Counselling & Therapy Fees

 

 

Contents for Privacy & Cookie Policy

 

  • 1.0 Data Controller Information
  • 2.0 Policy Purpose
  • 3.0 Framework for handling personal data
  • 4.0 Your information
    • 4.1 Information Collected
    • 4.2 What the information collected is used for
    • 4.3 Confidentiality and limitations to this
  • 5.0 Visiting the website www.melaniehudson.co.uk
    • 5.1 Website details
    • 5.2 How information is collected when visiting www.melaniehudson.co.uk
    • 5.3 The Website Contact Form
  • 5.4 Cookies:
    • 5.4.1 What are cookies?
    • 5.4.2 Information that cookies collect
    • 5.4.3 How to opt out of cookies
    • 5.4.4 Accessing other websites
  • 6.0 Information stored outside of the EU:
    • 6.1 Email
    • 6.2 Contact form on www.melaniehudson.co.uk
    • 6.3 Analytics Cookie information
    • 6.4 Information on EU-US Privacy Shield Framework
    • 6.5 Online Therapy
  • 7.0 Social Media
  • 8.0 Retention of Data Policy
  • 9.0 Data Processing
    • 9.1 Reasons for processing data
    • 9.2 Legal Basis Summary
  • 10.0 Your Rights
    •  10.1 Right to be Informed:
    •  10.2 Right of Access
    •  10.3 Right to rectification
    •  10.4 Right to Erasure or ‘the right to be forgotten’
    •  10.5 Right to restrict processing
    •  10.6 The Right to Data Portability
    •  10.7 Right to Object
    • 10.8 More information on your Rights
  • 11.0 Concerns

 

______________________________________________________________________________________________

 

 

1.0 Data Controller Information

 

Data Controller: MH Counselling & Therapy Durham

 

Contact Details:

 

 

______________________________________________________________________________________________

 

 

2.0 Policy Purpose

 

This document has been created to:

 

  • Inform anyone accessing the services of MH Counselling & Therapy Durham as to what personal information is being collected about them.
  • The reasons for doing so and how this data is used.
  • Protect and maintain the privacy of anyone contacting or accessing this service and any limitations to an individual's confidentiality.
  • To ensure the rights and freedom of personal data (Article 1) of anyone contacting or accessing the services of Melanie Hudson Counselling & Psychotherapy.

 

______________________________________________________________________________________________

 

 

3.0 Framework For Handling Personal Data

 

  • Any alterations to the business of MH Counselling & Therapy Durham will be carefully planned and reviewed to ensure any risks to personal data are minimised.
  • Any data collected is used for the purposes of responding to potential clients, providing a service to clients that are accessing this service and for running this business.
  • Exceptions to confidentiality are communicated clearly to clients in the first session.
  • Any technology used for the communication or storage of personal information is retained in accordance with the Data Retention Policy in Section 7.0.
  • All technology where personal and confidential information is stored or processed is password-protected.
  • All paper-based information is retained in accordance with the Data Retention Policy in Section 7.0.
  • Any paper records are secured in a locked filing cabinet when not in use.
  • Data is identifiable, locatable, retrievable and intelligible.
  • The Data Controller is the person responsible for ensuring adherence to the GDPR.
  • Any data breaches will be dealt with as per regulations stated under Article 33 of the GDPR. This includes taking action to mitigate any issues this may cause and reporting any breaches to the ICO within 72 hours of this occurring.

 

______________________________________________________________________________________________

 

 

4.0 Your Information

 

 

4.1 Information Collected    

 

  • Contact details.
  • Appointment date and times.
  • Your social & economic circumstances.
  • Employment status.
  • Lifestyle, social or family circumstances.
  • Physical and/or mental health details.
  • Your racial or ethnic origin.
  • Religious or beliefs.
  • Criminal or alleged crimes.
  • Client’s names on my bank statements if the client paid by bank transfer.
  • IP address.
  • How you interact with my www.melaniehudson.co.uk.

