Website and GDPR Privacy statement
Creative counselling and trauma recovery.
The data controller is creative counselling and trauma recovery My website host ‘simplesite’ collects behaviour patterns of website visitors. This does not identify individuals but shows me 3 things. The number of site visits, number of specific page views, and the type of device used eg mobile, desktop, laptop.
No information from the contact me button is stored by the website. I use the personal data of your email address for correspondence with you regarding your enquiry about the services of Creative counselling and trauma recovery. I only retain the information for the period we are in correspondence and then it is deleted and shredded.
I do not use the information you supply via the contact me button for marketing purposes or share with third parties unless I am required to by law. I use gmail when responding to website enquiries. Google servers are based in the US. Gmail as part of google is covered by the US privacy shield (this is a level of approved security to pass information from UK to the US) so by definition your personal data of email address and IP address may go outside of the EEA. https://www.privacyshield.gov/list General data protection regulation GDPR information for Creative counselling and trauma recovery; This statement details how I collect, store or share/process your personal data including special category data.
What information do I collect? Should you wish to become a counselling client or supervisee I collect? • Name • Contact number • Email • Address • Date of birth (if under 18) • GP and any health/medical information
What do I use this information for? This client information is used as contact and emergency contact information while you are in counselling. I collect age for under 18’s to assist me to know when clients will turn 18 for the storing of notes 7 yrs after a child turns 18.(see data retention section below)
Do I share/store your personal data? I only use your data in relation to the delivery of my services, and do not use it for marketing purposes or sell to third parties (unless you have consented for training event updates). There are very specific limited counselling and supervision reasons why I may need to share/process your data.
Legitimate interest 1. It may become necessary during our work together for me to break confidentiality for safeguarding reasons, serious harm to self or others, acts of terrorism or drug trafficking/money laundering. The personal data shared will be adequate and proportionate eg the minimum required. Your information may be shared with health professionals & emergency services as appropriate.
1. I may be required to share information in your notes if I am issued with a court order.
2. I keep anonymous notes from our sessions in line with the requirements of my professional insurance and the limitation act. Special category data 9 (f) processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
How long do I keep your information? (Data retention schedule):
1. If you choose not to continue with counselling or supervision after your initial session your information will be shredded/disposed of 2 weeks after.
2. If you choose to continue with counselling or supervision, I keep client/supervision notes that are anonymous and separately name/email address for 7 years after your last session in line with the requirements of my professional insurance. For under 18’s name/contact and anonymous notes will be kept for 7 years after the age of 18 is reached. All information is stored as confidential data in locked storage, password protected document or encrypted memory stick and destroyed at the end of the data retention period as confidential waste.
Your rights under GDPR: • Right to be informed, • Right to access (you can request to see information I hold about you) • Right of rectification, • Right to erasure, Not applicable to lawful reason legal obligation • Right to restrict processing, • Right to data portability, Not applicable to lawful reason legal obligation /legitimate interest • Right to object, Not applicable to lawful reason/ legal obligation • Rights related to automated decisions. It should be noted that the ICO says these are not all absolute rights:https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ If you have any concerns about how I have used your data you can discuss it with me in the first instance if you feel able to. My contact details firstname.lastname@example.org