We are committed to protecting your privacy and will handle all information we receive from you in accordance with the UK DPA 2018 and GDPR Data protection legislation.
- Who we are
- Who you can contact from DDPI about GDPR
- The links between DDPI and the DDP Network websites
- How we collect personal information from you
- What personal information we collect about you
- Why we need your personal information
- How we secure your information
- Retaining your personal information
- Making a data protection complaint
1. Who we are
The Dyadic Developmental Psychotherapy Institute (DDPI) is a not-for-profit organization. It aims to educate, facilitate, promote and advance Dyadic Developmental Psychotherapy and Dyadic Developmental Practice. The DDPI provides a robust certification of this internationally.
The DDPI Board objectives
- Certification: to provide and support a rigorous certification process for Practitioners, Consultants and Trainers in DDP and a certification process for organizations.
- Learning and Development: to provide training opportunities to individuals and groups seeking to learn more about Dyadic Developmental Psychotherapy and Dyadic Developmental Practice
- Practice: To support individuals and organizations working to develop and maintain consistent Dyadic Developmental Psychotherapy and Dyadic Developmental Practice.
- Research and Evaluation: to explore and provide evidence of how and why DDP is an effective intervention and try out new ways it can be applied.
- Communicate and Inform: to provide opportunities for Practitioners in Dyadic Developmental Psychotherapy and parents/caregivers to share their experiences and learning.
Our aims are met via the work of our directors, colleagues and through the DDP Network websites including the DDP USA & Canada site and the DDPI section of the main DDP Network website.
For more information, please visit About DDPI.
2. Who you can contact from DDPI about GDPR
Please contact us if you have concerns about the privacy of your personal data or require further information about how we manage your personal information. DDPI has a lead director responsible for data protection compliance. We do not handle the “significant amounts of personal data” required to formally appoint a Data Protection Officer.
Benjamin Hargrave, DDPI Board co-Chair, is our GDPR lead director and can be contacted at email@example.com.
Dyadic Developmental Psychotherapy Institute
220 5th Ave, 11th Fl
New York, NY 10001
3. The links between DDPI and the DDP Network websites
There are five connected websites that make up what we call “DDP Network”: DDP Network, DDP Connects UK, DDP USA & Canada, DDP Members and DDP Portal. DDPI uses the DDP Network site to post information on its certification standards and application materials for practitioners, consultants and trainers. In addition, on the DDP Members site, users are invited DDPI-approved Practitioners, Consultants, Trainers, those in training to become Practitioners, Consultants and Trainers, and the DDPI Board.
4. How we collect personal information from you
We collect personal information about you when you provide it to us.
DDP Consultants collect certification application materials from you. Trainers collect training attendance and email consent information that you provide. Consultants and Trainers send a summary of this information to named directors and administrators who add your information to our database. Consent to have your data is unambiguous, freely given and for specific purposes.
5. What personal information we collect about you
- Information, when relevant, for invoicing, billing and payments:
Your name, email, postal address, the name, email and postal address of the organization you work for, telephone and mobile numbers and any necessary bank account details.
- A summary of the certification application information required for the DDPI-approved practicum is stored electronically. You provide this information to your DDP consultant who sends a summary to us. Your consultant retains the full details of the information you provide.
- The name, email, profession, location and organization of individuals who attend DDPI-approved Level One and Two trainings. You provide this information to your DDP trainer who sends a summary to us. Your DDP Trainer retains the signed consent forms.
Information about historical data
Between 2010 and 2017 you may have sent paper records containing the personal information necessary to apply for certification to Dan Hughes, in his role as President of DDPI or to Courtney Rennicke, in her role of USA DDPI Member at Large. These records have been scanned and saved. These digital records will be kept for as long as you are a certified Practitioner, Consultant or Trainer in DDP. They will be destroyed when you are no longer certified. These digital records will be transferred to any subsequent DDPI Members at Large for the USA.
6. Why we need your personal information
The main ways in which we may use your personal information are:
- To meet our legal obligations
- For billing and payments using our accountancy software
- To provide you with our services. These include:
- Enrolment in the DDPI Google Group / Listserv
- Making information, including a library of research, available free to all online.
- Adding you as a subscriber to our DDP Global Newsletter when you ask us to
- Publishing the DDP Global newsletter
- Keeping a record of who has attended DDP Level One and Two trainings to enable us to confirm attendance as required for certification applications and to issue repeat attendance certificates, as request by attendees
- Supporting the supervision and certification of DDP Practitioners, Consultants and Trainers in all countries
- Create groups to share specific information with, such as to all practitioners to contact them about services or to organizations who organize training directly from DDP Trainers.
