Leicester Private Counselling Privacy Notice
This privacy notice makes clear how your personal data is collected, processed and stored securely to comply with the new GDPR law of 25th May 2018. It also covers your legal rights. This notice applies to counselling clients or potential clients only. Mindfulness clients need to refer to the Heart of Well Being Privacy Notice on: www.heartofwellbeing.co.uk
About me and Leicester Private Counselling
My name is Marina Broadley and I am the sole owner of Leicester Private Counselling. As such I am both the data controller and data processor. I am registered with the Information Commisioner's Office and my number is : ZA385327
I am contactable at:
Leicester Private Counselling
Natural Elements Clinic
28 Ratby Road
I ensure that only data that is ‘absolutely necessary for the completion of duties’ is processed and stored.
I ensure that your data is processed lawfully and fairly and in a transparent manner.
I ensure that your data is accurate and where necessary, kept up to date.
I ensure that your data is secure.
I ensure that your data is NOT kept longer than is absolutely necessary.
What kind of data is collected?
Data collected from a private individual (client or potential client):
For me to deliver the service I will need to collect your contact details. I will also record dates of attendance, location of attendance and fees paid. Additional data: You may choose to share (either verbally or in writing) data regarding your personal circumstances which may include sensitive data. IMPORTANT: I ONLY collect, process and store factual, objective data, e.g., miscarriage December 16, mother died January 18. This may include sensitive data. Any data you or anyone else chooses to share with me which is outside of this remit, such as subjective opinions, will not be processed and will be securely destroyed. Please note that use of the website contact form informs of your IP address.
Data collected from a business/organisation making a referral for counselling:
For me to deliver the service I will need to collect contact details of the organiser, contact details of the person being referred, address and contact details of paymaster, invoicing data, details of any specific requirements, e.g. ‘can only attend after 6pm’. I will also need to collect the reason for the referral for counselling. Additional data: The referrer may choose to share (either verbally or in writing) personal circumstances pertaining to the person being referred for counselling, which may include sensitive data. IMPORTANT: I ONLY collect, process and store factual, objective data, e.g., miscarriage December 16, mother died January 18. This may include sensitive data. Any data outside of this remit, such as subjective opinions, will be not be processed and will be securely destroyed. Please note that use of the website contact form informs of your IP address.
Data collected from general enquirers:
I will respond appropriately to enquires about the counselling service. Should you be enquiring in writing about counselling on behalf of someone other than yourself and share data about this person - I will securely destroy any personal data regarding the other person, following my response to you. Should the person choose to take up the service, I will inform them of what I already know, via you, a 3rd party. IMPORTANT: I ONLY collect, process and store factual, objective data, e.g., miscarriage December 16, mother died January 18. This may include sensitive data. Any data outside of this remit, such as subjective opinions, will be not be processed and will be securely destroyed. Please note that use of the website contact form informs of your IP address.
See separate notice on the website www.leicesterprivatecounselling.co.uk
How is data collected?
Data is collected in the following ways:
Online contact form via the webhost, PHD Interactive T/A WebHealer.
Online contact form via the Counselling Directory contact form.
By phone. By text. In person.
Data that you choose to disclose in the public arena such as the Leicester Private Counselling Facebook page is done so at your own discretion. I do not use the Facebook messaging platform – I have chosen to deactivate this system. Should you choose to contact me via my personal Fascebook messaging system, you do so at your own discretion.
How is data processed?
Your data is processed for the purpose of providing the service required and to notify you about changes to my service. That is, what is ‘absolutely necessary for the completion of duties’. This includes:
Paper: Internal record keeping of name and contact details, dates attended, fees paid, location attended. It may include health data and sensitive data should this be relevant and appropriate. This data is processed by use of a Unique Reference ID Number 3 Step Security System – and kept in a locked file.
Electronic: Emails, invoices
Is the data ever shared? Who else has access to data?
Privacy and confidentiality in counselling is paramount. I am the only person with access to your data, unless our work is presented in clinical supervision. I am required to attend clinical supervision with a more experienced practitioner on a regular basis. Your full name and contact data is not shared in supervision. However, it is possible that you could be identifiable. My clinical supervisor is Catherine Underwood
In addition to the above your data is will only ever be shared if I am required by UK law to do so. Examples include: your involvement in money laundering, drug trafficking, terrorism, serious harm to another, child protection, a court order.
What data is stored?
Our emails, hand written data of record keeping of name and contact details, dates attended, fees paid, location attended, invoicing data. In addition, factual health data, factual life event history and your personal circumstances, should this be relevant and appropriate.
How and where is it stored?
Electronic storage: To ensure secure processing and storage of your data I have upgraded my electronic security with DESLOCK ESET Endpoint Encryption. This means that data that is collected and stored electronically is protected from malicious hacking attempts and unauthorised access. It is also protected by strong password and security software such as firewall.
My website has been upgraded to SSL, which allows us to connect with each other via a secure connection - the way your browser connects to an online bank.
Paper storage: This data is processed using a Unique Reference ID Number 3 Step Security System – and kept in a locked file. It includes internal record keeping of name and contact details, dates attended, fees paid, location attended. It may include health data, factual personal history data and sensitive data should this be relevant and appropriate.
Why is it stored?
I keep client data in secure storage because the information is required to provide the counselling service effectively and to comply with HMRC law.
How long is it stored for?
Data is securely disposed of when it is no longer required for the purpose for which it was collected and retained. The law states that data must be current, up to date, relevant and NOT kept longer than is absolutely necessary.
There are different categories of data which are stored, or retained, for different time periods:
a. Client name, date of attendance, location, fee paid, invoices – stored for 7 years for HMRC legal and auditing purposes – paper records and / or electronic (encrypted)
b. Client and enquiry emails – stored for 6 months (encrypted) – electronic records
c. Unique Reference ID Number 3 Step Security System which may include: client history, circumstances, health and sensitive information – stored for 6 months following our last contact – paper records.
d. Invoicing data – stored for 7 years for HMRC legal and auditing purposes – (encrypted) – electronic records
How is data disposed?
Paper data. This is disposed of via confidential waste disposal company.
Electronic data is deleted.
Marketing and Informed Consent
There are no marketing activities to private individuals.
The right to erasure (the right to be forgotten)
The right to ask what is stored and why it is stored
The right to see your data (it belongs to you). You, as the subject, can request to see your data. The request, called a Subject Access Request must be made in writing. Identification evidence will be necessary. There is no charge and I respond within 30 days, in accordance with the law.
General but important
Links from this website to other websites: Please be aware that I am not responsible for the policies, data protection, or security of these linked web sites.
This Privacy Notice is a live document. Please come back as it will be reviewed regularly and updated if necessary.
I conduct my own risk assessment on a regular basis. I am selective about the minimal data I store and retain. If I don’t need it, I don’t have it.
Your data is yours. You are the owner. I consider my temporary use and storage of your personal data very carefully, and I promise that I will continue to do so.