Privacy policy

 Privacy and confidentiality are extremely important to our work at The Sleep Sphere and we are committed to protecting your personal information. Therefore The Sleep Sphere is fully compliant with current General Data Protection Regulation (GDPR) guidance and is registered with the Information Commissioner's Office (ICO), Reference Number ZA762631.

 

How we obtain personal data: 

Personal data we obtain may include:

  • Information provided to us through the "Get in touch" form on the website

  • Information provided to us via email or social media.

  • Information discussed either in person, online (e.g. Zoom), or by phone. 

  • Information provided to us by a referrer (e.g. a healthcare professional or GP)  via formal letter, in person, by email or by phone.

 

What personal data we collect:

This will vary depending on the nature of the interaction and the relationship between you and The Sleep Sphere. We will collect:

  • Your name and address

  • Your email address and phone number 

  • Your date of birth and gender

  • Psychometric data (scores for pre-therapy questionnaires used as part of the assessment process and post-therapy questionnaires), and clinical information (medical history including current medications) that pertains to your insomnia therapy. 

For the electronic transfer of any sensitive information i.e. psychometric and medical history information, a specially-dedicated email server with end-to end-encryption (ProtonMail) and two-factor authentication will be used to ensure maximum personal data security. 

Further information on ProtonMail can be found at https://protonmail.com/

Note: end-to-end encryption means that no third party can read your emails and no IP logs that could be linked to your account are kept.  Encryption is the process of encoding data, making it unintelligible and scrambled to anyone snooping or monitoring data traffic.

The other Sleep Sphere email account is protected via two-factor authentication and random sequence generated passwords that are changed regularly.

 

Zoom sessions and GDPR

For Zoom sessions, all meetings will be passcode-protected, with the waiting room feature enabled as a further security measure. In addition, we guarantee no recording of any of our meetings, as we recognise that privacy is extremely important to you and an essential part of our service. 

 You can view Zoom’s privacy policy here https://zoom.us/privacy

 

How we use and store your data: 

Your personal information is used only to provide you with the best possible service. 

 For individuals, as part of your assessment, consultation and treatment, we will keep detailed assessment and treatment records. These are likely to be written notes and electronic records. Written notes are pseudonymised (a data de-identification procedure which represents good practice under GDPR, click here) and stored in a securely-locked filing cabinet. Electronic records are also pseudonymised, securely stored and password-protected. 

For companies, any information that you provide will be pseudonymised and stored securely either in paper format (locked cabinet) or as a password-protected electronic file.

 

Sharing data:

None of this information will be shared with any third party unless we have your consent to do so. 

The only exceptions to this rule are:

a) If we are required to share information by law

b) If your safety or that of someone else is at serious risk

Even in these unlikely cases, however, we will discuss the process with you in full. 

Crucially, we will never sell or lease your personal information to any 'third parties' (such as other companies, or marketing agencies). 

 

Feedback and testimonials

We really value feedback, both in terms of helping us improve our services and also to offer prospective clients the opportunity to hear more about what we do and how we do it. We are also grateful for the opportunity to use feedback as part of a testimonial, but we will always ask for your explicit consent before doing so and this can be anonymised if you so wish. Furthermore, you will always be able to rescind this consent at a later stage, including removing the feedback or testimonial from our records and the website.   

 

How long we store your data:

We will securely hold your details and session notes for 7 years following the end of treatment to comply with legal obligations. After this date, all data will be securely deleted.

 

The right to be forgotten:

You have the express right to have any or all of your personal information that we hold deleted or removed from our records. This is called ‘the right to be forgotten’.  We will need to make sure that the request has been made by the person to whom the information pertains and so we may ask some security questions to ensure that this is the case. 

Requests can be made directly to michelle@thesleepsphere.com

 

Requesting copies: 

If you could like to request a copy of your information or client record or any further information regarding your data, please contact us at michelle@thesleepsphere.com