Pamela Wilson Counselling Services (PWCS) (collectively referred to as ‘we’, ‘they’ ‘our’ and ‘us’ henceforth) is committed to protecting your personal data in line with General Data Protection Regulations 2018 (GDPR) and the Ethical Framework of the British Association for Counselling and Psychotherapy (BACP). This means that the personal data held about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept and destroyed securely including ensuring that appropriate technical and security measures are in place to protect your personal data from loss, misuse, unauthorised access and disclosure.
This privacy notice tells you how PWCS meets these requirements.
Who is the data controller?
PWCS is the controller and is responsible for your personal data. We are registered with the Information Commissioners’ Office under the name of Ms Pamela J Wilson.
What is your personal data?
‘Personal data’ is any information about a living individual that allows them to be identified from that data. A living individual may be identified directly using the data itself or by combining it with other information that helps to identify them.
What personal data do we collect?
We may collect, handle and use the following personal data:
- Identity data such as first name, maiden name, last name, username or similar, title, marital status, date of birth, nationality, gender and education/work history.
- Contact data such as address, email address and telephone numbers.
- Transaction data such as bank account numbers.
- Special category data such as criminal convictions, mental health conditions, physical health conditions, racial or ethnic origins, political opinions, religious beliefs and sexual orientation.
How do we collect your personal data?
Personal data about you is collected via direct and indirect interaction with you. This includes email communications, text messages, telephone communications, face to face contact and online interaction with our website.
How do we hold your personal data?
Your personal data is held in messaging services (email, text and telephone) and written records (electronic or paper form). We have put suitable physical, electronic and managerial measures in place to hold your data securely. This includes storing electronic data on designated devices and in locked filing cabinets, encryption of electronic records and restricting access to your personal data to authorized individuals.
Whilst we will do our best to protect your personal data as described above, you are strongly advised never to leave telephone messages for us or send text messages or emails to us that contain personal data of a sensitive, intimate, confidential or financial nature since the transmission of data via electronic devices and services can never be guaranteed to be completely secure.
How do we use your personal data?
Your personal data is only used to provide professional services to you and to fulfill our professional and legal requirements as outlined below.
Do we share your personal data?
We may need to share your personal data with third parties, such as banks and email service providers so that we can carry out our responsibilities to you and they can carry out their responsibilities to us.
There may be some circumstances where we are required to share your personal data with health and statutory bodies, such as your GP, the Police or Social Work Services. We may do so in the following circumstances:
- Where we need to carry out our legal obligations.
- Where it is needed in the public interest.
- In relation to public claims.
- Where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
- Where there is an immediate risk of significant harm to you or others .
Where possible we will discuss this with you first and seek your explicit written consent. In circumstances where informing you of our need to share your personal data with other organisations may place you or someone else at risk of significant harm, then we may share your data without your knowledge or consent, where it is permitted by law.
In order to adhere with the Ethical Framework of the British Association for Counselling and Psychotherapy (BACP) we have a professional requirement to have regular clinical supervision. This involves reviewing our case work with a supervisor and aims to ensure that our practice is safe, appropriate and effective. The supervisor will only know you by your first name and is bound by the Ethical Framework of the BACP. This means they must store your personal data securely and respect your right to confidentiality and privacy.
If the other data controllers listed above are processing your data jointly for the same purposes as PWCS, then PWCS and the other data controllers may be “joint data controllers”. This means we are all collectively responsible to you for your data. Where each of these parties are processing your data for their own independent purposes then each of us will be independently responsible to you. If you have any questions, wish to exercise any of your rights or wish to raise a complaint (see below) about how any party has collected, handled or used your data, other than with the Information Commissioner, you should do so directly with the relevant data controller.
How long do we hold your personal data for?
We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for after which time it will be deleted or securely destroyed. When considering how long to retain your personal data, we will consider:
- The amount, nature and sensitivity of your data.
- The potential risk of harm from unauthorized use or disclosure of your data.
- The purposes for which we process your data and whether we can achieve those purposes through other means.
- Any potential or actual disputes.
- The need to satisfy our our legal and professional requirements.
In normal circumstances, this means your personal data may be retained for up to 7 years if you are 16 or over. If you are under 16 years it may be retained until your 25th birthday. In circumstances where there are concerns relating to the potential for certain criminal investigations in the future, then we may hold your data indefinitely, in line with legal requirements.
What are your legal rights relating to your personal data?
You have the following rights with respect to your personal data and can exercise any of the rights listed below. In order for us to process your request you will need to provide proof of your identity when exercising your rights. This is so we can ensure that your personal data is not disclosed to any person who has no right to access it.
1) The right to access personal data we hold on you.
You can contact us at any point to request the personal data we hold on you and to establish why we have that personal data, who has access to the personal data and where we obtained the personal data from. Once we have received your request we must respond within one month unless certain circumstances apply. There are no fees or charges for the first request, but additional requests for the same personal data or requests which are manifestly unfounded or excessive may be subject to an administrative fee.
2) The right to correct and update the personal data we hold on you.
If the data we hold on you is out of date, incomplete or incorrect, you have the right to inform us and your data will be updated. You may need to provide evidence to show that the new data you are providing is accurate.
3) The right to have your personal data erased.
If you feel that we should no longer be using your personal data or that we are unlawfully using your personal data, you have the right in certain circumstances to request that we erase the personal data we hold and we will delete that data or explain the reason why it cannot be deleted (for example because we need it for to comply with a legal obligation).
4) The right to object to processing of your personal data or to restrict it to certain purposes only.
You have the right to request that we stop processing your personal data or, in certain circumstances, ask us to restrict processing it. Upon receiving the request we will contact you and let you know if we are able to comply or if we have a legal obligation to continue to process your data.
5) The right to data portability.
You have the right to request that we transfer some of your data to another controller. We will comply with your request, where it is feasible to do so, within one month of receiving your request.
6) The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained.
You can withdraw your consent easily by telephone, email, or by post (see Contact Details below). However, this will not effect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent to the processing of your personal data, we may no longer be able to provide services to you. We will advise you of this at the time you wish to withdraw your consent.
7) The right to lodge a complaint with the Information Commissioner’s Office.
If you would like to exercise your data protection rights or if you are unhappy with how we have handled your personal data, then please feel free to discuss your concerns with PWCS or put your complaint in writing and send it to us using the details set out below. This will help us to try to resolve any issues quickly and to your satisfaction so that we can maintain our working relationship.
However, if you are unhappy with our response or believe our processing does not comply with data protection law, you have the right contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Transfer of data abroad
Any personal data transferred to countries or territories outside the European Economic Area (“EEA”) will only be placed on systems complying with measures giving equivalent protection of personal rights either through international agreements or contracts approved by the European Union.
Further processing of your personal data
We will only use your data for the purposes we have collected it, unless we reasonably consider that we need to use it for another reason. If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
Please contact us if you have any questions about this Privacy Notice or the personal data we hold about you or to exercise all relevant rights, queries or complaints at: Pamela Wilson Counselling Services, Flat 0/1, 93 Somerville Drive, Glasgow, G42 9BJ or firstname.lastname@example.org.
Changes to this notice
We keep this Privacy Notice under regular review and we will place any updates on this web page www.pamelawilsoncouselling.co.uk. This Notice was last updated in November 2018.