The Association for Sandplay Therapy has the highest respect for the privacy and security of its members and customers. AST does not store any credit card, or otherwise financial information. Our sales are handled offsite by secure processing facilities. We do not share any of our members’ or customers’ personal information entered on this site.

We do not share any personal data entered on Application forms. Information voluntarily posted to the Members Directory is available to the public.

 

Wild Apricot’s EU Personal Data Protection Obligations.

  1. Wild Apricot’s Processing of EU Personal Data on Customer’s behalf will be conducted in accordance with documented instructions received from Customer.  Wild Apricot will promptly inform Customer if, in Wild Apricot’s opinion, an instruction from Customer infringes on the GDPR or other Member State data protection provisions. 
  2. Wild Apricot will only provide access rights to EU Personal Data to associates who have committed themselves to confidentiality.  
  3. Wild Apricot has implemented appropriate technical and organizational measures in accordance with Article 32 of the GDPR. 
  4. Wild Apricot will abide by the requirements set forth in the GDPR for the appointment of Sub-Processors.  
  5. Wild Apricot has implemented measures to assist Customer in responding to data subject requests to exercise their data subject rights.  
  6. After becoming aware of any Personal Data Breach involving EU Personal Data received from Customer or collected on Customer’s behalf, Wild Apricot will notify Customer without undue delay.  
  7. Wild Apricot will assist Customer in complying with its GDPR obligations relating to the Services concerning the security of processing, notification of an EU Personal Data Breach, Data Protection Impact Assessments (DPIAs), and prior consultations.  
  8. Depending on Customer’s asserted choice, Wild Apricot will either delete or return all EU Personal Data to Customer after the end of the provision of Services unless EU or Member State law requires storage of the EU Personal Data.  
  9. Upon written request, Wild Apricot will provide Customer with information needed to demonstrate compliance with the obligations of Article 28 of the GDPR, and will permit and contribute to audits, including inspections, conducted by Customer or another auditor mandated by Customer.