Brightoncounselling.org

 

DATA PRIVACY NOTICE

June 2020

 

Your personal data is really important to me and I understand how important it is to you. My aim is to be as clear and open as possible about what I do with your personal data and why I do it.

Definitions 

·      “Processing” means anything that I do with your personal data – obtaining it, holding it, using it, or passing it on. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).

·      “You” means you as an individual. You are known as the data subject within the context of the GDPR and UK data protection law.

·      “I” means Amber Redish Counselling. I am the data controller as defined within the context of the General Data Protection Regulation (GDPR) and UK data protection law. This means I decide how your personal data is processed and for what purposes and am legally responsible for making sure your information is processed correctly and lawfully. 

·      “”Third party” means any individual or organisation outside of my counselling organisation

Your personal data – what is it?

Personal data relates to a living individual who can be identified from that data.  Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. 

What personal data do I process?

I process different personal information depending on how you come into contact with me:

 

1. When clients undertake therapy or supervision directly with me

I will record information such as your name, age, GP details, emergency contact information, medications and treatments, mental health history, previous counselling experience and other sensitive information. I have a legal obligation to keep notes after every session. I may send you a feedback form to complete at the end of your therapy, however completing this is optional. 

 

2. When people access my website

My website will record information about your computer and about your visits to and use of our website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths).The website does this by using cookies, pieces of information transferred to your computer’s hard disk from a website. We use cookies set by Google Analytics as detailed here https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage to analyse the use of the website.  Cookies do not typically contain any information that personally identifies a user. Most browsers are automatically set to accept cookies. Each time you use a website, the cookie is accessed. You may disable cookie support on your browser if you wish.

 

My website is hosted by Squarespace. For more information about how they process data, please go to https://www.google.co.uk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwiDgY632MvtAhXHesAKHeq1AyUQFjAAegQIBBAC&url=https%3A%2F%2Fsupport.squarespace.com%2Fhc%2Fen-us%2Farticles%2F360000851908-GDPR-and-Squarespace&usg=AOvVaw01HopNYZJCSFbc2DmhTEjm

What do I use your personal data for?

I use your personal data for the following purposes: 

·      To respond to queries via my website

·      For client consultations;

·      To seek client feedback;

·      To deliver therapy services; 

·      To maintain financial records, invoices and payments made;

·      To carry out comprehensive safeguarding procedures (including due diligence and complaints handling) in accordance with best safeguarding practice from time to time;

·      To maintain my own accounts and records;

Further processing

If I wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then I will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, I will seek your prior consent to the new processing.

What is my lawful basis for using your information?

The lawful basis for processing your information falls under 5 main categories; under each I have given an example.

 

1. For the performance of a contract

When we enter into a therapy contract together, I have to process certain data in relation to that

 

2. For compliance with a legal obligation

I have a legal obligation to keep assessment and session notes for clients attending therapy or supervision. I also have a legal obligation to keep financial records for HMRC.

 

3. To protect the vital interests of you or another person

If you are physically or legally incapable of giving consent, but I need to protect your vital interests, in an emergency, I may use your personal information. For example, if you are taken seriously unwell during a counselling session, I may pass on next of kin details or medical information to emergency services.

 

4. In the exercise of official authority or in the public interest
For example, if I felt there was a safeguarding issue, I would be required by law to inform the appropriate authorities/bodies.

 

5. On the basis of Consent

 

 

Special Category data (highly sensitive personal data such as mental health history, sexual orientation or ethnic origin) needs more protection. I will only process such data if it meets one of the above categories and one of the conditions below:

 

1. the data subject has given explicit consent to the processing of their personal data for one or more specified purposes (for example in a client consultation)

2. processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent

How secure is your information?

I comply with my obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.

 

Printed documents are stored securely in a locked filing cabinet and electronic files are kept encrypted. Highly sensitive documents, such as consultation reports, are coded so that they are anonymous.

Sharing your personal data

Your personal data will be treated as strictly confidential and will only be shared with other third parties with your prior consent, or unless required to do so by law. 

How long do I keep your personal data?

I endeavour to maintain only data that is relevant, accurate and up to date. I have internal processes to periodically review the data I hold and delete data that is no longer relevant to my purpose for processing. I may keep some other records for an extended period of time and others permanently if I am required to do so. For example, I will keep contracts only until the contract ends but I will keep session notes for 5 years from the date therapy concluded as per guidance from my legal and professional bodies.

Your rights and your personal data

You have the following rights with respect to your personal data:

 

1. The right to access information I hold on you

·      At any point you can contact me to request the information I hold on you as well as why I have that information, who has access to the information and where I obtained the information from. Once I have received your subject access request and proof of your identity, I will respond within one month.

·      There are no fees or charges for the first request but additional requests for the same data may be subject to an administrative fee.

 

2. The right to correct and update the information I hold on you

·      If the data I hold on you is out of date, incomplete or incorrect, you can inform me and your data will be updated.

 

3. The right to have your information erased

·      If you feel that I should no longer be using your data or that I am illegally using your data, you can request that I erase the data we hold.

·      When I receive your request, I will confirm whether the data has been deleted or the reason why it cannot be deleted (for example because I need it for regulatory purpose(s)).

 

4. The right to object to processing of your data

·      You have the right to request that I stop processing your data. Upon receiving the request I will contact you and let you know if I am able to comply or if I have legitimate grounds to continue to process your data. Even after you exercise your right to object, I may continue to hold your data to comply with your other rights or to bring or defend legal claims.

 

5. The right to data portability

·      You have the right to request that I transfer some of your data to another controller. I will comply with your request, where it is feasible to do so, within one month of receiving your request. 

 

6. The right to withdraw your consent to the processing at any time for any processing of data to which consent was sought.

·      You can withdraw your consent easily by email or phone (see Contact Details).

 

7. The right to object to the processing of personal data where applicable.

·      Where I use your personal information to perform tasks carried out in the public interest then, if you ask me to, I will stop using that personal information unless there are overriding legitimate grounds to continue.

 

8. The right to lodge a complaint with the Information Commissioner’s Office.

·      If you feel I have used your information incorrectly or without lawful basis, or you dispute mylawful basis, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

 

Please contact me if you wish to exercise any of these rights.

Contact Details

If you have any questions regarding how I process your data, or you would like to make a subject access request, please contact me in writing either by email or in writing to: amber.redish1@gmail.com or 66 Stephens Road, Brighton. BN17ER.

You can contact the ICO on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Changes to this notice

I keep this Privacy Notice under regular review and I will place any updates on my website: