Privacy Policy for

Melanie Hudson Counselling & Psychotherapy

 

1.0 Data Controller Information

2.0 Policy Purpose

3.0 Framework for handling personal data

4.0 Your information

4.1 Information Collected

4.2 What the information collected is used for

4.3 Confidentiality and limitations to this

5.0 Visiting the website www.melaniehudson.co.uk

5.1 Website details

5.2 How information collected when visiting www.melaniehudson.co.uk

5.3 The Website Contact Form

5.4 Cookies:

5.4.1 What are cookies?

5.4.2 Information that cookies collect

5.4.3 How to opt out of cookies

5.4.4 Accessing other websites

6.0 Information stored outside of the EU:

6.1 Email

6.2 Contact form on www.melaniehudson.co.uk

6.3 Analytics Cookie information

6.4 Information on EU-US Privacy Shield Framework

7.0 Social Media

8.0 Retention of Data Policy

9.0 Data Processing

9.1 Reasons for processing data

9.2 Legal Basis Summary

10.0 Your Rights

 10.1 Right to be Informed:

 10.2 Right of Access

 10.3 Right to rectification

 10.4 Right to Erasure or ‘the right to be forgotten’

 10.5 Right to restrict processing

 10.6 The Right to Data Portability

 10.7 Right to Object

10.8 More information on your Rights

11.0 Concerns

 

1.0 Data Controller Information

Data Controller: Melanie Hudson Counselling & Psychotherapy

Contact Details:


 

2.0 Policy Purpose

This document has been created to:

  • Inform anyone accessing the services of Melanie Hudson Counselling & Psychotherapy as to: what personal information is being collected about them; the reasons for doing so and how this data is used;
  • Protect and maintain the privacy of anyone contacting or accessing this service and any limitations to an individual's confidentiality;
  • To ensure the rights and freedom of personal data (Article 1) of anyone contacting or accessing the services of Melanie Hudson Counselling & Psychotherapy.

 

3.0 Framework for handling personal data

  • Any alterations to the business of Melanie Hudson Counselling & Psychotherapy will be carefully planned and reviewed to ensure any risks to personal data are minimised;
  • Any data collected is used for the purposes of: responding to potential clients; providing a service to clients that are accessing this services and for and the running of this business;
  • Exceptions to confidentiality are communicated clearly to clients in the first session;
  • Any technology used for the communication or storage of personal information is retained in accordance with the Data Retention Policy in Section 7.0;
  • All technology where personal and confidential information is stored or processed is password protected;
  • All paper based information is retained in accordance with the Data Retention Policy in Section 7.0;
  • Any paper records are secured in a locked filing cabinet when not in use;
  • Data is identifiable, locatable, retrievable and intelligible;
  • The Data Controller is the person responsible for ensuring adherence to the GDPR;
  • Any data breaches will be dealt with as per regulations stated under Article 33 of the GDPR. This includes taking action to mitigate any issues this may cause and reporting any breaches to the ICO within 72 hours of this occurring.

 

4.0 Your information

4.1 Information Collected    

  • Contact details;
  • Appointment date and times;
  • Your social & economic circumstances;
  • Employment status;
  • Lifestyle, social or family circumstances;
  • Physical and/or mental health details;
  • Your racial or ethnic origin;
  • Religious or beliefs;
  • Criminal or alleged crimes;
  • Clients names on my bank statements if the client paid by bank transfer;
  • IP address;
  • How you interact with my www.melaniehudson.co.uk.

 

4.2 What the information collected is used for

Client information may be used:

  • To respond to enquiries from clients or potential clients;
  • To provide information to a client or a potential client;
  • To carry out the contract agreed between myself and a client;
  • To contact clients with regards appointments and to respond to any service feedback;
  • To inform clients about any changes to the service that might  impact them or the use of their data;
  • For a waiting list for potential clients who consent to be added to this;
  • To identify and protect those at risk of harm or abuse;
  • To maintain accurate records and accounts;
  • To meet statutory obligations, for example by insurers and professional bodies;
  • To show compliance to GDPR, BACP Ethical Framework, HRMC and insurers;
  • For supervision;
  • To administer and improve the website www.melaniehudson.co.uk;
  • To advertise Melanie Hudson Counselling & Psychotherapy;
  • To aid training and development.

