This privacy policy describes your rights and my obligations to you regarding the recording and storing of your personal information. In this privacy policy, I will let you know what information I need to collect from you before we begin counselling and what information I need to collect from you during counselling. It also covers how I store your personal information, how long for and who I may share it with. I will let you know what information you can request from me.
Your personal information.
The Data Protection Act 1998 (DPA) defines personal information as any information that can be used to identify a living individual. Individuals can be identified by various means, including their name, address, telephone number or email address.
Why do I process your personal information.
My contractual obligations to you as a counsellor are the lawful basis for my processing of your personal information. I need to process your personal information to fulfil my contractual obligations to you. I need to assess information in order to offer you counselling and your personal information helps me process the clinical decisions I make during counselling. I will also use the information I collect about you to develop a better counselling service in person and online.
What laws protect your personal information.
The DPA and the General Data Protection Regulation (GDPR) require all organisations that store personal information about people may only do so provided the information is: processed lawfully, fairly and transparently; collected for specified, explicit and legitimate purposes; adequate, relevant and limited to what is necessary; accurate and, where necessary, kept up to date; kept in a form that permits identification of information subjects for no longer than is required for the purposes for which the personal information are processed; and processed in a manner that ensures appropriate security of the personal data.
How I collect your personal information.
I will collect your personal information via the following ways: on my website: http://www.springtidescotland.com, online encrypted video call platforms such as Zoom or doxy.me, over the telephone, by Email, by SMS or WhatsApp, in writing, and in person.
How I treat your personal information.
I will treat your personal information in a way that complies with the DPA (Data Protection Act, 2018) and the GDPR (General Data Protection Regulations). The lawful, correct and respectful treatment of your personal information is essential to maintain your confidence in me as a therapist and to meet the expectations of other clients, business associates, partners and staff.
How I store your personal information.
I will store your personal information both digitally and on paper records. Digital information is stored on encrypted drives and devices that are password protected using two factor authentication and are only accessible by me. Records are stored in accordance with relevant regulations. Information is stored physically using paper records held securely in locked storage in an anonymised form. These records are also only accessible to me.
How long will I store your personal information.
According to the GDPR, your personal information should be stored no longer than necessary. In practical terms, I will usually keep your information for a minimum of 6 years following the termination of your counselling. For work with children and young people I will store your information up to and until your 18th birthday. I may need to store your data for longer than this, for instance, to defend myself in a claim or comply with my insurance terms and conditions.
What types of information I collect about you.
I will collect several types of information about you in different ways. When you visit http://www.springtidescotland.com, I will collect the following information about your visit: I.P. address, location, search engine, date, time, web pages visited, operating system, and device.
If you contact me via the web form on http://www.springtidescotland.com, I will collect the following information: name, email, date, and time.
Before determining whether to provide counselling I may ask you for the following information: name, telephone number, address, issues that you would like to address, any symptoms, when you are able to meet for sessions.
Once you have decided that you want to work with me and your therapy commences, I will collect further information from you that may include but is not limited to: G.P. contact details, home address, telephone number, next of kin, medical history, mental health history, social history.
‘Special category’ information.
Special category information is defined by the GDPR as being more sensitive than other personal information and requiring higher levels of protection. Examples of this may include information about your health, race, sexuality, sex life, or religion. To lawfully process special category information, I am obliged to identify a specific condition for processing it under Article 9 of the GDPR and communicate this to you. With this in mind, the state of the GDPR that I apply to process your special category information is ‘pursuant to a contract with a health professional’. This means that if you begin counselling with me, or ask me to discuss us working together then I will probably need to process some special category information about you. Usually, this is information about your mental health, and I need to process it to fulfil my contractual obligations to you in delivering safe, effective counselling.
A ‘data controller’, and the ‘data controller’ for Springtide Scotland.
The GDPR defines a ‘data controller’ as the person in an organisation who: ‘determines the purposes and means of processing personal data’. For the GDPR, the ‘data controller’ at Springtide Scotland is Jonathan (Jonny) Lovett.
Who else I collect information about.
I collect and process information about the individuals with whom my business operates. These include clients, staff, suppliers and other business contacts. I may collect information about other people or entities brought to my attention in the course of our counselling work when I am required to do so by law including adult and child protection legislation, money laundering, proceeds of crime and hit and run.
Who your personal information will be shared with.
Some of your personal information may be shared with your G.P. or another healthcare professional under certain exceptional circumstances and my aim is to always consult with you before such disclosures whenever it is possible to do so. These include the requirements of a court of law, the threat of severe physical harm to you or others, or during regular consultations with my professional supervisor. Some of your personal information, such as website visits, telephone call data, or payment information, is shared with the website provider, mobile phone operator, or card payment provider, respectively. These providers operate under their privacy policies, which can be provided upon request. In the event of my death a named person will have access to the records in order to deal with my personal and business affairs in accordance with instructions set out in my professional will. The named person will be a registered counsellor and be subject to the the same ethical standards and confidentiality obligations as I am.
Asking for a copy of the personal information that I store about you.
Yes. The DPA allows you to find out what information I store about you by requesting a copy. Any request you make to obtain a copy of the personal information I hold about you is called a ‘Subject Access Request’. You can ask for a copy of my information about you. I must respond to your request immediately, usually within one month. I may charge a fee for providing this information based on the administrative costs involved.
Requesting that I delete your personal information.
Yes. This is known in the new legislation as the Right to Erasure. You can request that your personal information be deleted. There may be an administrative charge for this. I may also have the right to refuse to comply with your request, for example, to defend myself in a claim or to comply with my insurance terms and conditions. I will let you know my response to your request within one month of receiving it.
Objecting to or complaining about the processing of your personal information by Springtide Scotland.
Yes. Whilst I hope that the policy outlined above will be sufficient to reassure you of the security of your personal information, should you wish to object or complain about how I am handling your personal information, please feel free to communicate this to me at the earliest possible opportunity. I will do my best to address your concerns and take steps to resolve any issues you may raise. Should you wish to take the matter further, please contact the Information Commissioner’s Office at 0303 123 1123, or visit https://ico.org.uk/concerns/ for more information. Please get in touch with the Information Commissioner’s Office.
Springtide Scotland 