I am registered with the ICO (Information Commissioners Office) and adhere to the General Data Protection Regulation (GDPR) which means I need to tell you what data I am collecting from you and what I intend to do with it.
COLLECTION AND USAGE OF YOUR PERSONAL DATA
- I collect personal and sensitive information about you (including name, address, email address, telephone numbers, GP/next of kin emergency details).
- I use the information to provide an effective counselling services, to contact you regarding sessions and to send you receipts and/or invoices.
- I keep short factual notes of our sessions and a record of attendance.
SHARING OF YOUR DATA
- I might share data if required by law, or if ordered to by a court or if you tell me about risk of serious harm to yourself or someone else.
- I have clinical supervision where I talk about my work, but I only use your first name.
- All payments are recorded in my accounts using your name and might be shared with HMRC if I am audited.
- If an Employee Assistance Programme (EAP) has referred you, factual notes and attendance details will be provided to the EAP.
STORAGE AND DISPOSAL OF DATA
- Most of my records are stored on paper in a locked cabinet. My financial accounts, email, mobile phone and diary system are all electronic and password protected.
- My insurer requires me to keep counselling session notes and your personal information for a period of seven years. After this time data will be destroyed.
- I will delete any data related to you from my mobile phone and email no later than one month after ending our counselling.
ACCESS TO OR CHANGE OF YOUR DATA
- You can make a subject access request in respect of your personal information held by me by making a request in writing. Once I receive the written request, I will respond within 14 days. If you were referred by an EAP, you should address the request directly to them.
- You may also request that inaccurate personal data is amended.
DATA PROTECTION COMPLAINTS OR CONCERNS
s a sole trader counselling practice, I take your privacy and data protections rights seriously. If you have any concerns about how I collect, store or use your personal data or session notes, please contact me directly in writing to: Siobhan@siobhan-toner.co.uk.
In accordance with data protection laws I will:
Acknowledge your complaint in writing within 30 days.
Investigate the matter thoroughly and respond to you without undue delay.
Provide you with a clear outcome and explain actions taken.
Please note that under current data protection laws you are required to resolve any data protection grievances directly with me first. If we are unable to resolve the issues together, you retain the right to escalate your complaint to the Information Commissioner’s Office (ICO) at www. ico.org.uk.
Website Data
Who we are
My website address is: https://www.siobhan-toner.co.uk.
What personal data we collect and why we collect it
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.