This document outlines how Cathy Crammer Counselling will use any data held about you. The privacy of your personal information is important and as such it will only be used for the purpose for which it was provided to me. We adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
For any information you can contact: Cathy Crammer
In Writing: 2 Harbour Court, 2 Chaddesley Glen, Poole, BH13 7PE
Telephone: 07761 682726
Registered with the Information Commissioner’s Office [ICO:00014380757].
‘Data controller’ is the term used to describe the person/organisation that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is Cathy Crammer Counselling.
This privacy notice informs you of:
- the lawful basis for holding information
- how information is processed
- how long data is retained
- sensitive personal information
- your data subject rights
- complaints process
- data security
Lawful basis for holding information and how your information is processed
The GDPR states that we must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which we are processing your data. These will be:
We gather general information which might include which pages you visit most often, and which services, events or information is of most interest to you. We may also track which pages you visit when you click on links in emails from us. We also use “cookies” to help our site run effectively. We use this information to make improvements and to ensure we provide the best service and experience for you. It also assists with tracking activity/analytic. Wherever possible we use anonymous information which does not identify individual visitors to our website.
If you are considering counselling sessions, we will process your personal data where necessary for the performance of our potential contract together. When you initially make contact with an enquiry about counselling services, we will collect information to help satisfy your enquiry. This will include taking basic personal details such as name, address, date of birth, contact information, information about the nature of your enquiry and your GP’s details. Alternatively, your GP or another health professional may send me your details when making a referral or a parent or trusted individual may give me your details when making an enquiry on your behalf. If you decide not to proceed with our services, we will ensure all your personal data is deleted within 1 month. If you would like your information to be removed sooner, please do let me know by emailing email@example.com
If you are undertaking counselling sessions, we will process your personal data where it is necessary for our contract together. This will include at the start keeping a record of your personal details such as name, address, date of birth, contact information, information about the nature of your therapy and your GP’s details. It may also include sensitive personal information detailed below. Once counselling sessions begin, we will also keep brief anonymised electronic notes of each session. Information will be kept securely, password protected and not shared with any third parties unless requested by you.
We may communicate via email, text, WhatsApp to make arrangements for sessions. Messages via email, text or WhatsApp will be deleted within 1 month, unless we agree a legitimate reason to retain any information.
We may also communicate or run a session via Zoom which provides a secure platform. If we do this, we will send you a unique password and passcode for the session and your name will not be show in the invite. As such the session is anonymised and any information held in calendars will be retained electronically but will not hold your name details to protect confidentiality.
After Counselling Ends
Once your sessions have come to an end, we will use legitimate interest as the lawful basis for holding and using your personal information. Once sessions have ended the following data retention will apply:
Emails – deleted within 1 month
Text/WhatsApp Messages – deleted within 1 month
Electronic Notes – deleted within 1 month from the end of our contract.
Sensitive Personal Information
The GDPR and data protection laws recognises Sensitive Personal Information. This can include information about a persons’ health, race, ethnicity, sexual orientation, gender and religion. The lawful basis for me processing any special categories of personal information is that it is for provision of health treatment (in this case counselling) and necessary for a contract with a health professional (in this case, a contract between us).
Your data subject rights
Under the GDPR you have a number of rights in respect of personal information held about you as follows:
- A right to request a copy of information held about you: to make a request for any personal information held about you, please put the request in writing addressing it to: firstname.lastname@example.org or send to the address above.
- A right to object: you can object to the processing or restrict the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about yourparticular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact as noted above, providing details of your objection.
- To know if your information is shared with a 3rd party: counselling sessions are confidential, and your information will not ordinarily be shared with any 3rd The details of when confidentiality may be broken are contained in the Counselling Agreement (separate document). We will always aim to speak with you first but in the event of a safeguarding matter we will be required to share information with 3rd parties such as the safeguarding board, CAMHS, CMHTs, Emergency services, Multi Agency Safeguarding Hub and or GPs. Your information will never be sold or shared with another organisation so that they contact you for marketing activities. Your information will not be sold regarding web browsing activities.
- A right to access a copy of any automated processing activities: an automated decision-making activity is one when an electronic system uses personal information tomake a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given us your consent, it is necessary for a contract between you and us or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. We do not currently carry out any automated decision-making.
- A right to correct data held: if you feel any information is held incorrectly, you can make contact to amend this.
- A right to have all information erased: if you wish your information to be erased, you can make contact to do this.
- A right to have information transferred to another company or organisation: if you wish for your information to be shared with another organisation, you can make contact to do this.
- A right to request how information is processed and used: this is outlined above, but if you have any further questions please make contact.
You can read more about your rights at www.ico.org.uk/your-data-matters. If you wish to exercise any of these rights or find out more please email email@example.com or in writing to the address above.
If you have any complaint about how your personal data is handled, please do not hesitate to get in touch. We would welcome any suggestions for improving data protection procedures. If you wish to make a formal complaint about the way your personal information is processed, you can contact the Information Commissioner’s Office (ICO) which is the statutory body that oversees data protection law in the UK. For more information go to www.ico.org.uk/make-a-complaint
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. When you visit the website, it may collect information from you automatically through cookies or similar technology. For further information you can visit www.allaboutcookies.org
- Keeping you signed in
- Analytics – understanding how you use our website
Cookies used are:
|Cookie Name||Expiration Time||Description|
|_ga||2 years||Used to distinguish users|
|_gid||24 hours||Used to distinguish users|
|_gat||1 minute||Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>|
|AMP_TOKEN||30 seconds to 1 year||Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.|
|_gac_<property-id>||90 days||Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.|
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet the GDPR compliance requirement.