Who are Mable Therapy?
We are Mable Therapy Limited, registered in England and Wales under company number 09529674 and have our registered office address at 85-87 Bayham Street Camden London NW1 0AG. Mable Therapy provides Speech and Language Therapy services to children and young people between the ages of four and twenty-five.
Why does Mable Therapy need my data?
- In order to provide a high standard of clinical service, Mable Therapy Limited may need to obtain information from the client, from parents/carers and from those working directly with the client in a professional capacity.
- This information is used for the administration of services to the parent/carer and for the purpose of keeping Mable Therapy LTD accounts and records.
- Mable Therapy Limited takes the protection of your personal data very seriously. That is why we ensure that all personal data relating to pupils, parents, and the staff is collected, stored and processed in accordance with the General Data Protection Regulation (GDPR) and the expected provisions of the Data Protection Act 2018 (DPA 2018) as set out in the Data Protection Bill. This policy applies to all personal data, regardless of whether it is in paper or electronic format.
- This policy meets the requirements of the GDPR and the expected provisions of the DPA 2018. It is based on guidance published by the Information Commissioner’s Office (ICO) on the GDPR and the ICO’s code of practice for subject access requests. It meets the requirements of the Protection of Freedoms Act 2012 when referring to our use of biometric data
What information does Mable Therapy need?
- Mable Therapy processes personal data relating to pupils, school staff, parents and other health and social care professionals.
Information obtained from the parent/carer and other sources during treatment include personal details, details relating to family lifestyle and social circumstances, education and training and employment.
- This information may be shared with the parent/carer, relatives, other healthcare or education professionals with the client and/or parent/carer permission.
- Our lawful basis for processing and storing personal information is one of ‘legitimate interest’ under section 6 of the General Data Protection Regulations (GDPR). We cannot adequately deliver a service to clients without processing their personal information. As it is both a necessity for our service delivery and of benefit to the client. We have a legitimate interest to process and store their data.
- Data relating to an individual’s health is classified as ‘Special Category Data’ under section 9 of the GDPR. The regulations specify that health professionals who are ‘legally bound to professional secrecy’ may have a lawful basis for processing this data. Speech and Language Therapists are legally bound to keep client information confidential and it is under this condition that we process and store personal information.
- Speech and language therapy staff employed and subcontracted by Mable Therapy are registered with the Health and Care Professions Council (HCPC), they are members of the Royal College of Speech and Language Therapists (RCSLT). They are subjected to an enhanced DBS check when employed with the company which is updated every three years.
How does Mable Therapy collect data?
When you register as a user on our sites you are providing us with personal information. As such you should not allow others to access your account, for example by sharing your login details with a colleague. All members of your school are entitled under the licensing agreement to set up their own account which they can do on the sites or by contacting the Mable representative within your school or contacting the Mable team on 0800 024 8646
Information is also provided to Mable Therapy and collected when:
- Inputting client data at app.mable.co.uk
- Through telephone conversation with account managers and clinicians
- Through email, SMS messages and engagement with our social media channels.
- Signing up to access free content or to receive newsletters
All of this information is provided directly by you. If you decide not to provide relevant information, this may hinder our ability to respond to your visit to our website efficiently and may mean that we will not be able to take any further action to support your enquiry.
Information is also collected when:
Visiting our websites
We want to inform you that whenever you visit our websites, we collect information that your browser sends to us that is called Log Data. This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser version, pages of our websites that you visit, the time and date of your visit, the time spent on those pages, and other statistics.
- Cookies are files with small amount of data that is commonly used as an anonymous unique identifier. These are sent to your browser from the website that you visit and are stored on your computer’s hard drive.
- Our website uses these “cookies” to collect information and to improve our Service. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your computer. If you choose to refuse our cookies, you may not be able to use some portions of our Service.
- If you would like to know more about cookies, including flash cookie and local storage devices, the following websites provide useful information: www.allaboutcookies.org, and www.youronlinechoices.eu
How does Mable Therapy store data?
Data security and storage of records
We will protect personal data and keep it safe from unauthorised or unlawful access, alteration, processing or disclosure, and against accidental or unlawful loss, destruction or damage. In particular:
- Paper-based records and portable electronic devices, such as laptops and hard drives that contain personal data are kept under lock and key when not in use
- Mable Therapy electronic records are kept on encrypted EU servers
- Mable users are authenticated when logging in by personal usernames and passwords. There are different levels of authorization depending on the level of user permission.
- Mable uses industry-standard security technologies such as HTTPS support, secure RTP, HTTP authentication, secure WebSockets and application level authentication using tokens in order to ensure secure video streaming.
Disposal of records
- Client data is kept in accordance with the Standards of Conduct Performance and Ethics from the Health Care Professionals Council. The SCPE are the standards we set for all the professionals stating terms our expectations of their behaviour and conduct. Importantly, for service users, they outline what the public should expect from their health and care professional.
- Personal data not belonging to clients and that is no longer needed will be disposed of securely.
- Personal data that has become inaccurate or out of date will also be disposed of securely, where we cannot or do not need to rectify or update it. For example, we will shred or incinerate paper-based records, and overwrite or delete electronic files.
Who does Mable Therapy share information with?
We may employ third-party companies and individuals due to the following reasons:
- To facilitate our service;
- To provide the service on our behalf;
- To perform service-related tasks; or
- To assist us in analysing how our service is used.
We want to inform our service users that these third parties have access to your personal information. The reason is to perform the tasks assigned to them on our behalf. However, they are obligated not to disclose or use the information for any other purpose.
Unless we are required to do so by law, or for child safeguarding purposes, we will not disclose any personal information collected by any person other than as set out above.
How can I access my data?
Subject Access Request
Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of some or all of the personal data we hold about you and to check that we are processing it lawfully.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below) or where we may have processed your information unlawfully. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to the processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it has an impact on your fundamental rights and freedoms. You also have the right to object if we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us.
Children and subject access requests
- Personal data about a child belongs to that child, and not the child’s parents or carers. For a parent or carer to make a subject access request with respect to their child, the child must either be unable to understand their rights and the implications of a subject access request or have given their consent.
- Children below the age of 12 are generally not regarded to be mature enough to understand their rights and the implications of a subject access request. Therefore, most subject access requests from parents or carers of pupils at our school may be granted without the express permission of the pupil. This is not a rule and a pupil’s ability to understand their rights will always be judged on a case-by-case basis.
- Children aged 12 and above are generally regarded to be mature enough to understand their rights and the implications of a subject access request. Therefore, most subject access requests from parents or carers of pupils at our school may not be granted without the express permission of the pupil. This is not a rule and a pupil’s ability to understand their rights will always be judged on a case-by-case basis.
Responding to subject access requests
When responding to requests, we:
- May ask the individual to provide 2 forms of identification
- May contact the individual via phone to confirm the request was made
- Will respond without delay and within 1 month of receipt of the request
- Will provide the information free of charge
- May tell the individual we will comply within 3 months of receipt of the request, where a request is complex or numerous. We will inform the individual of this within 2 weeks, and explain why the extension is necessary
Thank you for visiting our website.