Privacy Policy / GDPR Privacy Statement

Who we are

Our website address is: https://pruce.uk/counselling

Nicola Pruce Counselling: Website and GDPR Privacy statement
The data controller is Nicola Pruce Counselling.
Nicola Pruce Counselling is registered with the Information Commissioners Office ICO: Reference number ZA784771

Here are the technical details about the information my website collects:

Cookies
This site uses cookies. These are small text files that are placed on your computer by websites that you visit. They are used in order to make websites work efficiently, as well as to provide information to the owners of the site about people’s use of it. ‘Session cookies’ are stored only temporarily during your browsing session to allow normal use of the site. They are deleted from your device when the browser is closed.

Personal Information from your device is collected such as geolocation data, IP address, unique identifiers (e.g. MAC address) and other information which relates to your activity through the site. You can choose your use of cookies via the pop-up cookie notification and by following the instructions of your device preferences

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Analytics
My website on WordPress collects behaviour patterns of website visitors. This does not identify individuals, but shows me three things. The number of site visits, number of specific page views, and the type of device used eg mobile, desktop, laptop. I also use analytics to collect behaviour patterns of website visitors. This information does not identify individuals, but shows a collection of website usage from the number of website visits, frequently used pages etc. This data is used only for my professional analysis and is not shared.

Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

How long I retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so I can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on my  website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Website contact me button
No information from the contact me button is stored by the website. I use the personal data of your email address for correspondence with you regarding your enquiry about the services of Nicola Pruce Counselling. I only retain the information for the period we are in correspondence and then it is deleted as confidential waste. I do not use the information you supply via the contact me button for marketing purposes or share with third parties unless I am required to by law.

I use Hotmail when responding to website enquiries. Hotmail encrypts messages in transit (techy bit again: using TLS Transport Layer Security) on a basic level this means that emails can not be read by third parties in transit. You probably have no idea if your email provider uses TLS so please bear in mind that sending information by email cannot always be guaranteed secure. Please consider the level of personal information you share in an email.

Microsoft servers are based in the US. Hotmail as part of Microsoft is covered by the US privacy shield (this is a level of approved security to pass information from UK to the US) so by definition your personal data of email address and IP address may go outside of the EEA. https://www.privacyshield.gov/list

General data protection regulation GDPR information for Nicola Pruce Counselling.
This statement details how I collect, store or share/process your personal data including special category data. What information do I collect?

Should you wish to become a counselling client I collect:
• Name
• Contact number
• Email
• Address
• Date of birth
• Emergency contact name and number

What do I use this information for?
This client information is used as contact and emergency contact information while you are in therapy.

Do I share/store your personal data?
I only use your data in relation to the delivery of my services, and do not use it for marketing purposes or sell to third parties. There are very specific limited counselling reasons why I may need to share/process your data.

Legitimate interest

  1. It may become necessary during our work together for me to break confidentiality for safeguarding reasons, serious harm to self or others, acts of terrorism or drug trafficking/money laundering. The personal data shared will be adequate and proportionate eg the minimum required. Your information may be shared with health professionals & emergency services as appropriate. 
  2. Clinical will. In the event of my death or becoming incapacitated a family member will pass a sealed envelope from my secure storage containing name and contact details of my current clients to my clinical supervisor. This is to enable my supervisor to make contact re my situation and to discuss counselling options going forward to maintain your safety. My clinical supervisor follows the same confidentiality system as me.

Legal obligation

  1. I may be required to share information in your notes if I am issued with a court order.
  2. I keep anonymous notes from our sessions in line with the requirements of my professional insurance and the limitation act. Special category data 9 (f) processing is: 
    1. necessary for the establishment, exercise or defence of legal claims or
    2. whenever courts are acting in their judicial capacity.
  3. I am required to keep financial records for the purpose of tax returns for 7 years.

Consent

  1. If you ask me to share your notes/information with other medical professionals or your legal representative.

How long do I keep your information? (Data retention schedule)

  1. If you choose not to continue with counselling after your assessment session your information will be disposed of 2 weeks after as confidential waste.
  2. If you choose to continue with counselling I keep client notes that are anonymous and separately name/email address for 7 years after your last session in line with the requirements of my professional insurance.

All information is stored as confidential data in locked storage, password protected document or encrypted memory stick and destroyed at the end of the data retention period as confidential waste.

Your rights under GDPR

• Right to be informed,
• Right to access (you can request to see information I hold about you)
• Right of rectification,
• Right to erasure,                             Not applicable to lawful reason legal obligation
• Right to restrict processing,
• Right to data portability,   Not applicable to lawful reason legal obligation /legitimate interest
• Right to object,             Not applicable to lawful reason/ legal obligation
• Rights related to automated decisions. 


It should be noted that the ICO says these are not all absolute rights: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

If you have any concerns about how I have used your data you can discuss it with me in the first instance if you feel able to. My contact details nicolapruce@hotmail.com. You also have the right to complain to the information commissioner’s office ICO. 0303 123 1113   

This privacy statement is kept under regular review. 24 Aug. 20 V2

If you are a counsellor or therapist you can use this statement along with your own research from the ICO website. https://ico.org.uk/ Make sure you adjust it to your business name and your way of working as it will be different. I ask that you do not blindly copy word for word as this document is my intellectual property and copying word for word will see google penalise both you and me.