Your privacy is very important to me and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me. I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
This privacy notice tells you what I will do with your personal information from initial point of contact through to after your therapy has ended, including:
I am happy to chat through any questions you might have about my data protection policy and you can contact me via email: email@example.com. ‘Data controller’ is the term used to describe the person/ organisation that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is me.
The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. I have explained these below:
If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information.
If you are currently having therapy or if you are in contact with me to consider working with me, I will process your personal data where it is necessary for the performance of our contract.
The GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is that it is for provision of health treatment (in this case counselling) and necessary for a contract with a health professional (in this case, a contract between me and you).
Below are the categories of data that I collect and how I process the data:
These details are kept securely on my computer and are only shared with a third party if necessary; for instance if you submit financial details through the company Stripe, Stripe will also have access to this information. Please see “Third party recipients of personal data” below.
When you contact me with an enquiry about my counselling services I will collect information to help me satisfy your enquiry. This will include your name, email address, phone number, and any other personal details or reasons stated for contacting me. Alternatively, your GP or other health professional may send me your details when making a referral or a parent or trusted individual may give me your details when making an enquiry on your behalf. If you decide not to proceed I will ensure all your personal data is deleted within six years. If you would like me to delete this information sooner, just let me know.
Rest assured that everything you discuss with me is confidential. That confidentiality will only be broken if you mention harm to yourself or to another person, or in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime). I will always try to speak to you about this first, unless there are safeguarding issues that prevent this.
I will keep a record of your personal details to help the counselling services run smoothly. I will keep written notes of each session, these are kept under password protection. For security reasons I do not retain text messages for more than six years. If there is relevant information contained in a text message I will save this information under password protection. Likewise, any email correspondence will be deleted after six years if it is not important. If necessary I will keep email correspondence under password protection.
You do not have to supply any personal data to me however I may be unable to provide my services to you without personal data (for instance, I will need contact information in order to communicate with you). You may withdraw my authority to process your personal data (or request that I restrict my processing) at any time but there are circumstances in which I may need to continue to process personal data (please see below).
My current data retention policy is to delete or destroy (to the extent I am able to) personal data in accordance with the following retention period:
Once counselling has ended your records will be kept for six years from the end of our contact with each other and are then securely destroyed.
I review the personal data I hold on a regular basis to ensure the data I am holding is still relevant to my business and is accurate. If I discover that certain data I am holding is no longer necessary or accurate, I will take reasonable steps to correct or securely delete this data as may be required.
I sometimes share personal data with third parties, for example, where I have contracted with a supplier to carry out specific tasks. In such cases I have carefully selected which partners I work with. I take great care to ensure that I have a contract with the third party that states what they are allowed to do with the data I share with them. I ensure that they do not use your information in any way other than the task for which they have been contracted. For example, I use the company MailerLite to collect your name and email address; this enables me to send you emails with your consent. In order to facilitate booking I use the company Calendly, which will ask for your name and email address and give you the option of providing any additional information. In order to process some payments, I use the company Stripe which will collect and hold your personal and financial information.
I will not transfer your personal data in a systematic way outside of the UK or European Economic Area or UK (“EEA”) but there may be circumstances in which certain personal information is transferred outside of the UK or EEA, in particular:
From time to time some of my data processors or server providers may be based outside of the UK or EEA, if that is the case then I will ensure that I have an agreement with such processors or service providers to provide adequate safeguards and a copy of such agreements will be available on request;
If you access the services whilst outside of the UK or EEA, your information may be provided outside of the UK or EEA in order to provide you with my services;
I may communicate with parties outside of the UK or EEA, in providing my services. Those communications may include personal information (such as contact information).
If I transfer your information outside of the UK or EEA, and the third country or international organisation in question has not been deemed by the EU Commission or Secretary of State (as the case may be) to have adequate data protection laws, I will provide appropriate safeguards and I will be responsible for ensuring your privacy rights continue to be protected as outlined in this notice.
I try to be as open as I can be in terms of giving people access to their personal information. You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop processing your personal information. You also have a right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances. You can read more about your rights at ico.org.uk/your-data-matters.
If I do hold information about you I will:
You can also ask me at any time to correct any mistakes there may be in the personal information I hold about you.
To make a request for any personal information I may hold about you, please put the request in writing addressing it to firstname.lastname@example.org.
If you have any complaint about how I handle your personal data please do not hesitate to get in touch with me by writing or emailing to the contact details given above. I would welcome any suggestions for improving my data protection procedures.
I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept secure. I use two levels of password protection on a computer that is safely stored.
When someone visits my website, I use third party services such as Google Analytics and MailerLite to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. I do not make, and do not allow Google Analytics to make, any attempt to find out the identities of those visiting my website.
I use legitimate interests as my lawful basis for holding and using your personal information in this way when you visit my website. I use Google Analytics, MailerLite, and Stripe so that I can continually improve my service to you.
For more information on how Google Analytics, MailerLite, and Stripe process personal data, please refer to their privacy notices (as detailed on their respective websites).
We also collect strictly necessary cookies; these cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies.
If you would like to contact me with any enquiry or complaint relating to your personal information or how it is handled, you can contact me at email@example.com