Castle Counselling Service: Website and GDPR Privacy statement
The data controller is Castle Counselling Service Ltd.
Castle Counselling Service Ltd is registered with the Information Commissioners Office ICO: ZA902586
Listed below is the information, outlining what our website collects.
Our website host Wix collects data regarding the number of visitors. Individuals are not identified but what this does is tell us the number of visitors to the site, the number of views per page and the type of device used - laptop, mobile or desktop. This website is hosted by Wix and all information between the website server and your browser is encrypted and delivered by HTTPS over SSI.
Website contact me button
No information from the contact me button is stored by the website.
We use the personal data of your email address and or telephone number for correspondence with you regarding your enquiry about the services of Castle Counselling Service Ltd. We only retain the information for the period we are in correspondence and then it is deleted as confidential waste.
We do not use the information you supply via the contact me button for marketing purposes or share with third parties unless we am required to by law.
We use Microsoft when responding to website enquiries. Microsoft encrypts messages in transit, this means that emails can’t be read by third parties in transit. Please bear in mind that sending information by email can’t always be guaranteed secure so please consider the level of personal information you share in an email. Microsoft servers are based in the US.
General data protection regulation GDPR information for Castle Counselling Service Ltd.
This statement details how we collect, store or share/process your personal data including special category data.
What information do we collect?
Should you wish to become a counselling client we collect?
• Contact number
• Date of birth (if under 18)
Emergency contact name and number
Relevant life data for both child and parent - which may help to inform the counselling treatment plan.
When and where relevant information may be requested from other professionals who have experience with your child or young person.
Financial details (by proxy on my bank statement after you make payment)
• Email address
• Mobile number
• Financial details ( by proxy on my bank statement after you make payment)
What do we use this information for?
This client information is used as contact and emergency contact information while you are in counselling. We collect information of clients age to help assist us and inform our work and sessions.
Do we share/store your personal data?
We only use your data in relation to the delivery of our services, and do not use it for marketing purposes or sell to third parties. There are very specific limited counselling reasons why we may need to share/process your data.
1. It may become necessary during our work together for me to break confidentiality for safeguarding reasons, serious harm to self or others, acts of terrorism or drug trafficking/money laundering. The personal data shared will be adequate and proportionate eg the minimum required. Your information may be shared with health professionals & emergency services as appropriate.
2. In the event of illness or death of one Director, the other Director of the company will manage the client case load if the clients wish to remain with the company. In the event of both Directors’ being incapacitated the clinical will, which is securely stored will be passed on by a family member to Castle Counselling Service Ltd clinical supervisor. The supervisor will then approach each client by their preferred method of communication to determine a way forward and to maintain safety.
We may be required to share information from your notes, if we are issued with a court order to do so. We keep anonymous notes from our sessions in line with the requirements of my professional insurance and the limitation act. Special category data 9 (f) processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
We are required to keep financial records for the purpose of tax returns for 7 years.
You have the right at any time to withdraw consent and have all applicable data removed. If we have a legal or ongoing obligation to process data, which is not based on consent, then we are unable to comply with the data withdrawal request.
How long do we keep your information? (Data retention schedule)
If you choose not to continue with counselling after your assessment session your information will be disposed of 1 month after, as confidential waste.
If you choose to continue with counselling, we keep client notes that are anonymous and personal details are kept separately in a secure system.
Personal information is kept for 7 years after your last session in line with the requirements of our professional insurance.
All information is stored as confidential data in locked storage, password protected document or encrypted memory stick and destroyed at the end of the data retention period as confidential waste.
Your rights under GDPR
Right to be informed - complying with the need for transparency in processing personal data.
Right of access (you have the right to access the data we hold about you & how we are using this information)
Right of rectification - this allows you to amend information, if you feel it is incorrect or incomplete
Right to erasure (Right to be forgotten) - this allows you to have your personal data erased and no longer processed, where the personal data I son longer needed for the purposes for which it was collected. It is important to remember that we do not have to erase all data held, if we have a legal or ongoing obligation to process your data.
Right to restriction of processing. You have the right to request the restriction of processing under a number of circumstances. Including where accuracy of information is questioned, the processing is seen as unlawful, where the data is no longer needed. We would be entitled to retain data for establishing/excersise or defence of legal claims.
Right to data portability - Not applicable
Right to object - This allows you to object to the processing of your data at anytime, however in the case of legal or contractual obligations we would be unable to proceed with your right to object.
• Rights related to automated decisions.
It should be noted that the ICO says these are not all absolute rights:https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
How to complain
If a dispute is not settled or you are in any way dissatisfied - you have a right to file a complaint with the Information Commissioner’s Office via:
Our privacy statement is regularly reviewed. 01.04.2021