The Communication Coach assumes the function of data controller and supervises the compliance with General Data Protection Regulation (GDPR) within the business.
Information we collect
The Communication Coach holds personal data as part of conducting a professional service. The data comes under the following headings: healthcare records, educational records, clinical records, general administrative records, and financial records.
A healthcare record refers to all information collected, processed and held both in manual and/or electronic formats, pertaining to the service user and their care. Speech and language problems can be complex, and a wide range of information may be collected in order to best meet the needs of the client, and to maintain a high quality service, which meets best practice requirements. In order to provide a high quality service, a range of information may be collected.
Examples of data collected and held on current and active clients include the following:
- Contact details: Name, address, phone numbers, e-mail address,
- Personal details: Date of birth,
- Other contacts: Name and contact details of GP and any other relevant healthcare professionals involved.
- Teachers, SNA’s, Principals’ names and school address.
For child services, data may include
- Parent/guardian and sibling details
- Educational placements.
- Pre- and post-natal history: This can include information relating to mother’s pregnancy, and child’s birth.
- Developmental data: developmental milestones, feeding history, audiology history.
- Medical details: such as any relevant illnesses, medications, and relevant family history. Reports from other relevant allied health professionals such as: Audiology, Psychology, CAMHS (Child & Adolescent Mental Health Services), Occupational therapy, Physiotherapy, Ophthalmology.
Relevant Individual Educational Plans (IEPs), progress notes from educational staff, e mails from teachers, and school reports may be held.
Specific data in relation to communication skills may be collected and held, such as assessment forms, reports, case notes, e-mails, text messages and transcripts of phone. Audio and video files may also be collected and stored.
General administrative records
The Communication Coach may hold information regarding attendance reports and accident report forms.
A financial record pertains to all financial information concerning the practice, e.g. invoices, receipts, and any information for Revenue. The Communication Coach may hold data in relation to payments: receipts and invoices. Information will include name of bill payer, client name, address and record of invoices and payments made.
Where we get our information
Personal data will be provided by the client, or in the case of a child (under 16years), their parent(s)/guardian(s). This information will be collected as part of a case history form prior to, or on the date of first contact.
Information may also be provided directly from relevant third parties such as schools, medical professionals and allied health professionals, with prior consent from the parent(s)/guardian(s).
How we use the information that we collect
We use the information we collect, to provide appropriate assessment and therapy as per the relevant professional guidelines, as well as to maintain the general running of the business, such as running our electronic booking system, keeping our accounts and updating you of any changes in policies or fees.
Information may sometimes be used for research and training purposes, with the written consent of the client or parent/guardian.
Data retention periods
The retention periods are the suggested time periods for which the records should be held based on the organisation’s needs, legal and/or fiscal precedence or historical purposes. Following the retention deadline, all data will be destroyed under confidential means.
The Communication Coach keeps electronic records of clinical data in order to provide a service.
- The preferred format for clinical data is electronic.
- Clinical data is deleted confidentially and destroyed after 2 years from the last invoiced session, usually following discharge.
- Video records/ voice recordings relating to client care/videoconferencing records may be recorded with consent, analysed and then destroyed. If written consent is provided to use recordings for training purposes, the client will have the option to withdraw consent at any time.
The Communication Coach keeps paper records of financial data from those who use our services.
Section 886 of the Direct Tax Acts states that the Revenue Commissioners require records to be retained for a minimum period of six years after the completion of the transactions, acts or operations to which they relate. These requirements apply to manual and electronic records equally.
- Financial Data is kept for 6 years to adhere to Revenue guidelines.
- Financial Data (including non-payment of bills) can be given to Revenue at Revenue’s request.
Contact Data is kept for 6 years to allow processing of Financial Data if required. (This may be retained for longer for safety, legal request, or child protection reasons.)
If under investigation or if litigation is likely, files must be held in original form indefinitely, otherwise files are held for the minimum periods set out above.
Information we share
We do not share personal information with companies, organisations and individuals outside The Communication Coach unless one of the following circumstances apply:
With your consent:
We will share personal information with other relevant health care providers or educational providers when we have your consent to do so. We require opt-in consent for the sharing of any sensitive information.
For legal reasons:
We will share personal information with companies or organisations outside of The Communication Coach, if disclosure of the information is reasonably necessary to:
- Meet any applicable law, regulation, legal process or enforceable governmental request.
- Meet the requirements of the Children First Act 2015.
- To protect against harm to the rights, property or safety of The Communication Coach, our service users or the public as required or permitted by law.
For processing by third parties/external processing
The following third parties are engaged for processing data:
|Who||Type of data||Purpose|
|Administrative staff||Record keeping, typing, correspondence.||Updating records|
|Accountant||Financial||Processing financial accounts|
The Communication Coach is required to share data with external parties in the following circumstances:
- Compliance with local tax and audit laws.
- Compliance with child protection.
- Compliance with law enforcement.
How we protect your data
In accordance with the General Data Protection Regulation (GDPR), we will endeavour to protect your personal data in a number of ways:
By limiting the data that we collect in the first instance
All data collected by us will be collected solely for the purposes set out at 1 above and will be collected for specified, explicit and legitimate purposes. The data will not be processed any further in a manner that is incompatible with those purposes save in the special circumstances referred to above. Furthermore, all data collected by us will be adequate, relevant and limited to what is necessary in relation to the purposes for which it is collected which include, inter alia, the assessment, diagnosis and treatment of speech, language and communication disorders.
By transmitting the data in certain specified circumstances only
Data will be shared and transmitted, be it on paper or electronically, only as is required.
By keeping only the data that is required
By disposing of/destroying the data once the individual has ceased receiving treatment
Within two years of the completion of this treatment, apart from the special categories of personal data as set out above. Where data is required to be held by us for longer than the period of two years, we will put in place appropriate technical and organisational measures to ensure a level of security, appropriate to the risk. These may include measures such as the encryption of electronic devices, pseudonymisation of personal data, and/or safe and secure storage facilities for paper/electronic records.
By retaining the data for only as long as is required
In this case, this is for two years except for circumstances in which retention of data is required in circumstances set out at part 1.1 above or in certain specific circumstances as set out at Article 23(1) of the GDPR.
By disposing of/destroying the data securely and confidentially after the period of retention has elapsed.
This could include the use of confidential shredding facilities or, if requested by the individual, the return of personal records to the individual.
By ensuring that any personal data collected and retained is both accurate and up-to-date.
Protecting your Rights to Data
For children under the age of 16, data access requests are made by their guardians. When a child turns 16, then they may make a request for their personal data. However, this is subject to adherence with the Children First Act.
The Communication Coach as with most providers of healthcare services is aware of the need for privacy. As such, we aim to practice privacy by design as a default approach, and only obtain and retain the information needed to provide you with the best possible service.
All persons working in, and with The Communication Coach in a professional capacity are briefed on the proper management, storage and safekeeping of data.
The Communication Coach understands that the personal data used in order to provide a service belongs to the individuals involved.
The following outlines the steps which The Communication Coach use to ensure that the data is kept safe.
Electronic data is stored securely on the writeupp professional secure system.
Any physical data retained are kept in a container secured with a lock and key.
Website Related Data: Who we are
Our website address is: http://thecommunicationcoach.ie.
What personal data we collect and why we collect it
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.