PRIVACY POLICY
ACCESSING THE WEBSITE
This website, with the exception of the items listed below, does not store or capture personal information, but merely logs the user’s IP address (Internet Protocol: standard allowing data to be transmitted between two devices) which is automatically recognised by the webserver. This site uses cookies to keep track of your browser session, otherwise, it does not collect any personal information about you except that required for system administration of the website. Cookies are pieces of data created when you visit a site, and contain a unique, anonymous number. They are stored in the cookie directory of your hard drive, and do not expire at the end of your session
COOKIE POLICY
Cookies are small text files stored on your computer by your browser. They’re used for many things, such as remembering whether you’ve visited the site before or to help us work out how many new website visitors we get each month. They contain information about the use of your computer but don’t include personal information about you (they don’t store your name, for instance).
This is standard practice for all websites and are essential in helping us deliver a high quality website experience to you. If you do not know what cookies are, or how to control or delete them, then we recommend you visit AboutCookies.org for detailed guidance.
If you are not happy for us to use cookies, then you should either not use this site, or you should delete this site’s cookies after visiting it, or you should browse the site using your browser’s anonymous usage setting (called Incognito
in Chrome, InPrivate
for Internet Explorer, Private Browsing
in Firefox and Safari etc.)
POLICY SCOPE
This privacy statement only covers this website. Links within this site to other websites are not covered by this privacy policy.
PRIVACY NOTICE
(WHY WE COLLECT YOUR PERSONAL DATA AND WHAT WE DO WITH IT)
WHY WE COLLECT YOUR DATA
When you supply your personal details to this practice they are stored and processed for four reasons (the terms in bold are those relevant terms used in the Data Protection Act 2018, which includes the General Data Protection Regulation):
1. We need to collect personal information about your mental health and emotional well-being in order to provide you with the best possible treatment. You requesting psychotherapy/counselling and our agreement to provide that care constitutes a contract. You can, of course, refuse to provide the information, but if you were to do that we would not be able to provide therapy.
2. We have a “Legitimate Interest” in collecting that information, because without it we couldn’t do our job effectively and safely.
3. We also think that it is important that we are able to make contact with you in order to confirm your appointments with us or to update you on matters related to your psychotherapeutic and counselling treatment. This again constitutes “Legitimate Interest”.
4. Provided we have your consent, we may occasionally send you general mental health and well-being information in the form of articles, advice or newsletters. You may withdraw this consent at any time by unsubscribing or by getting in touch with us in a way most convenient to yourself.
We have a legal and insurance obligation to retain your psychotherapy and counselling records for 5 years after your most recent appointment (or up to the age of 25, where the records are those of a child), but after this period you can ask us to delete your records if you wish.
Your psychotherapy and counselling records are stored on paper, in locked filing cabinets, and the building is always locked and alarmed when not in use.
Your non-psychotherapy/counselling records are stored electronically (“in the cloud”). We have taken steps to ensure that this provider is fully compliant with the General Data Protection Regulations. Access to this data is password protected, and the passwords are changed regularly.
Some non-psychotherapy/counselling data is stored on our office computer. These are password -protected, backed up regularly, and the building is locked and alarmed when not in use.
To communicate within the practice we make use of ‘Slack’, an encrypted messaging software, and face-to-face. Here your personal non-psychotherapy/counselling information may be communicated between other UKCP or BACP registered psychotherapists/ counsellors and the relevant practitioner to facilitate your appointment or treatment through peer, group or individual supervision. Slack are self-certified with the EU-US Privacy Shield.
WHAT WE DO WITH YOUR DATA
- We will never share your data with anyone who does not need access without your written consent. Only the following people will have routine access to your data:
- Your practitioner(s) in order that they can provide you with psychotherapy or counselling treatment;
- Our reception staff, because they prepare our psychotherapy/counselling notes and in order to organise our practitioners’ diaries, and coordinate appointments. All reception staff have signed stringent non-disclosure agreements;
- We use Mailchimp to coordinate our messages, so your name and email address may be saved on their server. Mailchimp is fully GDPR compliant.
- From time to time, we may have to employ consultants to perform tasks which might give them access to your personal data (but not your psychotherapy/counselling notes). We will ensure that they are fully aware that they must treat that information as confidential, and we will ensure that they sign a non-disclosure agreement.
YOUR RIGHTS
- You have the right to see what personal data of yours we hold, and you can also ask us to correct any factual errors. Contact us for a Data Subject Request Form.
- Provided the legal minimum period has elapsed you can also ask us to erase your records. Contact us for a Data Subject Erasure Request Form.
- Under certain conditions you have the right to restrict processing of your data
- You have the right to have your data transferred to other organisations including but not limited to psychotherapists, psychiatrists, medical consultants, and insurance companies.
We want you to be absolutely confident that we are treating your personal data responsibly, and that we are doing everything we can to make sure that the only people who can access that data have a genuine need to do so.
Of course, if you feel that we are mishandling your personal data in some way, you have the right to complain. Complaints need to be sent to what is referred to as the “Data Controller”. Here are the details you need for that:
Nadine Wilson
email: counselling@sunflowerpsychotherapy.co.uk
Telephone: 07857655105
Address: 315 Zellig Building, Digbeth, Birmingham, B9 4AA
If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office.
Address: Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Telephone: 0303 123 1113
Email: https://ico.org.uk/global/contact-us/email/