Bee Inspired Coaching
Bee Inspired are committed to protecting the rights and privacy of it’s associates and clients, in compliance with The Data Protection Act and UK GDPR (2018).
Who we are
Data is collected, processed and stored by Bee Inspired Coaching Ltd, registered in England and Wales under 14252955.
We are what is known as the ‘data controller’ of the personal information you provide to us.
The person responsible for Data Protection within our organisation is Micha Reynolds, she can be contacted at email@example.com.
Individual Client - Individual (learner or staff member) receiving one to one coaching or counselling
Business Client - Education organisation making the referral and claiming funding for support services
ICO - Information Commissioners Office
Associate Coach - Freelance coach delivering coaching services on behalf of Bee Inspired.
Associate Counsellor - Freelance counsellor delivering counselling services on behalf of Bee Inspired.
Associates - Freelance Coach or counsellor delivering support services on behalf of Bee Inspired.
Bee Inspired needs to process certain associate and client information for various purposes such as, but not limited to:
Recruitment and payment of associates
Individual client referral and onboarding
Individual client session attendance and absences for invoicing and funding purposes
Individual client private session notes
Depending on your involvement with the business, will influence the information we require from you.
Types of data we hold
The exact information we require from you will differ depending on your involvement with Bee Inspired Coaching Ltd. There are two types of data we may hold about you:
Personal Identifiable Information (PII)
Sensitive Personal Identifiable Information (SPII)
All personal and sensitive information discussed during support sessions
Sources of information Collection
Information may be obtained about you from a number of sources, including:
You may volunteer information about yourself verbally or in writing
You may provide information relating to someone else, if you have the authority to do so
Information may be passed to us by a third party, typically from:
One of our business clients (referral company)
Bee Inspired Associate
From a parent in the form of a parental consent form (Under 18’s individual clients)
Referee provided by you (associates only)
Disclosure baring service (associates only)
All Bee Inspired related data is stored securely using Google Drive. This platform comply’s with GDPR and encrypts information at rest and transit. All information is to be managed centrally here. Therefore, associates do not have permission to store any information locally on their personal devices or clouds.
All associates complete annual mandatory Data Protection & GDPR training.
An up to date data controller template is maintained, containing details of all data held.
Associates are required to utilise a strong password, rotated every 90 days.
Associates are required to deliver support sessions in a suitably secure and confidential setting, being mindful of others overhearing. For example, a coffee shop would not be an appropriate place to deliver client sessions.
When working on administrative tasks, including client notes. Associates are required to lock laptop screens when left attended.
All hand written notes must be stored securely in a locked cabinet.
When an associate leaves the business, they are required to hand over access of all personal documents.
In the circumstance of a new client referral, the clients name and email address will be distributed to the associate coach or counsellor of choice.
Individual client name and number of attended or missed support sessions will be distributed to the business client on a monthly basis for funding reasons. No other information will be shared, except in the circumstance of a safeguarding concern that exceeds the data protection principles.
Associate safer recruitment checks such as DBS pass status and relevant safeguarding training certificates will be shared with the DSO of business client for their quality assurance checks.
Personal client information will remain strictly between associate and client, except in the circumstances of a safeguarding concern, or change in associate (in which case prior permission will be sought).
All data is collected for the purpose of the effective delivery of our services in line with best practice. Information will be stored securely and remain strictly confidential between individual client and their associate, except in the following circumstances:
A safeguarding concern exceeds data protection (as per safeguarding policies)
An individual client switches associate coach or counsellor
A subject access request is raised
A complaint is raised
All client and associate records will be retained for 3 years, to comply with insurance requirements. Following such time, data will be disposed of appropriately.
A data breach includes any breach in security resulting in accidental or unlawful deliberate destruction, loss, alteration, unauthorised disclosure of, or access to data. Personal data breach’s can cause severe emotional, physical and material damage to individuals and businesses. Therefore, must be dealt with appropriately, considering the severity and risk to an individuals rights and freedoms. In the unfortunate event of an actual or suspected Data Breech, Bee Inspired Coaching Ltd will inform the individual client, business client and associate coach involved. As well as make contact with the ICO for further guidance.
What are your rights?
The legislation places a responsibility on all data controllers within an organisation to follow the eight data protection principles:
Data Protection Principles
1. Process personal data fairly, lawfully and transparently
2. Process data for a specific and lawful purpose
3. Ensure data is processed in a way that is adequate, relevant and limited to only what is necessary for the purpose stated above.
4. Ensure records remain accurate and, where necessary, kept up to date
5. Only keep personal data for as long as is necessary
6. Process personal data in accordance with the rights
7. Ensure data is processed with appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.
7. There is stronger legal protection for more sensitive information, such as:
Clients and associates have the following rights to access information held about them and can request access to these rights both verbally and in writing.
Individuals have right to access all data we hold about them via a subject access request
Individuals have the right to know what data we hold, why we hold it, how that data is stored, collected and disrupted.
8 GDPR Rights
The right to be informed – to know what data we hold about you and what we do with that data.
The right of access – to be able to request a copy of the data we hold about you.
The right to rectification – to be able to have inaccurate data corrected.
The right to erasure – be able to ask us to delete or destroy your data.
The right to restrict processing – be able to limit the amount or type of data used.
The right to data portability – to request to move your data electronically to another business.
The right to object – to request us to stop processing your personal data.
The right to avoid auto-decision making -
Subject Access Request
All subject access requests need to be made to firstname.lastname@example.org and will be responded to within 30 days.
If you would like to raise a concern or complaint on the use of your personal data, please contact Micha Reynolds at email@example.com for further investigation.
Alternatively, if you are not satisfied with her response or believe your data has been processed unlawfully, you may make a complaint to the Information Commissioner’s Office (ICO).