 

 

4.2 What The Information Collected is Used For

 

Client information may be used:

  • To respond to enquiries from clients or potential clients.
  • To provide information to a client or a potential client.
  • To carry out the contract agreed between me and a client.
  • To contact clients with regard to appointments and to respond to any service feedback.
  • To inform clients about any changes to the service that might impact them or the use of their data.
  • For a waiting list for potential clients who consent to be added to this.
  • To identify and protect those at risk of harm or abuse.
  • To maintain accurate records and accounts.
  • To meet statutory obligations, for example, by insurers and professional bodies.
  • To show compliance with GDPR, BACP Ethical Framework, HRMC and insurers.
  • For supervision.
  • To administer and improve the website www.melaniehudson.co.uk
  • To advertise MH Counselling & Therapy Durham.
  • To aid training and development.

 

 

4.3 Confidentiality And Exceptions

 

 

Whilst MH Counselling & Therapy Durham aims to protect the confidentiality of its clients and potential clients, there may be times when information needs to be shared with others:

 

  • If there was a requirement to do so by law - This could involve sharing information with the legal authorities, such as the police or the Crown Prosecution Service.
  • If there was a concern that a client or another person was at risk of serious harm - This could involve sharing information with the crisis team, medical professionals and/or the emergency services.
  • If Melanie Hudson were incapacitated or died - Client’s contact details would be accessed by another counsellor so that they could contact clients to inform them and to cancel any further appointments.
  • Supervision - Sometimes, client work is discussed in supervision. This is to ensure good practice and meet the Ethical requirements set out by the BACP. However, during supervision clients, names would not be used or any details that might lead to the identification of the individual.
  • Audit - Any information required to fulfil the requirements of an audit by the Information Commissioner's Office (ICO), the Tax Office, or the British Association of Counselling & Psychotherapy (BACP);
  • In the event of a complaint - Any information required to defend me. This could include the use of session notes.
  • Employment & Assistance Programs (EAP) - Any clients accessing Melanie Hudson Counselling & Psychotherapy through an EAP usually involve the sharing of information. The EAP may provide me with client contact details and assessment details. I am usually required to provide an EAP with the same information as I have listed under section 4.1 Information Collected, in addition to this and any measures used (e.g. PHQ9 or CORE forms) and assessment and closure details.

 

______________________________________________________________________________________________

 

 

5.0 Visiting The Website www.melaniehudson.co.uk

 

5.1 Website details

 

The website address is: www.melaniehudson.co.uk

 

When this document refers to the website www.melaniehudson.co.uk this also includes its subdomains. Subdomains are pages that begin with www.melaniehudson.co.uk but have additional text after this. For example,  www.melaniehudson.co.uk/blog or www.melaniehudson.co.uk/about-me

www.melaniehudson.co.uk  is hosted by: Krystal

 

 

5.2 How Information is Collected When Visiting www.melaniehudson.co.uk

 

 When someone visits the pages of www.melaniehudson.co.uk certain information may be collected from visitors using one of two methods:

  1. The contact form.
  2. Cookies (from Krystal).

 

 

5.3 The Website Contact Form

 

 The contact form on www.melaniehudson.co.uk is hosted by Krystal. When a person sends information via the contact form, data passes through the Krystal servers and is directed to the business email account of info@melaniehudson.co.uk. No information from the contact form is retained by Krystal.

 

 

5.4 Cookies

 

5.4.1 What are cookies?

 

 Cookies are small files that are saved to the visitor’s computer. These cookies are used to collect information that allows MH Counselling & Therapy and Krystal to monitor how my website is accessed and used. This information is used to improve the usability, efficiency and visibility of www.melaniehudson.co.uk

 

 

5.4.2 Information That Cookies Collect

 

Date & time the user visited the website.

The pages that were visited and the length of time the person spent on them.

The visitor’s IP address and the location of their network.

Browser version, operating system, flash version, screen resolution.

Referrer - Where the accessed www.melaniehudson.co.uk was accessed from, e.g. direct, internet search engine, AI, or a third-party website.

Krystal retains this information for ??????? days and Google Analytics for ?????????.

For more information on Krystal cookies, please visit their website.

For more information on Google Analytics, please visit their website.