 

4.3 Confidentiality and limitations to this

Whilst Melanie Hudson Counselling & Psychotherapy aims to protect the confidentiality of her clients and potential clients, there may be times when information needs to be shared with others:

  • If there was a requirement to do so by law - This could involve sharing information with the legal authorities, such as the police or the crown prosecution service;
  • If there was a concern that a client or another person was at risk of serious harm - This could involve sharing information with the crisis team, medical professionals and/or the emergency services;
  • If Melanie Hudson was incapacitated or died - Clients contact details would be accessed by another counsellor so that they could contact clients to inform them and to cancel any further appointments;
  • Supervision - Sometimes client work is discussed in supervision (for counselling work) or with my Reiki teacher (for my Reiki work). This is to ensure good practice and meet the Ethical requirements set out by the BACP. However, during supervision clients names would not be used or any details that might lead to the identification of the individual;
  • Audit - Any information required to fulfill the requirements of an audit by the Information Commissioner's Office (ICO), the Tax Office, or the British Association of Counselling & Psychotherapy (BACP);
  • In the event of a complaint - Any information required to defend myself. This could include the use of session notes;
  • Employment & Assistance Programs (EAP) - Any clients accessing Melanie Hudson Counselling & Psychotherapy through an EAP usually involves the sharing of information. The EAP may provide me with client contact details and assessment details. I am usually required to provide an EAP with the same information as I have listed under section 4.1 Information Collected, in addition to this any measures used (e.g. PHQ9 or CORE forms) and assessment and closure details.

 

5.0 Visiting the website www.melaniehudson.co.uk

 

5.1 Website details

Website address is: www.melaniehudson.co.uk

When this document refers to the website www.melaniehudson.co.uk this also includes its subdomains. Subdomains are pages that begin with www.melaniehudson.co.uk but have additional text after this. For example,  www.melaniehudson.co.uk/blog or www.melaniehudson.co.uk/reiki

www.melaniehudson.co.uk  is hosted by: SquareSpace https://www.squarespace.com/

 

5.2 How information collected when visiting www.melaniehudson.co.uk

 When someone visits the pages of www.melaniehudson.co.uk certain information may be collected from visitors from using one of two methods:

  • The contact form and;
  • Cookies (from Squarespace and Google Analytics).

 

5.3 The Website Contact Form

 The contact form on www.melaniehudson.co.uk is hosted by SquareSpace. When a person sends information via this contact form this data passes through the SquareSpace servers and is directed to the business email account of info@melaniehudson.co.uk. No information from the contact form is retained by SquareSpace.

 

5.4 Cookies

5.4.1 What are cookies?

 Cookies are small files that are saved on to the website visitors computer. These cookies are used to collect information that allows Melanie Hudson Counselling & Psychotherapy, SquareSpace and Google to monitor how my website is accessed and used. This information is used to improve usability, efficiency and visibility of www.melaniehudson.co.uk

 

5.4.2 Information that cookies collect

  • Date & Time the user visited the website;
  • The pages that were visited and the length of time the person spent on them;
  • The visitors IP address and location of their network;
  • Browser version, operating system, flash version, screen resolution;
  • Referrer - Where the accessed www.melaniehudson.co.uk from e.g. direct, google, third party website.

Squarespace retain this information for 7 days and google analytics for 14 months.

