Hinckley Counselling ... inspiring good health

Privacy Notice

This privacy notice makes clear how your personal data is collected, processed and stored securely to comply with the new GDPR law of 25th May 2018. It also covers your legal rights.

It is important to know that this Privacy Notice applies only to Marina Broadley, Practice Owner. I am registered with the Information Commisioner's Office and my number is : ZA385327. You will need to make direct contact with individual Independent Associates and other practitioners who work from the practice, should you wish to know their policies.

This notice applies to counselling clients, or potential clients, Independent Associates and practitioners hiring the consulting room. Mindfulness clients need to refer to the Heart of Well Being Privacy Notice on: www.heartofwellbeing.co.uk

About me and Hinckley Counselling

My name is Marina Broadley and I am the sole owner of Hinckley Counselling Health and Well Being. As such I am both the data controller and data processor.

I am contactable at:

Hinckley Counselling
The Atkins Building
Lower Bond Street
Hinckley LE10 1QU

07342 652090

[email protected]

I Ensure:

I ensure that only data that is ‘absolutely necessary for the completion of duties’ is processed and stored.

I ensure that your data is processed lawfully and fairly and in a transparent manner.

I ensure that your data is accurate and where necessary, kept up to date.

I ensure that your data is secure.

I ensure that your data is NOT kept longer than is absolutely necessary.


What kind of data is collected?

Data collected from a private individual (client or potential client):

For me to deliver the service I will need to collect your contact details. I will also record dates of attendance, location of attendance and fees paid. Additional data: You may choose to share (either verbally or in writing) data regarding your reasons for counselling, personal circumstances which may include sensitive data. IMPORTANT: I ONLY collect, process and store factual, objective data, e.g., miscarriage December 16, mother died January 18. This may include sensitive data. Any data you or anyone else chooses to share with me which is outside of this remit, such as subjective opinions, will not be processed and will be securely destroyed. Please note that use of the website contact form informs me of your IP address.

Data collected from a business/organisation making a referral for counselling:

For me to deliver the service I will need to collect contact details of the organiser, contact details of the person being referred, address and contact details of paymaster, invoicing data, details of any specific requirements, e.g. ‘can only attend after 6pm’. I will also need to collect the reason for the referral for counselling. Additional data: The referrer may choose to share (either verbally or in writing) personal circumstances pertaining to the person being referred for counselling, which may include sensitive data. IMPORTANT: I ONLY collect, process and store factual, objective data, e.g., miscarriage December 16, mother died January 18. This may include sensitive data. Any data outside of this remit, such as subjective opinions, will be not be processed and will be securely destroyed. Please note that use of the website contact form informs me of your IP address.

Data collected from general enquirers:

I will respond appropriately to enquires about the counselling service, becoming an independent associate, consulting room hire and other related enquiries. Should you be enquiring in writing about counselling on behalf of someone other than yourself and share data about this person - I will securely destroy any personal data regarding the other person, following my response to you. Should the person choose to take up the service, I will inform them of what I already know, via you, a 3rd party. IMPORTANT: I ONLY collect, process and store factual, objective data, e.g., miscarriage December 16, mother died January 18. This may include sensitive data. Any data outside of this remit, such as subjective opinions, will be not be processed and will be securely destroyed. Please note that use of the website contact form informs me of your IP address.

Data collected from Independent Associates and practitioners who hire the facilities:

I collect the contact details, address, and data about qualifications, regulatory bodies, insurers.

Data collected from Cookies:

See separate notice on the website www.hinckleycounselling.co.uk


How is data collected?

Data is collected in the following ways:

Direct email.

Online contact form via the webhost, PHD Interactive T/A WebHealer. The online contact form on this website is received by myself, Marina Broadley only. I have upgraded my electronic security with DESLOCK ESET Endpoint Encryption. From 25th May 2018 I will not be forwarding your data to an Independent Associate. Should you wish to contact an Independent Associates via this method I will reply with their contact data. You will also find their direct contact data on the website page 'Meet and Contact the Counsellors'.

Online contact form via the Counselling Directory contact form.

By phone. By text. In person.

Data that you choose to disclose in the public arena such as the Hinckley Counselling Facebook page is done so at your own discretion. I do not use the Facebook messaging platform – I have chosen to deactivate this system. If you choose to contact me via my personal Facebook messaging system, this is at your own discretion.

