About this policy
This privacy policy sets out how The Circle Line Limited (“we”, “us”, “our”) uses and protects any personal data that you give us when you use the website at www.thecircleline.co.uk or otherwise engage with our services.
Your data is important to us and we are committed to safeguarding your information in accordance with data protection and privacy laws. We want you to know what information we collect, how we use it and how you can control what we do with this information. If you have any questions about this privacy policy including any requests to exercise your legal rights, please contact us (see “Our Contact Details” section below).
We may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. You can also obtain historic versions of our privacy policy by contacting us. This policy was last updated on 3 August 2021.
What information we collect
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Identity Data: includes first name, last name, username or similar identifier, date of birth and gender. Please note that our services are not intended for children and we do not knowingly collect data relating to children.
Contact Data: includes billing address, post code, email address, and telephone number.
Profile Data: includes your account password, whether you are a user of therapy, your preferences and profile in relation to our services (including answers to your matching questionnaire or other submissions, which may include sensitive data such as details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, information about your health and/or genetic data), feedback and survey responses, and your marketing and communication preferences.
Financial & Transaction Data: includes bank account for practitioners and payment card details for consumers, details about payments to and from you, and details of the services you have purchased from us.
Technical & Usage Data: includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website, along with information about how you use and interact with our website and services.
Practitioner Data: in addition to the other types of data, if you are a practitioner we also collect:
proof of identity, home address, details of your qualifications and accreditations, name of your supervisor and details of your professional experience;
information from third parties to verify the information you have provided; and
feedback in relation to the services we provide.
Additional Data: we collect in order to review compliance with our Terms and Conditions and/or otherwise as required by law.
We may also collect, use and share aggregated data for any purpose. Aggregated data could be derived from your data but will not directly or indirectly reveal your identity. For example, we may aggregate Usage Data to calculate the percentage of users accessing a specific service feature. However, if we combine or connect aggregated data with your data so that it can directly or indirectly identify you, we treat the combined data as your data which will be used in accordance with this privacy policy.
What data does The Circle Line collect and what data do Practitioners collect?
Practitioners keep short, written notes on sessions where appropriate and store those securely. The Circle Line does not have access to any data disclosed during a session to Practitioners, or any personally identifiable information (PII) that is not disclosed to The Circle Line in relation to our services. Practitioners are the Data Controllers for any PII and other forms of data you disclose to them.
Practitioners are governed by their accrediting bodies’ code of ethics, including data privacy. You may request Practitioners’ Privacy Policies.
When do we collect this information?
We collect this information:
From you directly when you disclose your information to us including when you register for an account or update your details, when you complete our matching questionnaire, order services from us, when you request marketing or other information from us, when you contact us with an enquiry, request or other feedback;
In monitoring your use of our services. This may include manual monitoring and also automatic collection of Technical Data including through the use of cookies, analytics IDs or other similar technologies (see the “Cookies” section below); and
When checking compliance with our Terms and Conditions and/or as otherwise required by law.
How do we use this information?
We will only use your personal data where we have legal grounds to do so. Generally, we will process your data in the following circumstances:
where we need to perform the contract we are about to enter into or have entered into with you including where necessary to take steps at your request prior to entering into a contract;
the processing is necessary for the purposes of our legitimate interests (or those of a third party), such as providing information on related events or happenings run by or connected to TCL or sending relevant editorial content. In certain circumstances you have the right to object to processing based on such legitimate interests (as explained in the ‘What are your rights?’ section below);
where we need to comply with a legal obligation placed on us;
you have given consent for the processing. When we rely on consent to process your information, you have the right to withdraw this consent.
We have set out in the section below a description of the ways we plan to use your personal data, and which of the legal bases we rely on to do so. Please note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data:
Fulfilment of contract
Administering and delivering our services (e.g. to register you for an account, account management, to understand your needs and recommend a practitioner, passing on your information to practitioners, to facilitate sessions, manage payments and refunds (if applicable))
Queries and complaints investigation and handling
Sending service messages (including policy updates and service activity checks)
Monitoring compliance with applicable terms and conditions
Required in order to comply with legal obligation
Processing information to comply with legal and regulatory obligations (e.g. financial or tax record keeping)
Issuing refunds (where applicable)
Security management
Processing based on legitimate interests
To administer, protect and improve our business, website, services, marketing, customer relationships and experiences (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
To prevent fraud and in the context of a business reorganisation or group restructuring exercise
In the context of a business reorganisation or group restructuring exercise
To deal with requests, complaints and enquiries
In connection with our marketing on third party platforms
Your consent (which you can withdraw at any time)
In relation to the special category data we collect in our matching questionnaire or as disclosed by you when you engage with our services
Where you have actively asked to receive direct marketing from us including to provide you with information on related events and happenings run by or connected to us, or to send you relevant editorial content and to invite you to take part in surveys about our services, which are always voluntary and designed to improve our services.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
Marketing
You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. Where you opt out of receiving these marketing messages, we will still continue to use your personal information to provide you with services which may include sending you service messages.
We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
When do we share your information?