For more information on SquareSpace Analytics: https://support.squarespace.com/hc/en-us/articles/217549458-Activity-Log

For more information on Google Analytics: https://support.google.com/analytics/answer/6004245

 

5.4.3 How to opt out of cookies:

 When a visitor initially accesses www.melaniehudson.co.uk they are presented with a banner asking if they agree to the use of cookies. If a visitor does not agree to this, a cookie will not be placed on their computer and the data, mentioned in 5.4.2 of this policy, will not be collected. If consent for cookies is given by the user via the banner, and a visitor wishes to change their mind and have the data they have collected removed, the website visitor can contact me at info@melaniehudson.co.uk. When a website visitor consents to cookies collecting information whilst visiting www.melaniehudson.co.uk, this agreement expires after 30 days. If a visitor access my website again after this time has elapsed a new cookie banner should appear and the visitor will be given the option again on whether they wish to consent to the use of cookies or not.

It is possible to set a computer browser to decline cookies from all websites. Website browsers help facilities should be able to explain how this can do this.

There is a tool that can be download to prevent Google Analytics recording any data. This tool can be found at https://tools.google.com/dlpage/gaoptout  However, please be aware that this tool only prevents Google Analytics from recording this data, SquareSpace would continue to do so unless the website visitor set their computer browser to decline all cookies from all websites or declined consent via the banner.

 

5.4.4 Accessing other websites

www.melaniehudson.co.uk contains links to external websites that may contain information that might be of interest to some of its visitors. Melanie Hudson Counselling & Psychotherapy has no control over the information on these external websites or the data that may be collected about its visitors. This privacy statement only includes www.melaniehudson.co.uk and its subdomains.

 

6.0 Information stored outside of the EU

 

6.1 Email

 info@melaniehudson.co.uk uses GSuite (google) as the email host. GSuite is GDPR compliant. Google servers may be located outside of the EU. Google uses the EU-US Privacy Shield Framework (see section 6.4 for more information on this)

 

6.2 Contact form on www.melaniehudson.co.uk

 The contact form on www.melaniehudson.co.uk is hosted by SquareSpace, who use the EU-US Privacy Shield Framework and are GDPR compliant. When a visitor sends information from the contact form, this data passes through the SquareSpace servers and is directed to the email account of info@melaniehudson.co.uk. No information from the contact form is retained by SquareSpace.

 

6.3 Analytics Cookie information

Google Analytics and SquareSpace hold information collected by cookies on non EU servers.

 

6.4 Information on EU-US Privacy Shield Framework

The EU-US Privacy Shield Framework is used by both Google and Squarespace. This means they have adequate security for the transferring of data between the EU and the US in order to comply with data protection requirements.

More information on the privacy shield framework can be found: https://www.privacyshield.gov/welcome

 

7.0 Social Media

Melanie Hudson Counselling & Psychotherapy uses social media as a means of sharing information that may be useful to others and for advertising. Melanie Hudson Counselling & Psychotherapy has the following social medial business accounts under the following names:

The social media accounts above are all public. This means that other users may be able to see who is following these pages, who liked, shared, retweeted a post, made a comment or left a review.

Please see the individual social media privacy policies to find out more information on how these companies use the data that they collect on their users.

 

8.0 Retention of Data Policy

The table below sets out how long data is retained for.  There may be exceptions to this in the event of an enquiry, ongoing complaint or investigation. In such circumstances this data would then be deleted once it had been confirmed that it was no longer  required AND if was outside of the retention period stated below.

Untitled drawing (3).jpg
Untitled drawing (5).jpg

9.0 Data Processing

 

    9.1 Reasons for processing data:

See section 4.2 ‘What your data is used for’

 

9.2 Legal Basis Summary

Any data that is held and processed by Melanie Hudson Counselling & Psychotherapy must have a legal basis for doing so. The table under section 8.0 ‘Retention of Data Policy’ sets out the specific legal basis’ for retaining and processing personal information. 

