GDPR Compliance Policy

Version 22.05.18

Trust is central to both our values and the nature of our services.
Our aim is to be a trusted partner to our clients and potential customers. We want you to feel assured that any data relating to you will be totally secure and confidential and not misused in any way.
We also wish to ensure that all our policies, practices and processes are totally transparent to you, in accordance with the General Data Protection Regulations (GDPR).

Psychologica provide development support to individuals, teams and organizations and, in the provision of our services, we regularly handle information of a personal and sensitive nature, in addition to straightforward customer and client details.

As such we conform to best practice and ethical guidelines on client confidentiality and in our management of personal and confidential information – both paper-based and electronic.ⁱ

Our policy is always to assure confidentiality and security of personal data, though our practices vary according to the type of data in question. The types of data we hold, and the practices we employ, are as follows:

Coaching and Consultancy

The nature of this work involves gathering sensitive information with regards to organizational clients, their employees, and private individuals (all referred to as clients in this policy).
Confidentiality agreements are made with all types of clients, as part of any formal or informal contract of work (which refer to this policy in terms of data management).
Separate agreements are formed with organizational employees regarding the degree to which any personal data or information may be shared with their organizational employer (when this is the ‘commissioning client’). This may be in the form of a written contract (e.g.: for coaching assignments) or a verbal agreement (e.g.: in group workshop scenarios).
Written notes may be taken during such individual or organizational assignment, as aids to service delivery. These are kept for a period of up to 7 years – to refer to in the case of subsequent follow-on work – in secure storage on our premises.
These may only be accessed by the coach or facilitator in question who, as individuals, also follow the same ethical guidelines and this policy.
Some notes, in the form of client reports, may also be stored as electronic data and will also be kept for a maximum of 7 years.
After this period all such data is deleted and all documentation is disposed of, either by ourselves on the premises (i.e.: shredded) or by a professional document disposal organization with their own security and confidentiality policies.

Psychometric Data

Psychologica also provides psychometric services, using our own secure cloud-based project management platform.
Psychometrics are available both to clients, managed by ourselves, and via registered Psychologica Practitioners who have access to our on-line survey management platform.
Such practitioners agree to meet our data protection requirements, as part of their contract with us, and have also committed to maintaining their own data protection and confidentiality policies.
Psychologica employs IT specialists to maintain the site and provide client support.ⁱⁱ This operates at system level and does not allow access to practitioner accounts or their client data.
Client data may include content and results of electronic surveys assessing such things as: personality characteristics; attitudes and opinions; behavioural abilities and skills.
Such individual data is stored in electronic format on the platform or produced in report format in downloadable PDFs. These are only made available to specified individuals, as agreed with the participating client during any coaching or other developmental assignment.
Hard copy documents are treated as described above.
Electronic data is also kept for a period of up to 7 years and then deleted from the platform. The same requirement is made of any Psychologica Practitioners, regarding how they manage the data they have collected.
All electronic data is stored in a secure data storage facility, within the EU, using dedicated VPS servers at ‘Tier 3’ level of security. Such data is only downloaded onto physical devices (i.e.: PCs) in the form of output reports for client use.
Access to the project management platform is only through use of individual usernames and private passwords. Neither Psychologica, nor our IT support services, have access to such passwords.
Registered practitioner clients may purchase and manage psychometric products through the platform using our credit unit system. This is mediated by an online payment system providerⁱⁱⁱ who maintain their own security systems and data protection policies and practices. Psychologica fulfils their security compliance requirements as part of an annual audit.
Psychologica may also take payment for online products over the telephone, using the online interface managed by the same provider. This is only conducted by trusted employees on our own premises.
Practitioner financial details (such as credit card information) are entered manually, using the online form provided. No such individual financial information can be accessed once the payment request has been submitted.
No individual financial information is written down or stored in any other way.

Customer and Client Details

Psychologica keeps contact details regarding all clients or ‘opted in’ enquiries.
Such details are retained for purposes of communication and to enable service delivery only.
Contact details are stored electronically using secure software (Microsoft Outlook)
Client contact details are never shared with any third party unless this is a sub-contractor, associate or partner working on a specific contract. Again, any such third-party provider is required to agree to our policy and is expected to maintain their own data protection policy also.
Electronic data is only stored on PCs on our premises or in a secure ‘cloud’ facility (such as Microsoft 365 ‘One Drive’).
All such devices or cloud storage facilities are password protected.

Potential Customer Details / Mailing Lists

Psychologica collects and stores contact information from individuals or organizations who have expressed an interest in our services and provide this information voluntarily. This may be through exhibitions, advertising, word of mouth, in response to articles, through LinkedIn networks, and so on. We do not use ‘cookies’ on our websites or track on-line visitors, or service/product users, in any way.
All such information is stored using Microsoft Excel and only on our own password-protected PCs on our own premises.
Psychologica contact our list of interested clients and potential clients from time to time with details of our services, activities, product development, and special offers.
Email addresses for such clients and potential clients are also stored on mailing lists located ‘in the cloud’ within a secure database with assured and stringent data-protection policies and practices in place.^iv
All promotional emails refer to our data-protection policies and GDPR compliance.
All email contacts invite recipients to either ‘opt-in’ to our mailing list, using a web-based form on our website, or ‘opt-out’ by clicking on a link within the message.
Any such ‘opt-outs’ are removed from both our online and excel databases.
If we receive no response from any such potential client after three such mail-outs we automatically remove them from our mailing list.
Neither our mailing list, nor any other information on our clients or potential clients, is ever, or will ever be, shared with any third party (other than with express consent of the individuals or organizations involved).

Research Data

As psychologists we conduct research, on behalf of clients, in the development of new products, for purposes of continual product improvement (validation), and in the pursuit of new knowledge.
Client data may be used for research purposes. In such cases all data is anonymized and aggregated, prior to any statistical analysis. This means that no data can be ascribed to any individual.
Any such data is stored electronically in numerical form, as ‘population data’, and conforms to the same levels of security as other data described above.

This policy is available for review on our website and is referenced in all relevant documentation. With live links provided as appropriate within any electronic media.

ⁱPsychologica Ltd conform to the ethical guidelines of the British Psychological Society and the Association for Coaching
ⁱⁱAuriga Baltics
ⁱⁱⁱWorldpay
^ivReachmail Inc