How is data processed?

Counselling Clients: Your data is processed for the purpose of providing the service required and to notify you about changes to my service. That is, what is ‘absolutely necessary for the completion of duties’. This includes:

Paper: Internal record keeping of name and contact details, dates attended, fees paid, location attended. It may include reasons for counselling, health data and sensitive data should this be relevant and appropriate. This data is processed by use of a Unique Reference ID Number 3 Step Security System – and kept in a locked file.

Electronic: Emails, invoices

Independent Associates and other practitioners: Your data is processed for the purpose of providing the service required. That is, what is ‘absolutely necessary for the completion of duties’. This includes:

Paper: Contact details and address, copies of qualification, insurer, regulatory body. Dates and numbers of room hire hours.

Electronic: Emails, invoices


Is the data ever shared? Who else has access to data?

Counselling Clients: Privacy and confidentiality in counselling is paramount. I am the only person with access to your data, unless our work is presented in clinical supervision. I am required to attend clinical supervision with a more experienced practitioner on a regular basis. Your full name and contact data is not shared in supervision. However, it is possible that you could be identifiable. My clinical supervisor is Catherine Underwood

In addition to the above your data is will only ever be shared if I am required by UK law to do so. Examples include: your involvement in money laundering, drug trafficking, terrorism, serious harm to another, child protection, a court order.

What data is stored?

Our emails, hand written data of record keeping of name and contact details, dates attended, fees paid, location attended, invoicing data. In addition, reasons for counselling, factual health data, factual life event history and your personal circumstances, should this be relevant and appropriate.

How and where is it stored?

Electronic storage: To ensure secure processing and storage of your data I have upgraded my electronic security with DESLOCK ESET Endpoint Encryption. This means that data that is collected and stored electronically is protected from malicious hacking attempts and unauthorised access. It is also protected by strong password and security software such as firewall.

My website has been upgraded to SSL, which allows us to connect with each other via a secure connection - the way your browser connects to an online bank.

Paper storage: This data is processed using a Unique Reference ID Number 3 Step Security System – and kept in a locked file. It includes internal record keeping of name and contact details, dates attended, fees paid, location attended. It may include reasons for counselling, health data, factual personal history data and sensitive data should this be relevant and appropriate.

Why is it stored?

I keep client data in secure storage because the information is required to provide the services professionally, effectively and to comply with HMRC law.

How long is it stored for?

Data is securely disposed of when it is no longer required for the purpose for which it was collected and retained. The law states that data must be current, up to date, relevant and NOT kept longer than is absolutely necessary.

There are different categories of data which are stored, or retained, for different time periods:

a. Client name, date of attendance, location, fee paid, invoices – stored for 7 years for HMRC legal and auditing purposes – paper records and/or electronic (encrypted)

b. Client and enquiry emails – stored for 6 months (encrypted) – electronic records

c. Unique Reference ID Number 3 Step Security System which may include: reasons for counselling, client history, circumstances, health and sensitive information – stored for 6 months following our last contact – paper records.

d. Invoicing data – stored for 7 years for HMRC legal and auditing purposes – (encrypted) – electronic records

e. Independent Associate and other hiring practitioners – stored until the termination of the agreement - (encrypted) – electronic, and paper records.

How is data disposed?

Paper data. This is disposed of via confidential waste disposal company.

Electronic data is deleted.

Marketing and Informed Consent

There are no marketing activities to private individuals.

Your rights

You have:

The right to erasure (the right to be forgotten).

The right to ask what is stored and why it is stored.

The right to see your data (it belongs to you). You, as the subject, can request to see your data. The request, called a Subject Access Request must be made in writing. Identification evidence will be necessary. There is no charge and I respond within 30 days, in accordance with the law.

General but important

Links from this website to other websites: Please be aware that I am not responsible for the policies, data protection, or security of these linked web sites.

This Privacy Notice is a live document. Please come back as it will be reviewed regularly and updated if necessary.

I conduct my own risk assessment on a regular basis. I am selective about the minimal data I store and retain. If I don’t need it, I don’t have it.

Your data is yours. You are the owner. I consider my temporary use and storage of your personal data very carefully, and I promise that I will continue to do so.

Thank you.
Marina Broadley




click
©2018 Hinckley Counselling is powered by WebHealer
Website Cookies   Privacy Policy   Admin Login