Who we are
I am Jody Robins am a registered Data Controller with the Information Commissioner’s Office (ICO) and my registration number is ZA734483.
If you have any questions regarding this policy or my privacy practices then it should be sent to firstname.lastname@example.org.
What is Personal Data?
As defined under the Data Protection Act 1998 (DPA) ‘personal data’ means any information that can be used to identify a living person, known as the ‘data subject’ which may include your name, email, address or more sensitive data for example, such race, ethnic origin, religion as an example.
Why do you want to process my Personal Data?
When you become a client, a contract is formed between you and me and so I need to process your data in order to be able to fulfil my contractual and professional obligation to you as a therapist. The legal basis for my use of your personal data is necessary in order for me to supply the service to you and my contractual obligations as set out in the counsellor and client agreement for the purposes of our legitimate interests. This may include for example, assessing whether you are suitable for the service I provide, emailing you to arrange times or keeping a record of our session.
What Personal Data do I collect from you?
There are a number of ways in which you may explicitly and intentionally provide me with consent to the collection of certain personal information.
I will only process data about you in the following circumstances:
- When you fill in my contact form ‘Ask me a question’ on my FAQ page (www.aimcounselling.co.uk/faq) to ask a question about my service, I will require your name and email address.
- When you fill in my contact form to ‘Request an appointment’ on the contact us page (www.aimcounselling.co.uk/contactus) I will require your name, email address, telephone number (optional) and additional information (optional).
- When you use the tawk.to online chat on my website for information I will require your name, email address and a brief message on your query if offline.
- When you contact me, whether by telephone, by post, through my website, via my social media page(s), by e-mail or via a professional directory, I collect the data you have given to me in order to reply with the information you need. I may keep personally identifiable information associated with your message, such as your name and email address so as to be able to track my communications with you to provide a good service.
- When you email, text or phone me to make a request, appointment, cancellation or any other business I may keep a copy of our correspondence until it is no longer relevant to do so.
- In the assessment form I will require personal and sensitive data to see if my service is suitable.
- In the client and counsellor agreement I will require your full name and signature.
- I use a business only smartphone for my practice which allows me to contact you in the event of technological breakdown, in the case of an emergency or if you have requested as your preferred method of contact. If you receive telephone counselling, then I will store your phone number using a reference number instead of your name for telephone counselling only.
- When you send me an email it may contain your name, email address, contact information and other personal content if relating to assessment, general housekeeping (appointments) or any other correspondence that is relevant to me providing you a service within our contractual obligations.
- Over instant message I will require your telephone number or email address.
- Sessions notes which will hold a brief summary of our session, the main themes, any goals, objectives and interventions etc.
- Scores from assessment tools such as CORE-OM, GAD7 and PHQ9 to assess the level of service I provide but in a way that could not identify you or another person.
- When I send you an invoice (using Stripe) I will require your name, email address and payment information.
- Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data.
- I may collect information about your computer, including where available, your IP address, operating system and browser type. This is statistical data about our users’ browsing actions and patterns and is collected for system administration purposes and is not personalised to you. This is carried out using Google Analytics.
- The anonymous information generated by Google Analytics cookies about your use of this website is transmitted to Google. This statistical information is processed to compile statistical reports on website activity for this site. This information helps us to optimise our content to better meet the needs of our customers.
How will I use your personal data?
- For responding to an enquiry through my website, telephone, email, text, IM, social media or a directory.
- For all housekeeping duties (admin, appointments etc)
- For sending an invoice
- For accessing an online counselling session on videocall, voicecall, IM or email
- For telephone counselling
- For keeping a client record in a cloud-based customer management system (CMS)
- For assessment
- For reviews and progress
- For interventions between sessions (e.g. sending and receiving resources)
- To seek feedback
When might you share my personal data?
By using my service you agree that your personal data and content may be shared with a third party only where they assist in my operational activities which includes my cloud based customer management system (CMS) BACPAC (bac-pac.co.uk), my website hosting provider AWS (Amazon Web Services) and payment service provider (Stripe) who all adhere to the requirements of GDPR. The content of our sessions whether face to face or online will not be communicated with a third party except for the purposes stated in the client and counsellor agreement and the monthly supervision of my work which is a requirement of my professional bodies (BACP and ACTO). I will only use your first name with my supervisor and issues are discussed in a general context to help ensure that I am working ethically and safely with clients. Information will be shared with a third party as agreed in the client and counsellor agreement if I thought you were going to harm yourself or someone else, this is something I will try and talk to you about first where possible. Third parties may hold access to information gained through our communication together. This may include for example, information gained through cookies, or your browsing activity, information from phone contact between us, information about payments and informed derived from our work online via email, video and voicecall/instant messaging software. This will normally relate to times and durations of communication rather than content I am subject to the law like everyone else and occasionally I must process your information in order to comply with a statutory obligation. I may be required to give information to legal authorities if they request or if they have the proper authorisation such as a search warrant or court order which may include your personal data. Otherwise I can confirm that I do not provide, sell or disclose personal information that I hold about you to third parties without your express permission or where I am under duty to do so by an organisational policy (e.g. the charity I work for) or applicable law.
How do you store my personal information?
To keep your data secure I use an encrypted cloud-based customer management system (CMS) for client data which was built with GDPR and counsellors in mind by Marsden, called bacpac. Marsden have been vetted by the NHS and Ministry of Defence and this system offers the same high level of protection as NHS services. On saving it heavily encrypts your personal data on save and it ensures that your data is backed up in the event of a technological failure my end. Once I have inputted your data onto bacpac I destroy all files that may include personal data for example, the referral and assessment form. I keep a copy of the client and counsellor agreement in bacpac and also on an encrypted drive on my computer which is also password protected.
