GDPR and PRIVACY NOTICE

Privacy policy reviewed March 2024

​

In brief:

​

• I will only collect and hold necessary information. 

• I only keep very brief, handwritten notes.

• All paper records are kept in a locked filing cabinet in my counselling room at my home. 

• Any information held electronically is password protected.

• Remote Counselling Sessions are carried out on my laptop via Google Meet which is end to end encrypted.

• I work from a room in my home, with the door closed, just as if we were meeting in person.  This is a confidential space and neither I nor you will be overheard.

• I am registered with the Information Commissioners Office.

• The following is the full detailed version of the above, which you may wish to read. 

​

In full:

 

This Privacy Notice explains what personal data I collect in my capacity as data controller for Space to Breathe Counselling (S2B). For clarity, I may be both data controller and data processor for your personal data under certain circumstances. This policy is reviewed annually and subject to change.

This policy sets out the basis on which any personal data I collect from you, or that you provide to me, will be processed by me. Please read the following carefully to understand practices regarding your personal data and how it is treated.

Please note that this Privacy Policy applies only to Space To Breathe Counselling and not to any third-party sites that are linked to from this site.

The reasons I process your personal data include, but are not necessarily limited to, your consent, performance of a contract, billing and to contact you.

I receive information about you from you when you use my website, complete forms on my website or in person, if you contact me by phone, email or otherwise. I also collect information from you if you sign up for my mailing lists or when you inform me of any other matter.

The personal data that I may collect from you includes your name, address, email address, phone numbers, payment information and IP addresses. I keep notes in accordance with the law and British Association for Counselling and Therapy (BACP) guidelines. I may also retain records of your queries and correspondence, in the event you contact me.

How I use your data:

I use information about you in the following ways:

• To process bookings and/or orders that you have made with me

• To provide you with products and services

• To comply with my contractual obligations with you

• To enable me to review, develop and improve my website and services

• To provide customer care, including responding to your requests if you contact me with a query

• To keep track of billing and payments

• To carry out marketing and statistical analysis

• To notify you about changes to my website and services

• To provide you with information about products or services that you request from me or which I feel may interest you, where you have consented to be contacted for such purposes

• To inform you of services

Your rights: You have the right to access the information I hold about you. Please submit a formal written request, specifying what information you wish to access. I then have one month from the date of receipt to comply. 

You have the right to object to my retaining or using your personal data and may or ask me to delete, remove or stop using it if there is no need for me to keep it. This is known as your right to be forgotten. There are legal and accountancy reasons why I need to keep your data, but please inform me if you think I am retaining or using your personal data incorrectly. Preventing the retention, use or processing of your personal data may delay or prevent me from fulfilling contractual obligations to you. It may also mean that I am unable to provide any services.

Accessing and updating your data: Please let me know if your information (email, address etc) changes. 

Use of cookies: My website is hosted on the Wix.com platform. Wix.com places cookies on Wix sites – small text files that are placed on your machine to help the site provide a better user experience. These are used to help maintain the security and performance of the website, retain user preferences, store information for things like shopping carts, and provide anonymised tracking data. To deliver this service it processes the IP addresses of visitors to the website.

As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the Help section of your browser or taking a look at the ‘About Cookies’ website which offers guidance for all modern browsers

Links to other sites: Since I do not control other websites, I encourage you to review the privacy policies of any third party sites. Any information that is supplied on these sites is not within my control and I cannot be held responsible for their privacy policies and practices.

Phone calls: When you call me, I will only collect the information necessary to ensure you receive an efficient and appropriate response. I may also temporarily retain some of the information where it helps with providing you with an efficient response.

When you email me: If your email service does not support TLS or SSL or similar security systems, you should be aware that any emails we send or receive may not be protected in transit.

I will monitor any emails sent to S2B, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law. We will not keep any email data from you for longer than is necessary.

I follow legal standards to keep digital data password protected and secure.

As the transmission of information via the internet is not completely secure, I cannot guarantee the security of your data transmitted to my site and any transmission is at your own risk. Once I have received your information, I will use strict procedures and security features to prevent unauthorised access.

Retention of Records Including Session notes: I will not keep any records or session notes for longer than is absolutely necessary. Brief session notes are kept for up to two years after the end of therapy, before being minimised. After two years they may be kept for a further five years; after which time all paper records are shredded and all electronic records are deleted. Unnecessary documents are routinely deleted and/or shredded and securely disposed of. 

The GDPR replaces the 1998 Data Protection Act to ensure your personal and sensitive, confidential data is kept private and held securely, being processed in the way that you have agreed to. It is there to protect your rights as a consumer of a service or product that might involve your identifiable data, e.g. your name and address or whether you have a specific condition. It also covers any session records, text messages or emails we exchange.

I must hold your data for as long as is reasonable. I may not be able to delete your data before this time due to legal and/or accountancy obligations. I shall retain your data only for as long as necessary in accordance with applicable laws.

Exceptions: I am obligated by law to disclose to the appropriate authorities anything I believe may be related to terrorism, money laundering or drug trafficking.  I am also duty bound to share relevant information with appropriate authorities if I believe that you or someone else (especially a minor or elder person) is at risk of significant harm.  I would endeavour to inform you of this, if appropriate, prior to contacting anyone.

If you want to make a complaint about the way I have processed your personal information, you can contact the Information Commissioners Office (ICO) in their capacity as the statutory body which oversees data protection law in the UK.

If you wish to withdraw your consent, please send an email to space2breathecounselling@gmail.com. Withdrawal of consent will mean that any therapy will cease immediately. A record of your request to withdraw consent may still be retained so that I can ensure you are no longer contacted.

This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of collection and use of personal information. However, I am happy to provide any additional information or explanation needed.