Privacy Notice
Introduction
Your privacy is very important to us and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to us. We adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
This privacy notice tells you what we will do with your personal information from initial point of contact through to after your therapy has ended, including:
​
-
Why we are able to process your information and what purpose we are processing it for
-
Whether you have to provide it to us
-
How long we store it for
-
Whether there are other recipients of your personal information
-
Whether we intend to transfer it to another country,
-
Whether we do automated decision-making or profiling, and
-
Your data protection rights.
We are happy to chat through any questions you might have about our data protection policy and you can contact us at info@springvalewellbeing.co.uk.
‘Data controller’ is the term used to describe the person/ organisation that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is Dr Heather Grace Bond.
Heather is registered with the Information Commissioner’s Office [Registration: ZB075360]. The postal address is: 18 Lethame Rd, Strathaven, ML10 6AD. Heather's email address is: heather@springvalewellbeing.co.uk.
Our lawful basis for holding and using your personal information
The GDPR states that we must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which we are processing your data. I have explained these below:
If you have had therapy with us and it has now ended, we will use legitimate interest as our lawful basis for holding and using your personal information.
If you are currently having therapy or if you are in contact with us to consider therapy, we will process your personal data where it is necessary for the performance of our contract.
The GDPR also makes sure that we look after any sensitive personal information that you may disclose to us appropriately. This type of information is called ‘special category personal information’. The lawful basis for us processing any special categories of personal information is that it is for provision of health treatment (in this case counselling) and necessary for a contract with a health professional (in this case, a contract between you and us).
How we use your information
Initial Contact
When you contact us with an enquiry about our services we will collect information to help us satisfy your enquiry. This will include gathering your full name, email address and mobile number as well as some general information about the issue(s) you would like help with. Alternatively, your GP or other health professional may send us your details when making a referral or a parent or trusted individual may give us your details when making an enquiry on your behalf. If you decide not to proceed we will ensure all your personal data is deleted within six months. If you would like us to delete this information sooner, just let us know.
While You Are Accessing Counselling
Rest assured that everything you discuss with us is confidential. That confidentiality will only be broken under the following circumstances:
​
-
When your counsellor thinks there is a serious risk of harm to yourself or others,
-
your counsellor cannot contact you but suspects you are in danger. For example, if you had not been seen for several days and colleagues and friends felt concerned, your counsellor may disclose information without your agreement.
-
Where there is a legal requirement to disclose information. This could be because it has been ordered by a court, or because the law requires, for example under the Terrorism Act 2000 or the Drug Trafficking Offences Act 1986, for information to be passed on without consent.
​​
In the first and second of these cases, your counsellor would attempt to talk this through with you first, unless there are safeguarding issues that prevent this.
We will keep a record of your personal details to help the counselling services run smoothly. These details are kept securely using Power Diary practice-management software and are not shared with any third party.
We will keep written notes of each session, these are kept securely in Power Diary. For security reasons we do not retain text messages for more than 3 months. If there is relevant information contained in a text message we will attach it as an admin note to your client record and then delete the text message. Likewise, any email correspondence will be deleted after 3 months if it is not important. If an email you send contains important information then we will attach its contents as an admin note to your client record and then delete the email.
After Counselling Has Ended
Our policy is to keep minimal notes and records. Session notes record the dates and times that sessions were held, and themes discussed. Notes are encrypted and secured via Power Diary, which is the software service provider that we use for practice management.
​
The BACP’s Ethical Framework for the Counselling Professions commits members to working to professional standards, stating: ‘We will keep accurate records that are adequate, relevant and limited to what is necessary for the type of service being provided and comply with the applicable data protection requirements.’
​
In practice, for those aged over 16 at the time of using our services, we retain clinical notes for a period of 7 years (the length of time required by our insurers), after which time they are deleted.
​
For those aged under 16 at the time of using any of our services, we retain client notes indefinitely, since the notes can be requested in the event of any legal proceedings, for which there is no statute of limitations.
Your rights
We aim to be as open as possible in terms of giving people access to their personal information. You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop processing your personal information. You also have a right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances. You can read more about your rights at ico.org.uk/your-data-matters.
If I do hold information about you I will:
-
give you a description of it and where it came from;
-
tell you why I am holding its, tell you how long I will store your data and how I made this decision;
-
tell you who it could be disclosed to;
-
let you have a copy of the information in an intelligible form.
You can also ask me at any time to correct any mistakes there may be in the personal information I hold about you. To make a request for any personal information I may hold about you, please put the request in writing addressing it to info@springvalewellbeing.co.uk. We will provide a copy of all information that we hold within 4 weeks.
Parents/carers, please note that this does not necessarily apply to requests for information we hold on your child. If we deem your child to have the capacity to consent to entering into a counselling contract with us (this is usually around high school age) then, whilst our financial contract is with you (i.e. you agree to pay for services rendered), our therapeutic contract is with them. This means that your child can request to see their data, and we will provide it to them, rather than directly to you. If we deem that your child does not have the capacity to consent to entering into a counselling contract (this would usually apply to our Therapeutic Play service) then you can request to see your child's notes, but please be aware that this may not be in the best interests of your child since it can limit therapeutic progress if the child comes to understand that what they do or say in the play room isn't confidential.
If you have any complaint about how we handle your personal data please do not hesitate to get in touch with us by emailing the contact details given above. If you want to make a formal complaint about the way we have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint.
Data security
We take the security of the data we hold about you very seriously and as such we take every effort to make sure it is kept secure, which is why we use Power Diary as a central repository for all client information. Power Diary uses industry-standard encryption protocols and complies fully with UK GDPR regulations.
Visitors to the Website
When someone visits this website, we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make any attempt to find out the identities of those visiting the website. We use legitimate interests as our lawful basis for holding and using your personal information in this way when you visit our website. We use Google Analytics so that we can continually improve our service to you, You can read the Google Analytics privacy notice here.
We use Wix.com as the content management system for our website. Wix.com provides us with the online platform that allows us to inform you about our services as well as enquire about our services using forms. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall. Like most websites, Wix.com sites use cookies to help the site work more efficiently. Cookies are small pieces of data stored on a site visitor's browser. They are typically used to keep track of the settings users have selected and actions they have taken on a site.
If you fill in a form on our website, that data will be stored on the web host before being sent to us. We delete any form data held in the content management system within 3 months and your data is never sent to any third party.