,_,Privacy Policy  

Information Commissioners Office (ICO) Registration Reference:  ZB290603 

Data controller and processor: Rebecca Ashton Counselling Service (RACS) 

Data subjects: Clients/Volunteers/Trainees/Employees 

This policy is written to provide transparent information regarding how RACS control and process personal data.  To find out more about General Data Protection Regulations (GDPR) and your rights, please go to https://ico.org.uk/for-the-public/  or https://ico.org.uk/global/contact-us/  

 

The Service 

RACS provides personal counselling and support by private contract to clients. The counselling agreement is between RACS and the client. Some counselling agreements involve a third party, for example, where parents have brought their child to counselling and fund the counselling, or where a third party such as human resources, a local authority or private health care company request and fund counselling. 

Data Collection Points 

Enquiries to RACS are received via a number of channels, in person, telephone, via social media, the contact form on my website or email. Initial enquiries usually contain some personal information such as names, emails, and telephone numbers.  Emails via my marketing on the Psychology Today website, are sent by clicking a link which opens an email in your own browser/system or direct contact independent of these methods.  RACS has a presence on LinkedIn and Facebook. If you engage with me via this platform I will not usually collect or store your personal data. Where I am collecting personal data for future use, I will let you know and provide you with details about the intended use. To find out how these companies use your data and how you can control the way they use your data please refer to their privacy policies, which should be available on their websites. Other data is collected at initial meetings and following each counselling, therapy or support session. 

Data Collection & Processing, What Information and Why Do I Process It? 

Any client data collected and/or retained by RACS (including personal information) is solely processed in order to make relevant contact with and provide counselling, therapy and support services to clients and to keep stakeholders, services and organisations informed of service updates.  

Personal Information Collected/Processed; 

Full name 

Date of birth 

Postcode 

Email address 

Telephone number 

GP name and address 

Emergency contact details 

Other Information Collected/Processed Regarding Clients/Attendees; 

Brief session notes made in anonymised form, identifiable only by unique client codes. 

Anonymised monitoring information, identifiable by unique client codes 

Text messages 

Emails 

Feedback Forms 

Third Party Data Collection & Processing 

The Psychology Today directory provides robust information regarding their privacy policies and any processing of personal data to all users which can be found at https://www.psychologytoday.com/gb/privacy-policy    

RACs website is hosted by Digital Dragons. Your information will be shared with Digital Dragons via the Digital Dragons tools.  For more information about how and why Digital Dragons collect and share information please see https://digitaldragons.co.uk/privacy-policy/  

Online counselling sessions can be video or text based and are delivered via Signal. Please follow the links for more information on Signal and their terms and privacy policy. 

https://signal.org/legal/  

https://signal.org/legal/#privacy-policy  

For digital downloads from the store, if you choose to save your payment details, the information is held on Stripe servers, not RACS. You will need to contact them direct if you wish for the information to be removed. You can find Stripe’s Privacy Policy here;

https://stripe.com/en-gb/privacy

Data Storage, Retention & Disposal 

RACS store minimal paper records, including personal information in locked storage and electronic information in password protected and encrypted format (including email, telephone numbers and text). The majority of personal data is held electronically.  For insurance purposes, data is held for a maximum of 6 years after client’s last intervention with RACS. After this time, data is then disposed of securely and confidentially. (Paper records will be shredded, digital records will not be archived and will be deleted). 

Data Sharing 

It is rare that any personal information would be shared. As a BACP (British Association of Counselling and Psychotherapy) registered counsellor, anonymised client information is shared with professional supervisors (a requirement of registration) in order to maximise service provision to clients. Personal information will not be shared with any other party without prior client consent, with the exception where RACS believe that not sharing the information would result in the risk of harm to clients or any other person or if there is a legal requirement to do so. This would be discussed with you first where possible. 

Service Agreements 

All clients proceeding with counselling/therapy/support are required to consent in writing to both the parameters of counselling and data collection within a service agreement. This agreement sets out elements of the contract with a detailed privacy statement prior to a section where personal data is collected. 