 

 

5.4.3 How to Opt Out of Cookies

 

When a visitor initially accesses www.melaniehudson.co.uk they are presented with a banner asking if they agree to the use of cookies. If a visitor does not agree to this, a cookie will not be placed on their computer and the data, mentioned in 5.4.2 of this policy, will not be collected. If consent for cookies is given by the user via the banner, and a visitor wishes to change their mind and have the data they have collected removed, the website visitor can contact me at info@melaniehudson.co.uk. When a website visitor consents to cookies collecting information whilst visiting www.melaniehudson.co.uk, this agreement expires after 30 days. If a visitor accesses my website again after this time has elapsed, a new cookie banner should appear, and the visitor will be given the option again of whether they wish to consent to the use of cookies or not.

 

It is possible to set a computer browser to decline cookies from all websites. Website browsers help facilities should be able to explain how this can be done. Kyrstal cookie policy also describes how to do this.

 

 

5.4.4 Accessing Other Websites

 

www.melaniehudson.co.uk contains links to external websites that may contain information that might be of interest to some of its visitors. MH Counselling & Therapy Durham has no control over the information on these external websites or the data that may be collected about its visitors. This privacy statement only includes www.melaniehudson.co.uk and its subdomains.

 

______________________________________________________________________________________________

 

 

6.0 Information Stored Outside of the EU

 

 

6.1 Email

 

info@melaniehudson.co.uk uses Google Workspace (Business Starter) as the email host. GSuite is GDPR compliant. Google servers may be located outside of the EU. Google uses the EU-US Data Privacy Framework (see section 6.4 for more information on this).

 

6.2 Contact form on www.melaniehudson.co.uk

 The contact form on www.melaniehudson.co.uk is hosted by Krystal, whose servers are based in the EU and are GDPR compliant. When a visitor sends information from the contact form, this data passes through the Krystal servers and is directed to the email account of info@melaniehudson.co.uk. No information from the contact form is retained by Krystal.

 

6.3 Analytics Cookie information

Google Analytics and SquareSpace hold information collected by cookies on non EU servers.

 

 

6.4 Information on EU-US Data Privacy Framework

 

The EU-US Data Privacy Framework is used by Google. This means they have security policies for the transfer of data between the EU and the US in order to comply with data protection requirements.

 

 

6.5 Online Therapy

 

Working online brings with it additional security risks with regard to a client’s data and privacy. To reduce such risks, MH Counselling & Therapy Durham, will ensure that her device has the latest operating system updates, virus checker definitions and video conferencing software version. MH Counselling & Therapy Durham requests that anyone accessing her service also ensure the same on the device they intend to use for therapy.

 

MH Counselling & Therapy Durham will ensure she works from a private space where there is no risk of being physically overheard during a session with a client. It is a client’s responsibility to ensure that they are accessing online/telephone therapy from a location that offers them the same level of confidentiality at their end.

 

Microsoft Teams - Microsoft have their own privacy statement. By accessing therapy this way, clients are agreeing to Microsoft’s privacy terms.

 

______________________________________________________________________________________________

 

 

7.0 Social Media

 

MH Counselling & Therapy uses social media as a means of sharing information that may be useful to others and for advertising. MH Counselling & Therapy has the following social media business accounts under the following names:

 

 

The social media accounts above are all public. This means that other users may be able to see who is following these pages, who liked, shared, retweeted a post, made a comment or left a review.

 

Please see the individual social media privacy policies (links above) to find information on how these companies use the data that they collect on their users.

 

______________________________________________________________________________________________

 

 

8.0 Retention of Data Policy

 

The table below sets out how long data is retained.  There may be exceptions to this in the event of an enquiry, ongoing complaint or investigation. In such circumstances, this data would then be deleted once it had been confirmed that it was no longer required AND if it was outside of the retention period stated below.

