email attachments and file sharing

  • Only individuals with a legitimate professional reason will have access to confidential information.

Sharing Information

Information will only be shared where:

  • Consent has been provided

  • It is necessary to support the child or family

  • There is a safeguarding concern

  • There is a legal or professional obligation to do so

  • Information is never sold or shared for marketing purposes.

Where possible, information sharing will be discussed with parents/carers beforehand unless doing so would place a child or person at risk.

Data Retention

Personal information is retained only for as long as necessary for safeguarding, legal and operational purposes.

When no longer required, records are securely deleted, destroyed or shredded.

Typical retention periods include:

  • Registration forms - 7 years after final session

  • Session notes - 7 years after final session

  • Financial records - 6 years

  • Safeguarding records - In accordance with safeguarding guidance

Data Subject Rights

Under UK GDPR, individuals have the right to:

  • Access their personal information

  • Request correction of inaccurate information

  • Request erasure where appropriate

  • Restrict processing

  • Object to certain processing

  • Withdraw consent where consent is relied upon

Requests should be submitted in writing to:

info@chatterminds.com

Data Breaches

 Any actual or suspected personal data breach will be investigated promptly.

Where required, breaches will be reported to the Information Commissioner’s Office (ICO) within the required legal timeframe.

Affected individuals will be informed where appropriate.

Staff Responsibility

Anyone handling personal information on behalf of Chatterminds is expected to:

  • Maintain confidentiality

  • Handle information securely

  • Follow safeguarding responsibilities

  • Report concerns or breaches immediately

  • Adhere to this policy at all times

Complaints

Carol Powell
info@chatterminds.com

Individuals also have the right to complain to the Information Commissioner’s Office:

https://ico.org.uk

Policy Review

This policy will be reviewed annually or sooner if legislation or working practices change.