The Grief Doctor – Privacy Policy

1. About this Privacy Policy
2. Our legal basis for collecting personal data
3. What data do we collect?
4. What we do with the data we process
5. Your rights in relation to your personal data
6. Security
7. Web browsing and Cookies
8. Links to other websites

1. About this Privacy Policy

1.1 This privacy policy sets out how The Grief Doctor (‘the Company’) processes personal
data (that is, information about an individual or by which an individual can be identified) that
we collect in the course of our lawful activities, in accordance with the Data Protection Act
2018, the UK General Data Protection Regulation and any related or subsequent legislation or
regulations (the ‘Data Protections laws’). The Grief Doctor is a company registered at
Companies House in England with company no. 15544116, having its registered office at
Spitalfields House, Stirling Way, Borehamwood, Herts, United Kingdom, WD6 2FX.

1.2 This policy has been put in place to protect your rights under the Data Protection laws,
and it is important that you understand what we do with your data and agree to this. If you
have any questions about this policy, you can write to us at [email protected] or at
the above address, marked for the attention of the Data Protection Officer. Please note that
some data protection related requests must be submitted in writing.

1.3 Your principal rights under the Data Protection laws are:
 The right to access;
 The right to rectification;
 The right to erasure;
 The right to restrict processing;
 The right to object to processing;
 The right to data portability;
 The right to complain to a supervisory authority; and
 The right to withdraw consent.

See also section 5, below,

1.3 The Company is the ‘data controller’ for the purposes of this policy, unless stated
otherwise. We are committed to ensuring that your privacy is protected and this policy extends
to the processing of your data by our staff and anyone processing data on our behalf.
Any personal data collected by the Company will only be processed in accordance with this policy.
References to the processing of information includes the collection, use, storage and
protection of data.
This policy was reviewed in March 2024.

2. Our legal basis for collecting personal data

2.1 Organisations are permitted to process data if they have a legal basis for doing so. The
legal basis for processing your data will depend on the purpose for which it was collected or is
retained.

The Company processes data on the basis that:
 Express and informed consent has been given by the person whose data is being
processed; and/or
 The Company has a legitimate interest in processing data; and/or
 It is necessary in relation to a contract or agreement which the person has entered
into or because the person has asked for something to be done so they can enter
into a contract or agreement; and/or
 The Company has a legal obligation to process data.

2.2 Where the Company is relying solely on consent as the basis for processing data, we are
required to obtain your explicit consent and you can modify or withdraw this consent at any
time by notifying us in writing, although this may affect the extent to which we are able to
provide services to or interact with you.

2.3 Each person’s personal data belongs to them, whatever their age, but children’s data
has to be protected particularly carefully. Where a child (someone under the age of 18) who is
over the age of 13 has the mental capacity to have some understanding of the decisions being
made about their data and their rights, they should be included in any such decision and,
where consent is required, theirs should be obtained.

2.4 The Company may change this policy from time to time and any such changes will be
published on our website. Notwithstanding any change to this policy, we will continue to
process your personal data only in accordance this policy, our legal obligations and, where you
have communicated them to us, your preferences.

3. What data do we collect?

3.1 We collect the data necessary for the Company to pursue its legitimate activities,
including supporting those who are bereaved or who are counselling the bereaved. Data
collected and processed may include, but not be limited to information in electronic or hard
copy format such as:
 Names, job titles, contact information such as telephone numbers, email and postal
addresses;
 Information necessary to receive or make payments, whether to or from staff,
suppliers, contractors or others;
 Information regarding clients, service users, stakeholders and others relating to
service provision, participation in activities or attendance at events, administration
and other engagement with us, such as is relevant and necessary in order for us to
provide services to those who engage with us, carry out our activities and legal
obligations;
 Information necessary to keep children and vulnerable people safe from abuse;
 Photographs or video which may, where necessary permission is obtained or not
withheld, be used for marketing or promotional purposes;
 Such other information as may be relevant and necessary for the Company to
employ staff, work with service providers, partner with other organisations, hold
events, run its programmes and activities, and promote and publicise its work.

3.2 If and to the extent that any of this data includes special category data, such as
information about health, ethnicity, faith, political affiliation or sexual orientation, additional
safeguards may apply.

3.3 We may collect data when you contact us through our website or by other means,
apply for assistance, subscribe for updates or newsletters, attend an event or otherwise
engage with us. We may also receive data from healthcare professionals or other organisations
providing support to service users and we may also collect data from other publicly available
sources in the legitimate furtherance of our activities. In some instances, data may be shared
with us as a ‘data processor’, in which case we are obliged only to process such data as
directed by the party sharing it with us.