 

Information

Retention Period

Reasons for Retention

Legal Basis

Session Notes

7 years from the date of the last appointment

Means of defence in the case of a complaint or litigation claim

 

To demonstrate compliance with the BACP Ethical Framework

Compliance with Legal Obligations

Counselling Agreement

7 years from the date of the last appointment

Means of defence in the case of a complaint or litigation claim

 

To demonstrate compliance with the BACP Ethical Framework

Compliance with Legal Obligations

Log of dates & times attended, cancelled and Did Not Attend (DNA)

7 years from the date of the last appointment

Means of defence in the case of a complaint or litigation claim

 

To demonstrate compliance with the BACP Ethical Framework

Complaince with Legal Obligations

Contact Details

7 years from the date of the last appointment

1. To identify notes with the client, should they be needed as a means of defence in a complaint or litigation claim

 

2. To contact or reply to a client regarding appointments, queries, service feedback, payments, safeguarding, and any other reasons that are agreed on with the client

1. Compliance with Legal Obligations

 

2. Contract

Email

1. Admin emails (e.g. new enquiry, change of appointment time, cancel appointment) 1 year from the email being received

 

2. Information beyond admin emails may be transcribed and stored with client notes. Transcription will be retained for the same period as the notes. The email will be deleted within 1 year of being received.

1. To respond to new enquiries, answer questions about the service I provide, cancel or rearrange appointments, and query non-attendance of a session or late arrival.

 

2. Means of defence in the case of a complaint or litigation claim. To demonstrate compliance with the BACP Ethical Framework 

1. Legitimate Interest

 

2. Contract

Text messages stored on mobile phone

1. Admin texts (e.g. new enquiry or change of appointment) - between 7 and 60 days from initial contact. 

 

2. Information beyond admin texts may be transcribed and stored with the clinical notes. Transcription will be retained for the same period of time as the notes. The text will be deleted between 7 and 60 days.

 

3. All messages will be deleted if the mobile phone is no longer in use.

1. To respond to new enquiries, answer questions about the service I provide, cancel or rearrange appointments, and query non-attendance of a session or late arrival.

 

2. Means of defence in the case of a complaint or litigation claim. To demonstrate compliance with the BACP Ethical Framework 

1. Legitimate Interest

 

2. Contract

Voicemails stored on a mobile phone

Deleted once listened to. VM checked every 48 hrs. An exception to this is when on holiday. In these cases VM are checked on my return, then deleted. VM would inform the caller that I would not receive their message until a specific date.

As a means for a client or a potential client to be able to leave a message for me

Legitimate Interest (prior to the first session)

 

Contract (after the initial session)

Paper Diaries

5 years from the 31 January submissions deadline for the tax year it relates to

To meet the requirements of HMRC with regard to keeping financial business records

Compliance with Legal Obligations

Bank Statements

5 years from the 31 January submission deadline of the tax year it relates to

To meet the requirements of HMRC with regard to keeping financial business records

Compliance with Legal Obligations

Tax Returns

5 years from the 31 January submission deadline of the tax year it relates to

To meet the requirements of HMRC with regard to keeping financial business records

Compliance with Legal Obligations

Complaints

Retained with written session notes and destroyed at the same time as those

Means of defence in the case of a complaint or litigation claim

 

To demonstrate compliance with the BACP Ethical Framework

Compliance with Legal Obligations

Right To Erasure Requests

Retained with written session notes and destroyed at the same time as those

Means of defence in the case of a complaint or litigation claim

 

To demonstrate compliance with the BACP Ethical Framework

Compliance with Legal Obligations

Subject Access Requests

Retained with written session notes and destroyed at the same time as those

Means of defence in the case of a complaint or litigation claim

 

To demonstrate compliance with the BACP Ethical Framework

Compliance with Legal Obligations

______________________________________________________________________________________________

 

 

9.0 Data Processing

 

 

9.1 Reasons for processing data:

 

See section 4.2 ‘What your data is used for’

 

 

9.2 Legal Basis Summary

 

Any data that is held and processed by MH Counselling & Therapy Durham must have a legal basis for doing so. The table under section 8.0 ‘Retention of Data Policy’ sets out the specific legal basis for retaining and processing personal information. 

 

MH Counselling & Therapy responds to potential clients regarding the services offered under the legal basis of legitimate interests. Once a client attends an appointment, MH Counselling & Therapy Durham will make an agreement with clients regarding how their contact details will be used in order to provide a service to them (this comes under the legal basis of contract).

