Your privacy is very important to us at Courage2Be Counselling Services and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to us. We adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
Introduction
This privacy notice tells you what we will do with your personal information from initial point of contact through to after your therapy has ended, including:
• Why we are able to process your information and what purpose we are processing it for
• Whether you have to provide it to us.
• How long we will store it for
• Whether there are other recipients of your personal information
• Whether we intend to transfer it to another country,
• Whether we do automated decision-making or profiling, and
• Your data protection rights.
Our Data Protection Lead is happy to answer any questions you might have about our data protection policy and you can contact them via email: janine@courage2be.co.uk. Mobile: 07887353151 or by post. The registered address is available upon request.
‘Data controller’ is the term used to describe the person/ organisation that collects and stores and has responsibility for people’s personal data. In this instance, the data controller on behalf of Courage2Be Counselling Services is Janine Hodge who is registered as founder of Courage2Be Counselling Services with the Information Commissioner’s Office Registration Number ZA536369.
Our lawful basis for holding and using your personal information
The GDPR states that Courage2Be Counselling services must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which we are processing your data. They are explained below:
If you have had therapy with the Lead Counsellor or partners of Courage2Be Counselling Services and it has now ended, we will use legitimate interest as our lawful basis for holding and using your personal information. If you are currently having therapy or if you are in contact with us to consider therapy, we will process your personal data where it is necessary for the performance of our contract. The GDPR also makes sure that we look after any sensitive personal information that you may disclose to us appropriately. This type of information is called ‘special category personal information. The lawful basis for us processing any special categories of personal information is that it is for the provision of health treatment (in this case counselling) and necessary for a contract with a health professional (in this case, a contract between Courage2Be Counselling Services and you).
How we use your information
Initial contact
When you contact us with an enquiry about Courage2Be Counselling Services we will collect information to help satisfy your enquiry. This will include your name, email address, phone number (optional) the content of your message, your preference in how we contact you and whether we have permission to leave a message on your voicemail. Alternatively, your GP or another health professional may send us your personal details when making a referral or a parent or trusted individual may give us your details when making an enquiry on your behalf. If you decide not to proceed, we will ensure that all of your personal data is deleted/securely destroyed, at the latest, 28 days, from the first day that the enquiry was received. If you would like us to delete this information sooner, then please let us know in writing by emailing the Data Controller using the email address – janine@courage2be.co.uk. If you would prefer to send this request via post then please phone or email us for the registered office address.
While you are accessing counselling
We have an ethical and moral responsibility to ensure that everything you discuss during therapy sessions remains confidential and we take this very seriously. However, there are a few exceptions that we are required to adhere to. Therefore, confidentiality will only ever be broken if it is believed that you are at significant risk of harm to yourself or others or where it is our legal duty to do so following a disclosure regarding money laundering or drug trafficking offences or if you disclose information about an act of terrorism. We will also be required legally to surrender any client notes if a judge or coroner make a legal order for their release. We will always try to speak to you about this first unless there are safeguarding issues or legal reasons that prevent this.
We will keep a record of your personal details to help the counselling services run smoothly. These details are kept securely in a locked filing cabinet seperate to any client notes and are not shared with any third party other than counselling partners of Courage2Be Counselling Services. We will keep very brief written notes of each session. These are kept in a locked filing cabinet separate from your personal information and will not be identifiable. For security reasons, your identity will be hidden on your counsellor’s phone as your phone number will be stored under an allocated code. Any text messages or emails between you and the company or counselling partners will be deleted no later than 28days after your therapy ends. However, if there is important and relevent information regarding your therapy contained in a text message or email then it will be screen shot, printed and filed in a locked filing cabinet as part of your client notes.
After counselling has ended
Once counselling has ended, your records will be kept for six years following the last session of our contract together. In line with ICO guidelines, Courage2Be Counselling Services believe that keeping your records for six years, is considered the ‘necessary’ time frame. Six years is the available time allocated for legal action, regarding a breach of contract, to be taken by you against Courage2Be Counselling Services, should this unlikely event occur. At the end of this time period, your records will be securely destroyed. If you would like your information deleted sooner than this, or if you require access to your information, then please refer to our Data Protection subject action request procedure.
Third party recipients of personal data
Courage2Be will sometimes share your personal data with partners of Courage2Be Counselling Services, for example, where after an Introduction/Consultation, you have requested to work with a specific counselling team member. Courage2Be have a contract with all partners of Couarge2Be Counselling Services which stipulates how your personal information is to be used and protected. Counselling Partners will only have access to your phone number, name and the information that you disclosed during your assessment in terms of your personal data. Please contact our Data Controller should you wish to see a copy of this contract.
JotForm
Courage2Be has created online forms to obtain permissions and necessary health-related information along with feedback on the counselling service experience. Forms include counselling contracts, a Covid-19 health check and feedback questionnaires. These forms have been created on the JotForm platform website. When you submit a form online, your data is emailed securely to Janine@courage2be.co.uk and is also securely stored privately on a U.S server. Please see Jotforms privacy and security policies for more information.
BacPac
Bacpac is the Client Management Platform where your clinical notes, personal information and medical questionnaire information will be stored. This software has been vetted by the NHS and the Ministery of Defense in terms of safety regarding the storage of Medical information and is widely used by professionals registered with the BACP. Please see Bacpac’s privacy and security policies for more information.
Your Rights
You have a right to ask us to delete your personal information, to limit how we use your personal information, or to stop processing your personal information. You also have a right to ask for a copy of any information that we hold about you and to object to the use of your personal data in some circumstances. You can read more about your rights at ico.org.uk/your-data-matters. If we do hold information about you we will:
• give you a description of it and where it came from;
• tell you why we are holding its, tell you how long I will store your data and how I made this decision;
• tell you who it could be disclosed to;
• let you have a copy of the information in an intelligible form.
You can also ask us at any time to correct any mistakes there may be in the personal information we hold about you. To make a request for any personal information we may hold about you, please refer to our Data Protection Subject Access Request procedure which informs you on how to go about this request. If you have any complaint about how we handle your personal data please do not hesitate to contact the Data Controller via post or email. We would welcome any suggestions for improving our data protection procedures. If you would like to make a formal complaint about the way we have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information please go to ico.org.uk/make-a-complaint.
Data Security
We take the security of the data we hold about you very seriously and as such we take every effort to make sure it is kept secure. As per Google’s privacy policy, the use of Google G Suite and email is encrypted and uses a 2 step verification. The company laptop’s hard drive is also encrypted through ‘Filevault.’ Phone numbers and information stored on mobile devices, whilst unidentifiable, also require the owners fingerprint for access to help ensure security in the unlikely event that a phone is stolen. We have separate filing cabinets for persoanl information and client notes, both of which are locked and the keys are held in a seperate location.
Visitors to Courage2Be Counselling Services website
When someone visits our website, we use a third party service, Google Analytics to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google Analytics to make, any attempt to find out the identities of those visiting our website. We use legitimate interests as our lawful basis for holding and using your personal information in this way when you visit this website. We use Google Analytics so that we can continually improve ou service to you, You can read Google analytics terms of service and privacy policy here . We use WordPress as the content management system for our website – find out more about WordPress and data protection. Like most websites we use cookies to help the site work more efficiently – find out about our use of cookies.
No user-specific data is collected by Courage2Be Counselling Services or any third party. If you fill in a form on this website, that data will be temporarily stored on the web host before being sent to us.