I keep your email address and telephone number where relevant in my practice email account (Protonmail), in the video and voicecall software and instant messaging software which are cloud based.
I keep your phone number for phone counselling in my business mobile phone using your reference number only and my phone data is back up to the cloud.
For how long do you store my personal information?
Where applicable on completion of our work any information relating to you on my business email, business smartphone, video or voicecall software and instant messenger will be erased.
I delete emails, text messages and voicemails once they are no longer relevant to my contractual obligations.
You have a right to access and obtain a copy of the personal data that I hold about you. You have the right to ask me to correct your personal data if there are any errors or it is out of date. In some circumstances you may also have a right to ask me to restrict the processing of your personal data until any errors are corrected. You have the right to object to the processing of your data where the service is relying on legitimate interests as the legal ground for processing, and you have the right to have your personal data erased which is also known as the ‘right to be forgotten’ however the right is not absolute and only applies in certain circumstances as I can decline whilst the information is still needed to practice lawfully and competently.
You can obtain further information about these rights from the Information Commissioner’s Office at: www.ico.org.uk or via their telephone helpline (0303 123 1113).
If you would like to exercise any of these rights you can do this by sending me an email to email@example.com.
How can I access and update my personal information?
The accuracy of your information is important to me. I comply with all applicable regulation when giving people access to their personal information. You can find out if I hold any personal information by making a ‘subject access request’ under Data Protection Legislation. If I do hold any information about you I will;
- Give you a description of it
- Tell you why I am holding it
- Tell you who it can be disclosed to (within this policy and the client and counsellor agreement)
- Let you have copy of the information in an intelligible form.
If you would like to access any of the information I hold about you or you have any concerns regarding the way I have processed your information then please email me at firstname.lastname@example.org. After I have received your request, I will tell you when I expect to provide you with the information and whether I require any fee for providing this to you.
When I receive any request to access, edit or delete personal identifiable information I shall first take reasonable steps to verify your identity before granting you access or otherwise taking any action which is important in safeguarding your information.
I am committed to ensuring that your information is secure, and a number of security measures have been put in place to protect against the loss, misuse and alternation of any personal information I receive from you via the website. For example, my website uses an encrypted connection to make it difficult for unauthorised people to view information travelling between the web server and your device.
Unfortunately, the transmission of information via the internet can never be guaranteed to be 100% secure. As a result, whilst I strive to protect your personal data I cannot guarantee the security of any information you transmit to me and you do so at your own risk. Once I receive your information, I use strict security measures to try and prevent unauthorised access for example an encrypted customer management system with a 2 factor authentication, a secure and encrypted email platform (Protonmail) with 2 factor authentication and password protected work computer and work phone.
Information relating to payment
Your debit or credit card number and other payment information is never taken by me or transferred to me either through my website or otherwise.
Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. Cookies are uniquely assigned to you and can only be read by a web service in the domain that issues the cookie to you. They allow information gathered on one web page to be stored until it is needed for use on another thus allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved. They do not identify you as an individual and cannot be used to run programs or deliver viruses to your computer.
If you leave a comment on our website you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
Links to other websites
My website contains links to other websites run by other organisations. Any link you make to or from a 3rd party website will be at your own risk and I cannot be held responsible for the privacy policies, confidentiality, data and security of the owners and operators of the third-party site. Unless otherwise expressly agreed in writing, A.I.M Counselling is not in in any way associated with any of the third party websites that have been linked from this site, or responsible for the content and services offered by them or for anything in connection with 3rd party websites. A.I.M Counselling disclaims liability for any loss, damage and any other consequence resulting directly or indirectly from or relating to your access to the 3rd Party Website, or any information that you may provide or any transaction conducted on or via the 3rd Party Web site or the failure of any information, goods or services posted or offered at the 3rd Party Website or any error, omission or misrepresentation on the 3rd Party Website or any computer virus arising from or system failure associated with the 3rd Party Website.
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website therefore I cannot be held responsible for the content or information presented and I encourage you to read the privacy statements, confidentiality, data and security policies of other sites.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
When I receive a complaint, I record all the information that I receive from you to seek a resolution. If your complaint reasonably requires me to contact another person, I may decide to give to that other person some of the information contained in your complaint. This does not happen often but it is a matter for my sole discretion as whether and what information I give.
If I receive a complaint about the content of my website or any of my marketing literature, then I will investigate this. If I believe it to be justified or within the jurisdiction of the law then I will remove the content whilst an investigation is in progress.
If I think your complaint is vexatious or without any basis then I shall not communicate with you about it.
If a dispute cannot be settled, then I hope you will agree to attempt to resolve it by engaging in good faith with me in the process of mediation. If you are in any way dissatisfied about how I process your personal information then you have a right to lodge a complaint with the Information Commissioner’s Office at: www.ico.org.uk or via their telephone helpline (0303 123 1113).
In the event of my death or incapacitation through illness, a nominated person will receive the name and contact details only of all my current clients with whom I have a counselling relationship with the purpose to inform them only.
I may update or make changes to this policy from time to time as necessary so please check back occasionally to ensure that you are happy with any changes. The terms that apply to you are those posted here on my website and by using my website and my practice you are agreeing to be bound by this Policy. Where you are a client this policy also applies to you and the terms set out in the counsellor and client agreement.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.