4. What we do with the data we process

4.1 The Company uses the data collected to maintain accurate internal records of service
users, participants in programmes and activities, event attendees, of staff and others who
engage with us. These records facilitate our activities, as described above, and data may be
processed and viewed as is necessary by staff and others working with us in the course of
these activities (all of whom work in accordance with this privacy policy).

4.2 We will only retain data for as long as is reasonable and necessary for the purposes for
which the data was collected and permitted in law. This may include where such retention is
necessary for compliance with a legal obligation to which we are subject, or in order to protect
your vital interests or the vital interests of another natural person, for example for
safeguarding purposes.

4.3 You, as the data subject, may request deletion of your data at any time in writing,
subject to any overriding legal basis or requirement for its retention by the Company. We may
still keep a limited amount of data on a suppression list to avoid unintentionally making
unsolicited contact with you in future.

4.4 We will only share your data with trusted third-parties where necessary in the course of
our legitimate activities, and only once we are satisfied that they will protect the privacy and
security of your data to the same high standard that we do in applying this policy. These might
include IT service providers, online or electronic payment platforms, cloud-based data
management and storage systems and email communications platforms used to assist us in our work. In addition, we will share information with regulatory authorities, such as HMRC or those
involved in safeguarding, in line with our legal obligations and to protect the welfare and safety
of individuals.

4.5 If we have to transfer data share your data outside of the European Economic Area, we
will only do so if we are confident that the recipients of such data adhere to the same high
standards that we do when processing data and protecting its privacy and security, and we will
implement appropriate legal and technical safeguards to ensure this as far as possible.

4.6 We may from time to time contact you by email, post, text or telephone to tell you
about our activities and other matters related to the services we provide which we think may
be of interest to you and, where required, only after requisite consents have been obtained. If
you would rather we did not contact you by one or more of these methods, please let us know
in writing.

5. Your rights in relation to your personal data

5.1 You may request details of personal information which we hold about you. A small fee
may be payable if an information request is particularly onerous. Any such request must be
submitted in writing and will be responded to in accordance with our legal obligations.

5.2 You may choose to restrict the collection or use of your personal information, but this
may inhibit or limit the way in which the Company is able to interact with you. You may, at any
time, change your mind about what information we hold about you, or if we continue to hold it
at all, subject to any legal obligation we have to retain your data. We will not share your
personal information with third parties, except as stated above, unless we have your express
permission or are required by law to do so.

5.3 You are responsible for the accuracy of data you have provided to the Company. If you
believe that any information we hold about you is incorrect or incomplete, please write to us
as soon as possible. We will promptly correct any information found to be incorrect.

5.4 You can obtain further information about Data Protection and privacy laws by visiting
the Information Commissioner’s website at: https://ico.org.uk/for-the-public/ .

6. Security

6.1 We are committed to ensuring that your information is secure. In order to prevent
unauthorised access or disclosure, we have put in place suitable physical, electronic and
managerial procedures to safeguard and secure the data we process. Persons processing data
on behalf of the Company do so in accordance with this policy and on the basis that the we are
satisfied that they can and will adhere to our high standards for data protection and security.

6.2 The transmission of information over the internet is inherently insecure, and we cannot
guarantee the security of data sent in this way. You are responsible for keeping confidential
any password or security information that you use for accessing our systems or services; we
will not ask you for your password (except when you log in to our systems or services).

7. Web browsing and Cookies

7.1 A cookie is a small file which asks permission to be placed on your computer's hard
drive. The file is added and the cookie helps analyse web traffic or lets you know when you visit
a particular site. Cookies allow web applications to respond to you as an individual. The web
application can tailor its operations to your needs, likes and dislikes by gathering and
remembering information about your preferences.

7.2 You can choose to accept or decline certain cookies. Most web browsers automatically
accept cookies, but you can usually modify your browser setting to decline cookies if you
prefer. This may prevent you from taking full advantage of the website.

7.3 We may use traffic log cookies to identify which pages are being used to help us analyse
data about web page traffic and improve our website in order to tailor it to visitor needs. We
only use this information for statistical analysis purposes and then the data is removed from
the system.

7.4 Overall, cookies help us provide you with a better website, by enabling us to monitor
which pages you find useful and which you do not. A cookie in no way gives us access to your
computer or any information about you, other than the data you choose to share with us.

7.5 We may also collect and store information about your browsing device, including,
where available, your IP address, operating system and browser type, together with certain
anonymous statistical data about your browsing activities and patterns which does not contain
any personal data.

8. Links to other websites

8.1 Our website may contain links to other websites of interest. However, once you have
used these links to leave our site, you should note that we do not have any control over that
other website. Therefore, we cannot be responsible for the protection and privacy of any
information which you provide whilst visiting such sites and such sites are not governed by this
privacy policy. You should exercise caution and look at the privacy policy applicable to the
website in question.