1.1.We are Fernbank Counselling and Psychotherapy, registered at Okell Drive, Ross-on-Wye, Herefordshire. We take the privacy of your information very seriously and this Privacy Notice is designed to tell you about our practices regarding the collection, use and disclosure of personal data which may be obtained via our website or other means including online forms, email, or phone.
1.2 In this notice “you” refers to any individual whose personal data we hold or process (but it does not relate to personal data relating to our employees or staff).
1.3 In general, we provide counselling and psychotherapy services. If we do provide such services to you, please note a separate “Privacy Notice for Clients” will apply and will be provided to you. We do not process personal data on a large scale, but we will hold and process personal data in order to supply our services and this privacy notice explains how we do so.
1.4 This notice is governed by the EU General Data Protection Regulation (the “GDPR”), UK GDPR, Data Protection Act 2018 and any other applicable data or privacy legislation.
2. Categories of Personal Data and Legal Basis
2.1 Below we have set out the categories of data we collect and how we process the data (for information about legal basis, please see below):
2.1.1 We will hold contact information for our users who have registered with us, such as name, email address and telephone number (for authentication) which we will use to provide our services and communicate with you
2.1.2 We process Contact Information on the basis of the performance of our contract with our client, on the basis of our legitimate interest in providing our services to our clients and users or in certain circumstances as may be necessary for compliance with a legal obligation to which we are subject.
2.2.1 We may process data enabling us to get in touch with you, specifically through the contact form on the website – ‘profile data’. The profile data may include your name and email address. The source of the profile data is you.
2.2.2 The profile data may be processed for the purposes of responding to your enquiry and managing the use of our website and services. The legal basis for this processing is the commencement of a contract between you and us, and / or taking steps (at your request) to enter into such a contract and our legitimate interests, namely the proper administration of our website and business
2.3.1 We may process data about your use of our website and services ‘usage data’. The usage data may include your IP address, geographical location, browser type and version, operating system, length of visit, page views and website navigation paths as well as information about the timing, frequency and pattern of your visits. The source of the usage data is our analytics tracking system.
2.3.2 This usage data may be processed for the purposes of analysing the use of the website and the services. The legal basis for this processing is our ‘legitimate interests’, namely the proper administration of our website and business.
2.4.1 We may process information contained in any enquiry you submit to us regarding goods and / or services ‘enquiry data’. The enquiry data may be processed for the purposes of offering, marketing and selling relevant services to you.
2.4.2 The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.
2.5.1 We may process information relating to transactions, including purchases of services, that you enter into with us and/or through our website – ‘transaction data’. The transaction data may include your contact details, your card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased services and keeping proper records of those transactions.
2.5.2 The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.
2.6 We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
2.7 In addition to the specific purposes for which we may process your personal data set out in this Section 2, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
2.8 Generally, we will collect information directly from you. If we obtain your personal data from any other third party your privacy rights under this notice are not affected and you are still able to exercise the rights contained within this notice.
2.9 You do not have to supply any personal data to us however in practice we may be unable to provide our services to you without personal data (for instance we will need contact information in order to communicate with you). You may withdraw our authority to process your personal data (or request that we restrict our processing) at any time but there are circumstances in which we may need to continue to process personal data (please see below).
3. Data retention
3.1 Our current data retention policy is to delete or destroy (to the extent we are able to) personal data in accordance with the following retention periods:
Information relating to our website users
We will hold information for registered and non-registered users for 1 month from the date on which we collect the data if that user does not become a client of Fernbank Counselling and Psychotherapy. In the event that the contact does become a client, then data is retained in accordance with Fernbank Counselling and Psychotherapy’s Client Privacy Statement (which is guided by the requirements of our insurance provider).
We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
3.2 The retention periods stated in this notice can be prolonged or shortened as may be required.
3.3 We review the personal data (and the categories of personal data) we hold on a regular basis to ensure the data we are holding is still relevant to our business and is accurate. If we discover that certain data we are holding is no longer necessary or accurate, we will take reasonable steps to correct or securely delete this data as may be required.
3.4 If you wish to request that data we hold about you is amended or deleted, please see section 7 below, which explains your privacy rights.
4. Sharing your information
4.1 We do not disclose any information you provide to any third parties other than as follows:
4.1.1 we may be required to disclose certain data to regulators or other lawful authorities;
4.1.2 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example for the purposes of prevention of fraud or other crime);
4.1.3 in order to enforce any terms and conditions or agreements for our services that may apply
4.2 Other than as set out above, and in our Client Privacy Statement, we shall not disclose any of your personal data unless you give us permission to do so. If we do supply your personal data to a third party, we will take reasonable steps to ensure that your privacy rights are protected and that third party complies with the terms of this notice.
5.1. We will take all reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to safeguard the information we collect from you and protect against unlawful access and accidental loss or damage.
7. Your privacy rights
7.1 With respect to your personal data, you have the right to:
7.1.1 request that your personal data will not be processed;
7.1.2 ask for a copy of any personal data that we have about you;
7.1.3 request the correction of any errors in or update of the personal data that we have about you;
7.1.4 request that your personal data will not be used to contact you for direct marketing purposes;
7.1.5 request that your personal data will not be used for profiling purposes;
7.1.6 request that your personal data will not be used to contact you at all;
7.1.7 request that your personal data be transferred or exported to another organisation, or deleted from our records; or
7.1.8 at any time, withdraw any permission you have given us to process your personal data.
7.2 All requests or notifications in respect of your above rights may be sent to us in writing at the contact details listed below.
7.3 We will endeavour to comply with such requests as soon as reasonably possible but in any event, we will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).
8. Data breaches
8.1 We will endeavour to comply with such requests as soon as reasonably possible but in any event, we will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).
8.2 If a breach is likely to result in a high risk to your data rights and freedoms, we will notify you as soon as reasonably possible.
9. Transferring your information outside the UK or EEA
9.1 We will not transfer your personal data in a systematic way outside of the European Economic Area or UK but there may be circumstances in which certain personal information is transferred outside of the European Economic Area or UK.
9.2 If we transfer your information outside of the European Economic Area or UK, and the third country or international organisation in question has not been deemed by the EU Commission or Secretary of State (as the case may be) to have adequate data protection laws, we will provide appropriate safeguards and we will be responsible for ensuring your privacy rights continue to be protected as outlined in this notice.
10. Notification of changes
We will post details of any changes to our privacy notice on our website. Please ensure you check the website regularly for any updates.
11. Contact us
If at any time you would like to contact us with your views about our privacy practices, or with any enquiry or complaint relating to your personal information or how it is handled, you can do so by contacting us at firstname.lastname@example.org
If we are unable to resolve any issues you may have or you would like to make a further complaint, you can contact the ICO by visiting http://www.ico.org.uk/ for further assistance.
This wording was purchased from Private Practice Paperwork Ltd. and no part of it may be copied, shared or published elsewhere without direct purchase and authorisation from their website.