Your privacy is very important and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given.
I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. This privacy notice tells you what we will do with your personal information from initial point of contact through to after your therapy has ended, including:

• Why I am able to process your information and what purpose we process it for

• Whether you have to provide it to me

• How long I store it for

• Whether there are other recipients of your personal information

• Whether I intend to transfer it to another country

• Whether I do automated decision-making or profiling, and

• Your data protection rights.

I am happy to chat through any questions you might have about this data protection policy and you can contact me via the website www.sarahgrantcounselling.co.uk. ‘Data controller’ is the term used to describe the person that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is Sarah Grant. I am registered with the Information Commissioner’s Office. My postal address is: 5 McEwan Drive, Helensburgh G84 9DU. My phone number is: 07761 157997. My email address is info@sarahgrantcounselling.co.uk.

WHAT THE LAW SAYS ABOUT PROCESSING PERSONAL DATA
The GDPR states that there must be a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which we are processing your data. These are explained below:
If you have had therapy with me and it has now ended, I will use legitimate interest as the lawful basis for holding and using your personal information.

If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract.

The GDPR also makes sure that any sensitive personal information that you may disclose to me is looked after appropriately. This type of information is called ‘special category personal information’. The lawful basis for processing any special categories of personal information is that it is for provision of health treatment (in this case counselling) and necessary for a contract with a health professional (in this case, a contract between our counsellor and you).

HOW YOUR PERSONAL DATA IS USED
When you contact me with a query about a counselling service, I will collect information to help satisfy your enquiry. This will include name, address, contact details such as phone number and email address, GP information and a brief description of the issues to be addressed in counselling. Alternatively, your GP or other health professional may send me your details when making a referral or a parent or trusted individual may give me your details when making an enquiry on your behalf. If you decide not to proceed, I will ensure all your personal data is deleted within six calendar months. If you would like this information to be deleted sooner, please let me know.

WHILE YOU ARE ACCESSING COUNSELLING
Rest assured that everything we discuss is confidential and your privacy will be respected wherever possible. There may be situations when confidentiality has to be broken, however if this is the case, you will be involved at every step. These situations include the following; if your counsellor believes you are at risk to yourself or another; where you disclose information that a person under 18 is in danger or at risk from either yourself or another; instances related to UK law may require confidentiality to be broken; and if at any point during our counselling arrangement, you are in need of emergency support. In any of these instances your counsellor has a duty to share the information with relevant bodies including your GP or the emergency services. I will always try to speak to you about this first, unless there are safeguarding issues that prevent this.

A record of your personal details will be kept to facilitate the smooth operation the counselling service offered to you. These details are kept securely online in password protected devices and programmes including email, mobile telephones and any manual written records are kept securely in a locked and fireproof filing cabinet. None of your personal data is shared with any third party. For security reasons I do not retain text messages for more than three calendar months. If there is relevant information contained in a text message, I will transfer this to a written record stored as above. Likewise, any email correspondence will be deleted after three calendar months if it is not important. If necessary, I will take a hard copy and place with other written notes stored as above.

AFTER COUNSELLING HAS ENDED
Once counselling has ended your records will be kept for six years from the end of our contact with each other and are then securely destroyed. If you want your information deleted sooner than this, please tell let me know.

Sometimes personal data is shared with third parties, for example, where there is a supplier who has been contracted to carry out specific tasks. In such cases, any supplier contracted has been carefully chosen. Great care is taken to ensure that the contract with the third-party states what they are allowed to do with the data shared with them. I ensure that they do not use your information in any way other than the task for which they have been contracted.

These third parties include the following and you can find their privacy policies using the links below:

British Association for Counsellors and Psychotherapists – www.bacp.co.uk/privacy-notice
Psychology Today - www.psychologytoday.com/gb/privacy-policy


YOUR RIGHTS
I try to be as open as I can be in terms of giving people access to their personal information. You have a right to ask for your personal information to be deleted, to limit how your personal information is used, or to stop processing your personal information. You also have a right to ask for a copy of any information that is held about you and to object to the use of your personal data in some circumstances. You can read more about your rights at ico.org.uk/your-data-matters.

If I do hold information about you, I will:
give you a description of it and where it came from;
tell you why it is held, tell you how long your data will be stored and how this decision has been made;
tell you who it could be disclosed to;
let you have a copy of the information in an intelligible form.

You can also ask at any time to correct any mistakes there may be in the personal information that is held about you.

To make a request for any personal information that is held about you, please put the request in writing addressing it to Sarah Grant, email info@sarahgrantcounselling.co.uk

If you have any complaint about how your personal data is handled, please do not hesitate to get in touch with me by writing or emailing to the contact details given above. I would welcome any suggestions for improving these data protection procedures.

If you want to make a formal complaint about the manner in which your personal information has been processed, you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint

I take the security of the data held about you very seriously and as such take every effort to make sure it is kept secure. Password protection is used on any electronic data including email and text messages. All written or printed documentation is stored securely in a lockable and fireproof filing cabinet for which the key is kept securely.

DATA HELD ON MY WEBSITE
When someone visits the website, a third-party service is used - fasthosts.co.uk - to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Fasthosts to make any attempt to find out the identities of those visiting the website. Legitimate interests is used as the lawful basis for holding and using your personal information in this way when you visit our website. Fasthosts is used so that I can continually improve my service to you. You can read Fasthosts privacy notice at tinyurl.com/393rxcbu. Fasthosts is used as the content management system for the website.

Like most websites, cookies are used to help the site work more efficiently. No user-specific data is collected by or given to any third party. If you fill in a form on the website, that data will be temporarily stored on the web host before being sent to me.