7. How we secure your information
Sharing your personal information
We may share your personal information to comply with legal obligations, respond to enquiries and complaints and support the services we offer, such as:
- Collecting fee payments from organizations that commission DDP Trainers to run DDP Level One and Two and other trainings
- Organize training and conferences
- Finding you a Consultant (e.g. supervisor) when you have asked us to
Other than described above, we will not share your information to third parties for any reason, including marketing purposes
Your data will be transferred to the DDP Connects UK & DDPI shared database software.
Our database holds information about:
- DDPI-approved Practitioners, Consultants and Trainers, and those in training
- Individuals who have attended DDPI-approved Level One and Two trainings
Our database includes information about all such individuals across the world, including UK, Europe, USA, Canada, Australia and New Zealand. Only a small number of DDPI and DDP Connects UK board directors and administrators are allowed access to our database to process your information.
GPDR expands the definition of personal data to include photos. This is relevant for our four connected DDP Network websites because we add photos of individuals, who consent and send them to us, to their profiles. For individuals certified, their data is sent to the DDP Board Member at Large for the United States or Canada and stored on the DDP Network website.
When information is processed that involves the services of a processing partner, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.
For example, if DDP trainers living in the United States run relevant trainings in the UK or Ireland their transaction may be processed by a payment gateway located in the United States. Then their personal information used in completing that transaction may be subject to disclosure under United States legislation.
Whether you live inside or outside the EU, if you book a place on a DDP Level One and Two training or DDPI sponsored conference, your attendance at this training will be added to our database and your payment details may be added to our accountancy software.
DDPI uses software hosted outside of the EU. When we transfer your data out of the EU we will only do so when necessary and make sure appropriate security measures are taken to ensure your privacy rights are still protected.
Once we receive your information we do our best to keep your personal information safe on our systems. Suitable protection is maintained at all times by ensuring that appropriate safeguards are in place. One way we do this is to ensure the smallest number of named individuals have access to information entry and processing on our databases and accountancy software sites. These are either selected DDPI Board Members, our website designer & maintainer and our administrators.
Non-sensitive information, such as your email address, are transmitted over the internet. This can never be guaranteed to be 100% secure. We cannot guarantee the security of information you send to us over the internet for the same reason.
8. Retaining your personal information
How long do we keep your information?
- Billing and payments information: 7 years or until a request for deletion
- Booking information for training or conferences: 7 years or until a request for deletion
- Certification application information: Until a request for deletion
- Certification profile information: Until a request for deletion, request to cease certified, certification expired or suspended.
- Training attendee information: Until a request for deletion. Confirmation of Level One training attendance is required for attendance at Level Two training. Confirmation of Level One and Two training attendance is required should an individual apply to be certified as a Practitioner after attending Level Two. No time limits are applied.
Our services are not directed to individuals aged under 16. We do not process any data about children aged under 16.
Your rights under applicable data protection law
Your rights relevant for DDPI are to:
- Request access to the information we hold about you (Data Access Request)
- Request a copy of your data (Data Portability)
- Ask us to delete the personal information we hold about you when it is no longer required for a legitimate company need, such as sending you invoices or paying your bills (Right to be forgotten)
- Amend or correct your information if you believe the information we hold about you is incorrect, inaccurate or needs updating (Right to rectification)
- Withdraw consent (Right to withdraw)
- Be notified “without undue delay” if your personal data is compromised
Data portability and other rights don’t apply in all circumstances.
We will need to validate your identity before we can respond to your requests.
Once we have validated your identity, we aim to respond to your request within 30 days and no later than 90 days from receipt of complex requests. We will let you know if we need additional time to complete. This process is provided free of charge unless the request is deemed to be “manifestly unfounded, excessive or repetitive”.
9. Making a data protection complaint
If you have any concerns about the use of your personal data you can raise a complaint directly against us. Please address any concerns to Benjamin Hargrave at firstname.lastname@example.org.
The EU asks national agencies to enforce GDPR. If you are not satisfied with the way we handle your complaint you are entitled to raise a complaint directly with your country’s agency that oversees the GDPR.
If you have any questions or concerns about how your information is handled please email Benjamin Hargrave at email@example.com.
If you wish to contact DDPI please email: firstname.lastname@example.org
Last modification was made 12 September 2023