- I take the privacy of your information very seriously and this Privacy Notice is designed to tell you about my practices regarding the collection, use and disclosure of personal data which may be obtained via my website or other means including online forms, email, or phone.
- In this notice “you” refers to any individual whose personal data I hold or process (but it does not relate to personal data relating to employees or staff).
- In general, I provide counselling services. If I do provide such services to you, please note a separate “Privacy Notice for Clients” will apply and will be provided to you. I do not process personal data on a large scale, but I will hold and process personal data in order to supply my services and this privacy notice explains how I do so.
- This notice is governed by the EU General Data Protection Regulation (the “GDPR”), UK GDPR, Data Protection Act 2018 and any other applicable data or privacy legislation.
Categories of Personal Data and Legal Basis
- Below I have set out the categories of data I collect and how I process the data (for information about legal basis, please see below):
- I will hold contact information for users who have registered with me, such as name, email address and telephone number (for
authentication) (“Contact Information”) which I will use to provide my services and communicate with you;]
- I Process Contact Information on the basis of the performance of my contract with my client, on the basis of my legitimate interest in providing my services to my clients and users or in certain circumstances as may be necessary for compliance with a legal obligation to which I am subject.
- Generally, I will collect information directly from you. If I obtain your personal data from any other third party your privacy rights under this notice are not affected and you are still able to exercise the rights contained within this notice.
- You do not have to supply any personal data to me however in practice I may be unable to provide my services to you without personal data (for instance I will need contact information in order to communicate with you). You may withdraw my authority to process your personal data (or request that I restrict my processing) at any time but there are circumstances in which I may need to continue to process personal data (please see below) .
- My current data retention policy is to delete or destroy (to the extent I am able to) personal data in accordance with the following retention periods:
Information relating to my website users
I will hold information for registered and non-registered users for 7 years from the date on which I collect the data, or, if later, from the date
on which you cease to be a registered user.
- The retention periods stated in this notice can be prolonged or shortened as may be required.
- I review the personal data (and the categories of personal data) I hold on a regular basis to ensure the data I am holding is still relevant to my business and is accurate. If I discover that certain data I am holding is no longer necessary or accurate, I will take reasonable steps to correct or securely delete this data as may be required.
- If you wish to request that data I hold about you is amended or deleted, please see the section which explains your privacy rights.
Sharing your information
- I do not disclose any information you provide to any third parties other than as follows:
- From time to time I will transfer personal data to my sub-processors
- I may be required to disclose certain data to regulators or other lawful authorities;
- If I am under a duty to disclose or share your personal data in order to comply with any legal obligation (for example for the purposes of prevention of fraud or other crime);
- In order to enforce any terms and conditions or agreements for my services that may apply
- Other than as set out above, I shall not disclose any of your personal data unless you give me permission to do so. If I do supply your personal data to a third party, I will take reasonable steps to ensure that your privacy rights are protected and that third party complies with the terms of this notice.
- I will take all reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to safeguard the
information I collect from you and protect against unlawful access and accidental loss or damage. [These measures may include protecting
my servers with software firewalls; anti malware] Locating my data processing storage facilities in secure locations; Encrypting all data
stored on my server with an industry standard encryption method that encrypts the data between your computer and my server so that in
the event of your network being insecure no data is passed in a format that could be easily deciphered
- If you choose not to accept or disable certain cookies, this will not affect your access to the majority of information available on my website
however certain online services may not be available.
Your privacy rights
- With respect to your personal data, you have the right to:
- request that your personal data will not be processed;
- ask for a copy of any personal data that I have about you;
- request the correction of any errors in or update of the personal data that I have about you;
- request that your personal data will not be used to contact you for direct marketing purposes;
- request that your personal data will not be used for profiling purposes;
- request that your personal data will not be used to contact you at all;
- request that your personal data be transferred or exported to another organisation, or deleted from my records; or
- at any time, withdraw any permission you have given me to process your personal data.
- All requests or notifications in respect of your above rights may be sent to me in writing at the contact details listed below.
- I will endeavour to comply with such requests as soon as reasonably possible but in any event, I will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).
- If personal data I hold about you is subject to a breach or unauthorised disclosure or access, I will report this to the ICO as is deemed necessary.
- If a breach is likely to result in a high risk to your data rights and freedoms, I will notify you as soon as reasonably possible.
Transferring your information outside the UK or EEA
I will not transfer your personal data in a systematic way outside of the European Economic Area or UK
Notification of changes
I will post details of any changes to my privacy notice on my website. Please ensure you check the website regularly for any updates.
If at any time you would like to contact me with your views about my privacy practices, or with any enquiry or complaint relating to your
personal information or how it is handled, you can do so by contacting me at firstname.lastname@example.org
If I am unable to resolve any issues you may have or you would like to make a further complaint, you can contact the ICO by visiting
http://www.ico.org.uk/ for further assistance.
This wording was purchased from Private Practice Paperwork Ltd. and no part of it may be copied, shared or published elsewhere without
direct purchase and authorisation from their website.