Counselling Privacy Statement

As a Counsellor I am registered with the Information Commissioners Office ICO: A8352138

This statement details how and why I collect, store or share/process your personal data including and also details your rights under the GDPR

Your Personal Data:

What data and how and why is it stored?

Upon meeting I take your details in a handwritten format which will be your name, contact number, email, home address, date of birth and emergency contact, such as your GP.

In addition I also keep a hard copy of your counselling contract/agreement (which sets out the boundaries for working) signed by you.

This information is stored as confidential data in locked storage.

If you enter into counselling I will make session notes in order to monitor and reflect upon the work under our contract and in line with the requirements of my professional indemnity insurance. This information is anonymous, using initials and date of contact as identifiers, so that no other person may connect these details alone to your personal identity. I keep these notes on a password protected document which is kept separately from hard copy contact details.

Sharing of Data

I use your data only in the execution of my service to you as my client and I don’t sell your data or use it for marketing purposes.

There are limited reasons why I may be required to process/share your data:

1. ‘Legitimate interest’ reasons may require me to break confidentiality due to safeguarding issues, or risk of harm to self or others. 2. Legal Reasons –  I may also be obligated to share information in your notes if I were issued with a court order. These obligations are consistent with current UK law on confidentiality. 3.You may give me your consent to share your data, for example, with your GP, other medical professionals, legal representative or occupational health department.

For how long is data retained?

I keep data for 7 years after your final session in line with the requirements of my professional insurance. Where clients are under 18, data is retained for 7 years after the age of 18 is reached.

Further Data Sources.

Email: if we communicate by email this gives me access to an ‘e signature’ in the form of an IP address, which is kept according to the retention period information detailed previously. It’s important to be aware that sending information by email doesn’t always ensure complete security (not all email systems are encrypted), so please to be mindful of what personal information you decide to give in an email.

Website contact form: information from the contact form is not stored by the website and I retain the information provided in line with the confidentiality protocols identified above. If no counselling relationship ensues I will delete that information as confidential waste.

This site uses cookies. These are text files which are placed on your computer by websites that you visit, to make websites work efficiently and to provide information to the owners of the site about people’s use of it.   ‘Session cookies’  are stored only temporarily during your browsing session and are deleted from your device when the browser is closed. Personal Information from your device is collected such as geolocation data, IP address, unique identifiers (e.g. MAC address) and other information which relates to your activity through the site. You can choose your use of cookies via the pop up cookie notification and by following the instructions of your device preferences.

The website host employs Google Analytics to monitor the behaviour patterns of website visitors but does not identify individuals. It provides information on website usage such as the number of website visits, ‘bounce rate’ etc. Google’s ability to share information collected about your visits to the website is restricted by the Google Analytics Terms of Use and the Google Privacy Policy.

https://policies.google.com/privacy

Data may also be received from online directories such as the Counselling Directory or the RSCPP directory, from Skype, or via Employee Assistance Programmes (EAP’s) and is retained by me in line with the protocols detailed previously.

Your rights under GDPR

Right to be informed about the collection, storage and use of your personal data, as contained in the above privacy information. The latter must be provided to you at the same time as I collect your personal data.

If your data comes to me via referral I must provide you with privacy information no later than one month from referral. That information must be transparent, clear and easily accessible.

Right to access:  you can request to see information I hold about you.

Right of rectification if your data is incorrect or incomplete.

Right to erasure, or ‘the right to be forgotten’    Not applicable where lawful reason/legal   obligation/legitimate interest takes precedence

Right to restrict processing. Not applicable where lawful reason/legal obligation/legitimate interest takes precedence ·

Right to data portability.  To obtain and reuse your personal data for your own purposes across different services. This rule exists mainly for data held by big service providers, e.g. utility providers. In the event of you wishing to take a copy of your case notes to another therapist/mental health provider/practitioner these may be provided as an encrypted and password protected document.

Right to object to data processing (such as direct marketing or for purposes of scientific research) Not applicable where lawful reason/legal obligation/legitimate interest takes precedence

Rights related to automated decisions.  Automated processing of personal data to evaluate certain things about an individual, including profiling.

The ICO says these are not all absolute rights:

https://ico.org.uk/fororganisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

Should you have any concerns about how I have used your data please do feel free to discuss it with me in the first instance, if you feel able to do so.

You also have the right to complain to the information commissioner’s office ICO.  0303 123 1113

Cookies Used

Cookie Name Cookie Owner Cookie Description
wfvt_ Wordfence This allows a security plugin we use to operate
wfwaf-authcookie Wordfence This cookie is set by the WordPress security plugin “Wordfence”. It is used to authenticate user’s login request.
wordfence_verifiedHuman Wordfence Cookie set by the Wordfence Security WordPress plugin to protect the site against malicious attacks.
wfvt_596077209 Wordfence This allows a security plugin we use to operate
_gat Google Analytics Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_.
_gid Google Analytics Used to distinguish users.
_ga Google Analytics Used to distinguish users.
DYNSRV Hosting Provider This cookie is believed to be used for load balancing to manage server traffic demand.
wordpress_logged_in WordPress After login, wordpress sets the wordpress_logged_in_[hash] cookie, which indicates when you’re logged in, and who you are, for most interface use.
wordpress_sec WordPress Essential WordPress session management cookies for logged in users.
wordpress_test_cookie WordPress WordPress sets this cookie when you navigate to the login page. The cookie is used to check whether your web browser is set to allow, or reject cookies.
wp-setting- WordPress WordPress also sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
wp-settings-time- WordPress WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
gdpr_popup The Affinity Consultancy This cookie is used to track who has already been shown the notice. The cookie has been set never to expire unless there is a change in the privacy policy.