Coaching that helps people feel better in themselves, in their lives and in their relationships with others.
PRIVACY POLICY
Some of the most important things for me as a business owner is that my customers can feel safe in how they are treated and in how I handle their personal information. In Consonance Communication, integrity and transparency are key words. Below, I describe how I work based on GDPR, the law that specifically concerns the handling of customers' personal data. Do not hesitate to contact me if you have any questions or thoughts based on this privacy policy.
What is GDPR and personal data?
GDPR is an EU law with mandatory rules for how organizations and companies must use personal data in an integrity friendly way. Personal data means any information which, directly or indirectly, could identify a living person. Name, phone number, and address are schoolbook examples of personal data. Interests, information about past purchases, health, and online behaviour is also considered personal data as it could identify a person. Processing data means collecting, structuring, organizing, using, storing, sharing, disclosing, erasing, and destruction of data. Each organization that processes personal data (which is every oganization with employees and customers) must ensure that the personal data it uses fulfils the requirements of the GDPR.
(This text is taken from GDPR Summary - An overview of the General Data Protection Act)
What kind of information I collect
This company receives, collects, handles and stores the information you actively enter on this website or that you send to me in other ways. When you sign up to subscribe to my newsletter or book a session, you give me access to your first and last name and your email address. When you book an email session, you provide information about yourself based on what you personally want me to know before our conversation. If the text you enter there will contain extra sensitive information such as your state of health, I recommend that you book a video session instead. Even you who book a video session will be asked in advance if there is anything you would like me to know before our conversation. This is voluntary information that I collect in order to respond to you in the best way and here too I recommend not writing about health conditions. When you pay for a video or email session, your payment information is stored. Which information it is depends on the type of payment method you have chosen. This can be your name, address, email address, phone number, card or account details.
How I collect information
When you carry out a transaction on this website, I will, as part of the process, collect the personal data you provice, namely your first and last name, email address and payment details.
- - - If you as a customer choose to pay via Stripe (= card payment), however, no payment detals are visible or reachable to me personally, except for your name, your email address, the last four digits of your payment card and the card's expiry date and cvc number.
- - - If you pay via PayPal, no payment information is visible or reachable to me, except for your name and email address.
- - - Even you who make a payment outside of this website (ie via Swish or Bankgiro) will need to fill in your billing information (name, email address, home address and phone number) when booking the session. This information isn't needed for the sake of payment, but because the booking system requires it for the booking to go through. This is something I cannot influence; it is how the system is constructed. The data ends up in the customer register and the list of orders on my website, which only I have access to, and I delete all data except your name and your email address from my customer register no later than 48 hours after your booking. I cannot remove the billing information from the list of orders, but it will be deleted two years after our last interaction. You have the right to request that all of your personal data be deleted from my customer register at any time.
Why I collect information
Your personal data is used solely to enable the execution of a payment for a booked session, a refund for a canceled session and/or to let you take part in the newsletter via email, if you have agreed to this. You who book an email session hereby consent to my using your email address to carry out our session. If you contact me via the contact form on the website or by emailing my company email, you thereby consent to me sending my reply via email. You aways have the right to withdraw consent.
For how long the information is stored
The personal data that is stored on this website based on the fact that you as a customer have purchased a session and/or contacted me via the website is saved for two years after our last interaction, unless otherwise agreed. If you have created an account on my website, your personal data will be saved there until you yourself delete it or close your account, until you ask to have your member profile deleted, or until the company Consonance Communication closes down, should this happen. This is because it is you who has actively chosen to create a member's account, and I want to respect this choice regardless of whether or not we have had contact the last two years. If you subscribe to my newsletter, your personal data will be saved for two years from the time you unsubscribe from the newsletter, from the time the newsletter ceases to be offered or until the company Consonance Communication closes down, if this were to happen sooner than that. You always have the right to request that your data be deleted from this website at any time. If you have paid for a session, part of your payment information is stored in my accounting system, Fortnox, and saved, according to the Accounting Act, for seven years. The information that is saved on the website among completed orders is saved for two years.
In my work I also keep memory notes, which are stored in the TerapiJournal documentation system. These notes are saved for two years after our last session unless otherwise agreed. You have the right to request access to the notes at any time or to have them deleted within 10 days. If you have booked an email session, within 48 hours I will enter what you have written in TerapiJournal and then delete the email from my inbox. (I will then formulate my answer to you as soon as I have the opportunity, within a week at the most.) The same applies to my answers to you in our ongoing email session.
Other messages I receive to my company email, either you email me directly or contact me via the contact form on the website, are handled within 48 hours. After I have responded to your message, the email conversation is deleted and if it contains information that should be preserved, it is entered into TerapiJournal. All emails that are deleted are also removed from the email trash. During holidays it may take a little longer for me to respond to messages and delete emails, but my intention is that my company email should never be used as storage space but only as a means of communication. Please see the point "The use of subcontractors" below and read further in my register list to see how long information is stored with my subcontractors.
The use of subcontractors
In order to offer online sessions, I use services and programs provided by a number of companies and systems (= my subcontractors). These companies and systems have access to all or part of the personal data I collect in my work. Some of the subcontractors become personal data controllers (= they take over the handling of my customers' personal data) while others become personal data assistants (= they handle my customers' personal data on my behalf). According to the GDPR, as a business owner, I am obliged to ensure that these systems and/or companies whose services I use handle my customers' personal data in a way that meets the requirements of the GDPR. These companies also have a legal obligation to comply with the GDPR and are in turn responsible for how their possible subcontractors or partners handle data. As an entrepreneur, I have acted in various ways to ensure that my customers' personal data is handled securely. It may be that I have drawn up a so called PUB agreement (a personal data processor agreement) with a subcontractor or, in cases where PUB agreements are not applicable, that I have had direct contact with the company regarding data security issues and/or that I have gone through their data security document or privacy policy. You can read more about what my cooperation with each of my subcontractors looks like in my register list.
How I communicate with my website visitors
In the event that I contact you, it will be via email. In that case, it may be that I become aware of a possible problem with your account here on the website, to confirm a refund, as confirmation if you have booked a video session, as a response if we have an ongoing email session or if you have contacted me via the website/email, or to send out my newsletter, if you have agreed to this. Any offers or customer benefits will be shared in my newsletter and on social media. I will not send out any other emails (apart from my newsletter) or otherwise use my customers' personal information solely for the purpose of marketing. If you have booked a video session with me, our medium of communication will be Zoom. If for any reason you wish to be contacted by a means other than email or video, such as by phone, I will be happy to accommodate this, but I will not contact you by phone unless we have agreed to do so first .
How I use cookies on my website
I use cookies on my website to enable security and functionality and to be able to offer online services. I do not use cookies for analysis or marketing. Since I have added a so-called "cookie banner" (the menu at the bottom of the screen that pops and asks if you approve the use of cookies), all non-necessary cookies are automaticaly disabled until you as a visitor give your consent. There are a couple of apps that are not made by Wix and whose service I use in my work. Wix cannot vouch for how these manage their cookie settings on my website, but the developers of these apps have entered into an agreement with Wix and thereby have obligations related to privacy regulations (including respecting my visitors' cookie choices). If you accept all cookies on this website, you also agree to this. The first time you visit this website and accept or reject certain cookies, these cookies settings will be saved. If you wish to change your settings, please clear your browser cookies. The next time you visit this website, you will then again see the cookie banner and be asked to manage cookies again.
What are my rights as a customer?
Based on the GDPR, you as a customer always have...
... the right to information when your personal data is processed (for example, for what purposes the data is processed, the legal basis for the processing, how long the personal data will be stored, who will have access to it, whether the data will be transferred to a so-called third country (countries outside the EU/EEA);
... the right to submit complaints to IMY, Sweden's national supervisory authority for the processing of personal data (Integritetsskyddsmyndigheten | IMY);
... right of access to the personal data that is processed (for example, which categories of personal data are processed, what the data is used for, how long it will be saved, with whom the data has been shared and where it comes from);
... the right to have incorrect information corrected;
... the right to ask for your personal data to be deleted (which they need to be done, for example, if they are no longer needed for the purpose for which they were collected, if you withdraw your consent, if the data has been processed unlawfully, if the data concerns children and the creation of a profile in a social network);
... in certain cases the right to demand that the processing of personal data be limited;
... the right to object to the data controller's processing of your personal data (for example, if the processing is carried out in the public interest or if it is used for direct marketing);
... right to data portability, to obtain and use your personal data elsewhere, for example in another social media service;
... right not to be subject to automated decisions.
(The points are summarized based on information on IMY's website, www.imy.se or the Privacy Protection Agency | IMY.)
And as mentioned above, please don't hesitate to get in touch if you have any questions or comments based on this privacy policy. The easiest way to reach me is via the contact form on the website or by emailing me at contact@consonancecommunication.com.