 

MH Counselling & Therapy Durham does not require the consent of clients to hold and process their data in the ways set out in this policy, as this data is required to comply with legal obligations.

 

______________________________________________________________________________________________

 

 

10.0 Your Rights

 

Your rights under the General Data Protection and Retention (2018) Act are that you have:

 

  • The right to be informed.
  • The right of access.
  • The right to rectification.
  • The right to erasure.
  • The right to restrict processing.
  • The right to data portability.
  • The right to object.
  • Rights in relation to automated decision-making and profiling.

 

 

10.1 Right to be Informed

 

Clients have a right to be informed of how their data is used, stored, shared, and retained. This document sets all of this out and is made easily accessible to clients.

 

 

10.2 Right of Access

 

A Subject Access Request (SAR) allows clients to request a copy of any personal information I hold on them. This request would be fulfilled within one month of receiving the SAR unless the request was complex and could not reasonably be expected to be completed in that time. If this were the case, the time limit may be extended by an additional two months, but the requester would be informed of this. Requests can be made in writing or verbally. Clients would not be charged for this unless there was a disproportionate fee to MH Counselling & Therapy Durham to send this information. A reasonable fee would be charged for any further copies that were requested. If there was a reason I felt unable to comply with the SAR, I would write to the requester stating my reasons for this, along with their right to make a complaint and the right to seek a judicial remedy.

 

 

10.3 Right to Rectification

 

Clients have the right to request that any inaccurate, incomplete, or out-of-date information be corrected. This request can be made verbally or in writing. Such corrections would be carried out within one month of receiving the request unless the request was complex and could not reasonably be completed within this time limit. If this were the case, the time limit could be extended to two months, and the requester was informed of this delay. If I believed the information to be accurate, I would inform the requester of this in writing, and I would not amend their data. I would include details on how to make a complaint and their right to seek a judicial remedy.

 

 

10.4 Right to Erasure or ‘the right to be forgotten’

 

Clients may request, verbally or in writing, that their data be removed. I would respond to such a request within one month of receiving it. Requests for Erasure will be considered, and any data that is no longer necessary for me to retain will be removed. Requests for your notes and information linked to identifying them as yours will not be erased before the 7 years from your last appointment period have passed. Notes (and non-administrative emails/texts) are required for me to comply with legal obligations. This makes such information exempt from requests for erasure. If I were unable to carry out your request for erasure, I would write explaining the reasons for this, and include details on how you can make a complaint and your right to judicial remedy should you not agree with my reasons.

 

 

10.5 Right to restrict processing

 

Requests to restrict the processing of the client’s data can be made verbally or in writing. This request is that personal data can still be stored securely by the data controller, but the processing of this information should be stopped or restricted. I would consider such a request and respond in writing within one month of receiving the request.

 

 

10.6 The Right to Data Portability

 

This right is to allow clients to request that their data be made portable. This means personal information can be transmitted to the individual making the request or to a different service. Requests can be made in writing or verbally, and a response will be received within a month of MH Counselling & Therapy Durham receiving the request.

 

 

10.7 Right to Object

 

This right allows clients to request that their personal information no longer be processed by MH Counselling & Therapy Durham. This request can be given verbally or in writing. Whilst a person can request this, and any requests would be carefully considered, there may be reasons for this request to be declined (e.g. as processing by MH Counselling & Therapy Durham may be required for the lawful basis of compliance with a legal obligation). Any request will be responded to within one month of receiving it.

 

 

10.8 More information on your Rights

 

For more details on your rights, you can visit the Information Commissioner's Office website.

 

______________________________________________________________________________________________

 

 

11.0 Concerns

 

If you have any issues or concerns about how I store or process information held on you, then please either discuss this in one of our sessions or contact me by post (6 Kepier Heights, Durham DH1 1LN0 or by email info@melaniehudson.co.uk. If you feel I was not able to resolve your concern, you can contact the Information Commissioner's Office

 

______________________________________________________________________________________________