Privacy Policy for

1.0 Data Controller Information

Data Controller: Melanie Hudson Counselling & Psychotherapy

Contact Details:

• Contact form on www.melaniehudson.co.uk;

• info@melaniehudson.co.uk;

• 0775 411 9506

• Kepier Heights, Durham DH1 1LN

2.0 Policy Purpose

This document has been created to:

• Inform anyone accesses the services of Melanie Hudson Counselling & Psychotherapy as to what personal information is being collected about them; the reasons for doing so and how this data is used;

• Protect and maintain the privacy of anyone contacting or accessing this service and any limitations to an individual's confidentiality;

• To ensure the rights and freedom of personal data (Article 1) of anyone contacting or accessing the services of Melanie Hudson Counselling & Psychotherapy.

3.0 Framework for handling personal data

• Any alterations to the business of Melanie Hudson Counselling & Psychotherapy will be carefully planned and reviewed to ensure any risks to personal data are minimised;

• Any data collected is used for the purposes of responding to potential clients; providing a service to clients that are accessing this service and for running this business;

• Exceptions to confidentiality are communicated clearly to clients in the first session;

• Any technology used for the communication or storage of personal information is retained in accordance with the Data Retention Policy in Section 7.0;

• All technology where personal and confidential information is stored or processed is password protected;

• All paper-based information is retained in accordance with the Data Retention Policy in Section 7.0;

• Any paper records are secured in a locked filing cabinet when not in use;

• Data is identifiable, locatable, retrievable and intelligible;

• The Data Controller is the person responsible for ensuring adherence to the GDPR;

• Any data breaches will be dealt with as per regulations stated under Article 33 of the GDPR. This includes taking action to mitigate any issues this may cause and reporting any breaches to the ICO within 72 hours of this occurring.

4.0 Your information

4.1 Information Collected    

• Contact details;

• Appointment date and times;

• Your social & economic circumstances;

• Employment status;

• Lifestyle, social or family circumstances;

• Physical and/or mental health details;

• Your racial or ethnic origin;

• Religious or beliefs;

• Criminal or alleged crimes;

• Client’s names on my bank statements if the client paid by bank transfer;

• IP address;

• How you interact with my www.melaniehudson.co.uk.

4.2 What the information collected is used for

Client information may be used:

• To respond to enquiries from clients or potential clients;

• To provide information to a client or a potential client;

• To carry out the contract agreed between myself and a client;

• To contact clients with regard to appointments and to respond to any service feedback;

• To inform clients about any changes to the service that might impact them or the use of their data;

• For a waiting list for potential clients who consent to be added to this;

• To identify and protect those at risk of harm or abuse;

• To maintain accurate records and accounts;

• To meet statutory obligations, for example by insurers and professional bodies;

• To show compliance to GDPR, BACP Ethical Framework, HRMC and insurers;

• For supervision;

• To administer and improve the website www.melaniehudson.co.uk;

• To advertise Melanie Hudson Counselling & Psychotherapy;

• To aid training and development.

4.3 Confidentiality and limitations to this

Whilst Melanie Hudson Counselling & Psychotherapy aims to protect the confidentiality of her clients and potential clients, there may be times when information needs to be shared with others:

• If there was a requirement to do so by law - This could involve sharing information with the legal authorities, such as the police or the crown prosecution service;

• If there was a concern that a client or another person was at risk of serious harm - This could involve sharing information with the crisis team, medical professionals and/or the emergency services;

• If Melanie Hudson was incapacitated or died - Client’s contact details would be accessed by another counsellor so that they could contact clients to inform them and to cancel any further appointments;

• Supervision - Sometimes client work is discussed in supervision (for counselling work) or with my Reiki teacher (for my Reiki work). This is to ensure good practice and meet the Ethical requirements set out by the BACP. However, during supervision clients, names would not be used or any details that might lead to the identification of the individual;

• Audit - Any information required to fulfil the requirements of an audit by the Information Commissioner's Office (ICO), the Tax Office, or the British Association of Counselling & Psychotherapy (BACP);

• In the event of a complaint - Any information required to defend me. This could include the use of session notes;

• Employment & Assistance Programs (EAP) - Any clients accessing Melanie Hudson Counselling & Psychotherapy through an EAP usually involves the sharing of information. The EAP may provide me with client contact details and assessment details. I am usually required to provide an EAP with the same information as I have listed under section 4.1 Information Collected, in addition to this any measures used (e.g. PHQ9 or CORE forms) and assessment and closure details.

5.0 Visiting the website www.melaniehudson.co.uk

5.1 Website details

The website address is: www.melaniehudson.co.uk

When this document refers to the website www.melaniehudson.co.uk this also includes its subdomains. Subdomains are pages that begin with www.melaniehudson.co.uk but have additional text after this. For example,  www.melaniehudson.co.uk/blog or www.melaniehudson.co.uk/about-me

www.melaniehudson.co.uk  is hosted by: SquareSpace

5.2 How information collected when visiting www.melaniehudson.co.uk

 When someone visits the pages of www.melaniehudson.co.uk certain information may be collected from visitors using one of two methods:

• The contact form and;

• Cookies (from Squarespace and Google Analytics).