Parents are requested to provide their consent to their children entering the service agreement and required to consent to their own data being processed as detailed, however, this does not mean that they will be receive any other information that the client discloses during the course of their sessions, in line with data-sharing above. 

Where another type of third party is involved, unless we gather personal information pertaining to themselves, they will not be required to provide their consent, any information shared regarding the client (other than attendance information) will be subject to clients’ providing consent. 

Photography and Filming 

If you attend an event or take part in a promotional activity, I may ask to take your photograph or film you. Any images I hold, whether in still photographs or video, may be covered by the definition of personal data in the UK GDPR. I will need your consent in order to take and use these images fairly and lawfully. I will ask you to complete a form. 

Filming 

I may record events for use in an online video library, publicity and marketing materials, including use on my website. This filming will primarily focus on the event speakers/facilitators (with whom I always have contracts covering data protection), however, it may include some shots of the audience. By attending these events you are deemed to have consented to your inclusion in these recordings. If you don’t want to be included in any recording it is your responsibility to tell the cameraman at the event before filming starts. There should be signs at the event telling you about the filming and what to do if you don’t wish to be filmed. 

Volunteering 

Volunteers carry out various roles. I collect only information that I need for volunteers. Information is retained for the duration of their volunteering and only retained for longer if I have a legitimate reason to do so. 

I do not collect more information than I need to fulfil my stated purposes and will not retain it for longer than is necessary. I will use the contact details you provide as a volunteer to contact you during your association with me. I will use the other information you provide to assess your suitability for the role you’ve applied for, including a declaration of interests. 

Your Rights 

Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018), you have rights as a data subject which you can exercise in relation to the information that I hold about you. You can read more about these rights on the ICO’s website. https://ico.org.uk/your-data-matters/  

I aim to be as open as possible in terms of giving people access to their personal information. You can find out if I hold any personal information about you by making a ‘subject access request’ under the UK GDPR. If I do hold information about you, I will: 

Give you a description of it 

Tell you why I am holding it 

Tell you who it could be disclosed to 

Let you have a copy of the information in an intelligible form 

If you agree, I’ll try to deal with your request informally. 

Please be aware that I may withhold information from you or provide you with redacted documents in line with exemptions in appropriate legislation.  

The UK GDPR also gives you the right to have the data I hold about you deleted in some circumstances. This is called the ‘right to erasure’ or the ‘right to be forgotten’. The right applies in the following circumstances: 

I no longer need your data 

You originally provided consent and have now withdrawn consent 

You have objected to the use of your data and your interests outweigh mine 

I have collected your data unlawfully 

I have a legal obligation to erase your data 

Please be aware that I am unlikely to delete financial transactional data, or anonymous equality and diversity data that is being retained in the public interest. 

If you would like to make a request, please do so at hello@rashtoncounselling.co.uk  Please note that details of your request, correspondence and a copy of any information disclosed will be held by RACS, this information will be used as evidence I have met my legal obligations. 

Data Breaches 

Where there has been a breach to RACS’s UK GDPR policy, for example data has been shared with a third party without consent or data has not been destroyed in a timely manner, the breach will be assessed and if required, reported to the ICO within 72 hours of coming to light. 

Changes to My Policy 

I may from time to time update our policy to reflect changes in my business. If any changes affect the data I hold about you I will inform you, and to give you the opportunity to opt out. I will ensure an up-to-date policy is always available. 

Cookies

This website uses the following cookies:

Calendly

Google Analytics (including _ga_TED6LETLQN) 

OneTrust (OptanonConsent)

CloudFlare   (__cf_bm, __cfruid) 

GDPR Cookie Consent (cookielawinfo-checkbox-advertisement, CookieLawInfoConsent, cookielawinfo-checkbox-others, cookielawinfo-checkbox-analytics, cookielawinfo-checkbox-performance, cookielawinfo-checkbox-functional, cookielawinfo-checkbox-necessary, viewed_cookie_policy)

JetPack (tk_qs, _ga_*, tk_lr, tk_r3d, tk_ai )

Stripe (_stripe_sid, _stripe_mid, m )