We do need to share your data with other parties in some circumstances. We pass information about you to other parties as follows:
to practitioners to enable them to provide services to you (where applicable). In these cases, we pass your full name, emergency contact, postcode, and answers to matching questions on to practitioners for them to provide you with therapy, coaching or counselling services and to ensure your safety and that of others. We are each independent controllers. We control your data in respect of the administration of The Circle Line which facilitates therapy services but practitioners are fully in control of your data in respect of the therapy services they provide i.e. the data you disclose to them during your session;
to third parties authorised by us and acting on our behalf, such as our employees, contractors, partners, suppliers, auditors and/or agents, to administer our services and/or to help us review and improve our services. These third parties are only allowed access to your information as needed to provide services to us. We carefully select these companies, only share with them what they need to do the work and we make sure they keep your information secure and they’re not allowed to use it for any other purpose.
to conduct analytics in relation to our services. This could include comparing the information we hold about you against third party datasets;
so that our services can be marketed to you (or people similar to you) on third party platforms (for example, through the use of Custom Audiences on Facebook);
to the police, regulatory bodies or legal advisers including in connection with any regulatory investigation, alleged criminal offence, unlawful activity or suspected breach of the Terms of Use and/or the breach of other terms and conditions or otherwise where required by law or where we suspect harm or potential harm to others. We will cooperate with any law enforcement authorities or court order requesting or directing us to disclose information about anyone breaching any relevant terms and conditions or otherwise for the prevention or detection of crime or the apprehension or prosecution of offenders;
if there are changes to our business (see section below on ‘Changes to our business’);
to any other third party, where you have provided your consent.
Service providers based outside Europe
We use third party service providers to enable us to provide services to you. These third parties are only allowed access to your information as needed for the relevant element of the services. They’re not allowed to use it for any other purpose. Some of these third party companies are located, or have servers that are located outside the UK and European Economic Area. Where we share your information with such companies, we take all steps reasonably necessary to ensure your information is treated securely and in accordance with this privacy policy.
However, please note that the data protection and other laws of such countries may not be as comprehensive as those in the UK or European Economic Area. We’ll only transfer your personal information to a territory outside of the UK or European Economic Area under the following circumstances:
the European Commission or UK government has determined that an adequate level of protection for personal information is in place in the country to which we transfer your data;
standard data protection clauses as adopted by the European Commission or UK government are in place governing the transfer (you can view the standard clauses on the European Union’s legal website at eur-lex.europa.eu); or
other appropriate legal safeguards have been put in place.
Links to other websites
Please note that our website may contain links to other websites. Please note that we do not have any control over those other websites and we are not responsible for the protection and privacy of any information which you provide whilst visiting such sites. Please exercise caution and look at the privacy statement applicable to that website.
Changes to our business
If we decide to change or restructure our business we may need to pass your personal information to another company so we can continue to effectively deliver the products and services to you.
Also, if we become involved in a merger, acquisition, restructuring, reorganisation, bankruptcy or other transaction involving the sale of some or all of our assets, then your information may be included in the assets that are transferred to the new owner and may be provided to the entities and advisors involved. Such a transaction could involve us: (i) retaining the right to continue to use transferred personal information in addition to the right of the new owner to use such information; and (ii) engaging in additional transfers of personal information (including new personal information) with the new owner from time to time following such a transaction.
If there are changes to our business (such as a re-organisation or restructuring), your personal information will remain subject to this privacy policy (as amended from time to time). However, where your personal information is transferred to a new owner following a merger or acquisition it may be subject to a different privacy policy. We, or the new owner, will provide notice to you before any of your personal information becomes subject to a different privacy policy.
Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Where applicable and required by law in the United States, we will comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Please note that you must keep your password confidential. If you have any concerns that your account, password or personal information has been put at risk, please contact us straight away.
Cookies
We may ask for your permission for a small file called a cookie to be placed on your computer’s hard drive. If you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
We may use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Overall, cookies help us provide you with a better website and better experience, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
How long do we keep your information?
We keep your information for only as long as necessary. The length of this retention period depends on the purpose for which the data was obtained and its nature. For example:
We need to keep some information about you so we can deal with any complaints you might make about the services we provide to you;
If you ask us to stop sending you marketing material, we need to keep some information to ensure we don’t send you further marketing;
we have a legal or regulatory duty to retain information (for example, under accounting or HMRC tax rules);
need to keep information so we can defend possible future legal claims. Unless there’s some other reason for keeping it, we will delete information when such a claim could no longer arise or it is no longer required to defend legal claims.
We may keep aggregated data (which does not identify you) beyond these periods.
What are your rights?
You can see the personal information we hold about you when you log in to your account. We are committed to delivering the rights that individuals are entitled to under data protection laws in the UK. This means you have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you. You can do this via the email address in Our Contact Details below.
Request correction of any incomplete or inaccurate personal data that we hold about you. If you believe that any information we are holding on you is incorrect or incomplete, please email us as soon as possible, at the address in Our Contact Details. We may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. You may ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always comply with your request of erasure where there is a lawful reason for not doing so – for example, there may be an overriding legitimate ground to retain your information (for example to comply with tax rules).
Object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms or where we are processing your personal data for direct marketing purposes. we will comply with such a request unless there is a lawful reason for not doing so, such as when we need to continue to process your information to defend a legal claim or if this information is necessary for the ongoing provision of our products and services.
Request the transfer of your personal data. In certain circumstances, you may request that we provide your personal information to you in a structured, commonly used and machine readable format and have it transferred to you or to another provider of the same or similar services. Where this right is applicable, we will comply with such transfer as far as it is technically feasible.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.
Make a complaint. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so we do suggest that you contact us in the first instance.
Please note that we may ask for proof of identity before complying with some of these requests.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
Changes to Policy
We may amend and update this policy from time to time, and any changes in the future will be posted on this page.
The date of the latest update to this privacy policy is set out at the top of this policy.
Our Contact Details
TCL is The Circle Line London Limited (t/a The Circle Line), a limited company registered in England and Wales under company number 12147684, VAT reg number 331 7386 05, with registered address at Kemp House, 160 City Road, London EC1V 2NX.
Please contact us with any questions or comments about this policy or to contact us about your personal data issues by email at hello@thecircleline.co.uk.