5.3 The Website Contact Form

 The contact form on www.melaniehudson.co.uk is hosted by SquareSpace. When a person sends information via the contact form data passes through the SquareSpace servers and is directed to the business email account of info@melaniehudson.co.uk. No information from the contact form is retained by SquareSpace.

5.4 Cookies

5.4.1 What are cookies?

 Cookies are small files that are saved to the visitor’s computer. These cookies are used to collect information that allows Melanie Hudson Counselling & Psychotherapy, SquareSpace and Google to monitor how my website is accessed and used. This information is used to improve the usability, efficiency and visibility of www.melaniehudson.co.uk

5.4.2 Information that cookies collect

• Date & Time the user visited the website;

• The pages that were visited and the length of time the person spent on them;

• The visitor’s IP address and location of their network;

• Browser version, operating system, flash version, screen resolution;

• Referrer - Where the accessed www.melaniehudson.co.uk from e.g. direct, google, third party website.

Squarespace retains this information for 7 days and google analytics for 14 months.

For more information on SquareSpace Analytics please visit their website.

For more information on Google Analytics please visit their website.

5.4.3 How to opt out of cookies:

When a visitor initially accesses www.melaniehudson.co.uk they are presented with a banner asking if they agree to the use of cookies. If a visitor does not agree to this, a cookie will not be placed on their computer and the data, mentioned in 5.4.2 of this policy, will not be collected. If consent for cookies is given by the user via the banner, and a visitor wishes to change their mind and have the data they have collected removed, the website visitor can contact me at info@melaniehudson.co.uk. When a website visitor consents to cookies collecting information whilst visiting www.melaniehudson.co.uk, this agreement expires after 30 days. If a visitor accesses my website again after this time has elapsed a new cookie banner should appear and the visitor will be given the option again of whether they wish to consent to the use of cookies or not.

It is possible to set a computer browser to decline cookies from all websites. Website browsers help facilities should be able to explain how this can do this.

There is a tool that can be downloaded to prevent Google Analytics from recording any data. However, please be aware that this tool only prevents Google Analytics from recording this data, SquareSpace would continue to do so unless the website visitor set their computer browser to decline all cookies from all websites or declined consent via the banner.

5.4.4 Accessing other websites

www.melaniehudson.co.uk contains links to external websites that may contain information that might be of interest to some of its visitors. Melanie Hudson Counselling & Psychotherapy has no control over the information on these external websites or the data that may be collected about its visitors. This privacy statement only includes www.melaniehudson.co.uk and its subdomains.

6.0 Information stored outside of the EU

6.1 Email

 info@melaniehudson.co.uk uses GSuite (google) as the email host. GSuite is GDPR compliant. Google servers may be located outside of the EU. Google uses the EU-US Privacy Shield Framework (see section 6.4 for more information on this).

6.2 Contact form on www.melaniehudson.co.uk

 The contact form on www.melaniehudson.co.uk is hosted by SquareSpace, who use the EU-US Privacy Shield Framework and are GDPR compliant. When a visitor sends information from the contact form, this data passes through the SquareSpace servers and is directed to the email account of info@melaniehudson.co.uk. No information from the contact form is retained by SquareSpace.

6.3 Analytics Cookie information

Google Analytics and SquareSpace hold information collected by cookies on non EU servers.

6.4 Information on EU-US Privacy Shield Framework

The EU-US Privacy Shield Framework is used by both Google and Squarespace. This means they have adequate security for the transferring of data between the EU and the US in order to comply with data protection requirements.

More information on the privacy shield framework can be found on the privacy shield website.

 6.5 Online Therapy

Working online brings with it additional security risks with regard to a client’s data and privacy. To reduce such risks Melanie Hudson Counselling & Psychotherapy will ensure that her device has the latest operating system updates, virus checker definitions and video conferencing software version. Melanie Hudson Counselling & Psychotherapy requests anyone accessing her service also ensure the same on the device they intend to use for therapy.

Melanie Hudson Counselling & Psychotherapy will ensure she works from a private space where there is no risk of being physically overheard during a session with a client. It is a client’s responsibility to ensure that they are accessing online/telephone therapy from a location that offers them the same level of confidentiality at their end.

Microsoft Teams - Microsoft have their own privacy statement. By accessing therapy this way you also agree with Microsoft’s privacy policy https://www.microsoft.com/en-gb/microsoft-teams/security

7.0 Social Media

Melanie Hudson Counselling & Psychotherapy uses social media as a means of sharing information that may be useful to others and for advertising. Melanie Hudson Counselling & Psychotherapy has the following social media business accounts under the following names:

• Facebook - Counselling and Psychotherapy in Durham

• Twitter - DurhamCounselling

• Pinterest - Melanie Hudson Counselling & Psychotherapy

• Instagram - @durhamcounselling

• Masterdon - @durhamcounselling

• Tik Tok - Durhamcounselling

The social media accounts above are all public. This means that other users may be able to see who is following these pages, who liked, shared, retweeted a post, made a comment or left a review.

Please see the individual social media privacy policies to find out more information on how these companies use the data that they collect on their users.

8.0 Retention of Data Policy

The table below sets out how long data is retained.  There may be exceptions to this in the event of an enquiry, ongoing complaint or investigation. In such circumstances, this data would then be deleted once it had been confirmed that it was no longer required AND if was outside of the retention period stated below.