Introduction
Your privacy is very important to me and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me. I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
This privacy notice tells you what I will do with your personal information from initial point of contact through to after your therapy has ended, including:
• Why I am able to process your information and what purpose I am processing it for
• Whether you have to provide it to me
• How long I store it for
• Whether there are other recipients of your personal information
• Whether I intend to transfer it to another country,
• Whether I do automated decision-making or profiling, and
• Your data protection rights.
I am happy to chat through any questions you might have about my data protection policy and you can contact me via email : carolyn@hopetotransform.co.uk
‘Data controller’ is the term used to describe the person/ organisation that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is
me.
I am registered with the Information Commissioner’s Office [Insert registration Number]
My contact details:
Name: Carolyn Costello
email: carolyn@hopetotransform.co.uk
My lawful basis for holding and using your personal information
The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. I have explained these below:
If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information.
If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract.
The GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is that it is for provision of health treatment (in this case counselling) and necessary for a contract with a health professional (in this case, a contract between me and you)
How I collect your information
I will collect personal information from you when you, or your organisation, enquire about my activities, make a self-referral to one of the counselling, coaching, or support services or request information to be sent to you about group retreats.
This may include your name, title, email address, physical address and telephone numbers. For those seeking counselling and/or support I may ask for more sensitive information during the initial consultation process in order to provide you with the appropriate level of help to meet your specific requirements. The required information will be captured during telephone conversations, email exchanges and face-to-face interviews in person or online. If you fill in a form on my website, that data will be temporarily stored on the web host before being sent to me.
How I use your information
Initial contact
When you contact me with an enquiry about my counselling or coaching services, I will collect information to help me satisfy your enquiry. This will include your name, a brief outline of what you are hoping to explore, your email address and phone.
Alternatively, your GP or other health professional may send me your details when making a referral or a parent or trusted individual may give me your details when making an enquiry on your behalf.
If you decide not to proceed, I will ensure all your personal data is deleted within 1 month. If you would like me to delete this information sooner, just let me know.
Initial Consultation
When you have your first session to explore about my counselling or coaching services, I will collect further information to help me determine if my services are appropriate for you. This will include your name, location, age, a brief outline of presenting issues, any medication you declare you are taking, a mood score if that was undertaken in our discussion.
If you decide not to proceed further, I will ensure all your personal data is deleted within 1 month. If you would like me to delete this information sooner, just let me know.
While you are accessing counselling
Rest assured that everything you discuss with me is confidential. That confidentiality will only be broken if a boundary or limit to confidentiality occurs. I will always try to speak to you about this first, unless there are safeguarding issues that prevent this.
The boundaries and limits to confidentiality for counselling are:
- Supervision
As a member of a professional body, counsellors are required to attend one to one and/or group supervision, to ensure that you receive the best ethical service. Your personal details will not be given to supervisors or shared with a supervision group and anything discussed in supervision will be treated in confidence.
- Risk or Harm
If I felt you, or others, seem to be in danger or at serious risk of harm or neglect, I may be obliged to break confidentiality. I would aim to discuss this with you in the first instance, however, if circumstances were such that there was immediate danger or risk, I reserve the right to break confidentiality without prior notice.
- Legal Matters.
If you are subject to legal proceedings, your confidential counselling records, or a report may be requested by your legal representatives, with your written consent. If court orders are received however, I would be required to adhere to the order, without written consent from you.
I would be required to report to the police if you infer involvement in or knowledge of an act of terrorism or of money laundering or if you infer knowledge of or involvement in drugs trafficking.
Record keeping while you are accessing counselling
I will keep a record of your personal details to help the counselling services run smoothly. These details are kept securely on a password protected electronic data stick and are not shared with any third party.
I may keep written processing notes to support your therapy and will keep a written log of all sessions (Client code / Date /Time / Attendance /brief session summary). All written notes are kept securely in a locked filing cabinet. They are identified by an assigned client key, rather than your name, to protect your personal information.
For security reasons I do not retain text messages for more than 1 month. If there is relevant information contained in a text message I will print the content and store this with your written notes. Identifiers will be redacted prior to printing.
Likewise, any email correspondence will be deleted after 1 month unless it informs your therapy. In that case, I will print the content and store this with your written notes before deletion. Identifiers will be redacted prior to printing.
If you undertake email counselling that will be delivered through an encrypted service to protect any sensitive personal information. These emails will be deleted 1 month after the counselling contract has come to an end.
To help the counselling process run smoothly, if you are accessing counselling on the phone or online, your phone number and/or email contact details may be stored in the contacts of my PIN protected counselling phone and password protected business email account. This enables me to associate any communication you may send me to your unique client ID and to send you information relevant to your counselling.
After counselling has ended
Once counselling has ended, any handwritten processing notes will be destroyed, and your contact details will be removed from my phone and email account, within 1 calendar month of the end of our contract
Your counselling records will be kept for 5 years from the end of our contract with each other and then securely destroyed. If you want me to delete your information sooner than this, please tell me.
Third party recipients of personal data
I sometimes share personal data with third parties, for example, where I have contracted with a supplier to carry out specific tasks. In such cases I have carefully selected which partners I work with. I take great care to ensure that I have a contract with the third party that states what they are allowed to do with the data I share with them. I ensure that they do not use your information in any way other than the task for which they have been contracted.
| Third Party | Data Type | Purpose |
| Quickbooks- Intuit | Name, email |
Invoicing if required. Reporting of Accounts |
| HMRC | Financial Transactions | Tax return |
| Microsoft Office 365 | Name, email | Contact record during counselling contract |
Data Security
I take the security of the data I hold about you very seriously and as such I take reasonable precautions to prevent the loss, misuse or alteration of information you give me, and have robust processes in place to ensure we comply fully with the provisions of the Data Protection Act 2018. My filing cabinet is locked and only I hold a key. I use password and PIN protected devices and sites.
Communications in connection with managing counselling services may be sent by e-mail. For ease of use and compatibility, communications (other than payments where applicable) will not be sent in an encrypted form unless you require it and provide the certification to enable me to communicate with you in that way.
If you undertake email counselling that will be delivered through an encrypted service to protect any sensitive personal information.
Additional information for website users
Visitors to my website
I do not use cookies on website to track what you are browsing, so you can browse freely without worrying about what information about your visit to the website may be captured. I will not know you have visited us.
The forms on the website simply pass the information you enter to the designated email address. No personal information is stored on the site.
My website is hosted by mello-hosts.co.uk. I use WordPress and Divi from Elegant Themes as the content management systems for my website. I do not make, and do not allow these companies to make, any attempt to find out the identities of those visiting my website. I have checked their DPA’s and am satisfied that they do not capture your personal information.
I use legitimate interests as my lawful basis for holding and using your personal information in this way when you visit my website.
No user-specific data is collected by me or any third party. If you fill in a form on my website, that data will be temporarily stored on the web host before being sent to me
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Your rights
I try to be as open as I can be in terms of giving people access to their personal information. You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop processing your personal information. You also have a right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances. You can read more about your rights at ico.org.uk/your-data-matters.
If I do hold information about you I will:
- give you a description of it and where it came from;
- tell you why I am holding its, tell you how long I will store your data and how I made this decision;
- tell you who it could be disclosed to;
- let you have a copy of the information in an intelligible form.
You can also ask me at any time to correct any mistakes there may be in the personal information I hold about you.
To make a request for any personal information I may hold about you, please put the request in writing addressing it to carolyn@hopetotransform.co.uk. I will not release your information to you without determining proof of identity.
If you have any complaint about how I handle your personal data please do not hesitate to get in touch with me by writing or emailing to the contact details given above. I would welcome any suggestions for improving my data protection procedures.
If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Privacy Policy Specifically relating to POSTING Comments to the BLOG POSTS
Our website address is: https://hopetotransform.co.uk.
What personal data we collect and why we collect it
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
Who we share your data with
If you request a password reset, your IP address will be included in the reset email.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.