Melanie Hudson Counselling & Psychotherapy responds to potential clients with regards to the services she offers under the legal basis of legitimate interests. Once a client attends an appointment Melanie Hudson Counselling & Psychotherapy will make and agreement with clients with regards to how their contact details will be used in order to provide a service to them (this comes under the legal basis of contract). Melanie Hudson Counselling & Psychotherapy does not require the consent of clients to hold and process their data in the ways set out in this policy, as this data is required to comply with legal obligations.

 

10.0 Your Rights

Your rights under the General Data Protection and Retention (2018) Act are that you have:

  • The right to be informed;
  • The right of access;
  • The right to rectification;
  • The right to erasure;
  • The right to restrict processing;
  • The right to data portability;
  • The right to object;
  • Rights in relation to automated decision making and profiling.

 

10.1 Right to be Informed

Clients have a right to be informed of how their data is used, stored, shared and retained for. This document sets all of this out and is made easily accessible to clients.

 

10.2 Right of Access

A Subject Access Request (SAR) allows clients to request a copy of any personal information I hold on them. This request would be fulfilled within one month upon receiving the SAR, unless the request was complex and could not reasonably be expected to be completed in that time. If this was the case the time limit may be extended by an additional two months but the requester would be informed of this. Requests can be made in writing or verbally. Clients would not be charged for this unless there was a disproportionate fee to Melanie Hudson Counselling & Psychotherapy to send this information. A reasonable fee would be charged for any further copies that were requested. If there was a reason I felt unable to comply with the SAR I would write to the requester stating my reasons for this along with their right to make a complaint and the right to seek judicial remedy.

 

10.3 Right to rectification

Clients have a right to request any inaccurate, incomplete or out of date information to be corrected. This request can be made verbally or in writing. Such corrections would be carried out within one month from receiving the request, unless the request was complex and could not reasonably be completed this time limit. If this was the case the time limit could be extended two months and the requester was informed of this delay. If I believed the information to be accurate I would inform the requester of this in writing and that I would not amend their data. I would include details on how to make a complaint and their right to seek a judicial remedy.

 

10.4 Right to Erasure or ‘the right to be forgotten’

Clients may request, verbally or in writing, for their data to be removed. I would respond to such a request within one month of receiving it. Requests for Erasure will be considered and any data that is no longer necessary for me to retain will be removed. Requests for your notes and information linked to identifying them as yours will not be erased before the 7 year from your last appointment period has passed. Notes (and non administrative emails/texts) are required for me to comply with legal obligations. This makes such information exempt from requests for erasure. If I was unable to carry out your request for erasure I would write explaining the reasons for this, and include details on how you can make a complaint and your right to judicial remedy should you not agree with my reasons.

 

10.5 Right to restrict processing

Requests to restrict the processing of clients data can be made verbally or in writing. This request is that personal data can still be stored security by the data controller but for the processing of this information to be stopped or restricted. I would consider such a request and respond in writing within one month of receiving the request.

 

10.6 The Right to Data Portability

This right is to allow clients to request for their data to be made portable. This means that personal information can be transmitted to the individual making the request or to a different service. Requests can be made in writing or verbally and would receive a response within a month of Melanie Hudson Counselling & Psychotherapy receiving the request.

 

10.7 Right to Object

This right allows clients to request for their personal information to no longer be processed by Melanie Hudson Counselling & Psychotherapy. This request can be given verbally or in writing. Whilst a person can request this, and any requests would be carefully considered, there may be reasons for this request to be declined (e.g. as processing by Melanie Hudson Counselling & Psychotherapy may be required for the lawful basis of compliance with legal obligation). Any request would be responded to within one month of receiving it.

 

10.8 More information on your Rights

For more details on your rights you can visit the information commissioners website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

 

11.0 Concerns

If you have any issues or concerns on how I store or process information held on you then please either discuss this on one of our sessions or contact me on info@melaniehudson.co.uk    If you feel I was not able to resolve your concern you can contact the Information Commissioner's Office on 0303 123 1113, by email at https://ico.org.uk/global/contact-us/email/ or by post to The Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.