Who we are
Suggested text: Our website address is: https://www.gdwellbeing.co.uk.
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Who we share your data with
If you request a password reset, your IP address will be included in the reset email.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where your data is sent
Visitor comments may be checked through an automated spam detection service.
Membership of Professional Organisation
As registered members of the British Association for Counselling and Psychotherapy, I abide by the Ethical Framework for the Counselling Professions and the Supplementary Guidance for Working Online]. My registration number is 385861 (Gemma).
I confirm that I hold appropriate public/professional insurance to cover our work.
I am committed to fulfilling BACP requirements for Continuing Professional Development and regularly undertake training and supervision. In order to do this, I may discuss our work in a general way, without using names or identifying details, with our clinical supervisor and supervision groups.
Affiliations
I work independently and I am not affiliated with any other groups, organisations, agencies or practices. Complaints
If you have any questions or complaints about our professional conduct, I encourage you to email me or discuss it in your next session to see if I can resolve the issue. If I are unable to resolve your concern or if you prefer not to approach us directly, you may contact the BACP directly at www.bacp.co.uk and they will address your concerns through their complaint’s procedure detailed here https://www.bacp.co.uk/about-therapy/ask-kathleen/
Liability
B I am not liable for any event outside of our reasonable control which delays or prevents us from attending a session or otherwise fulfilling our role as set out in this Therapy Contract. I will reschedule wherever possible and inform you in the event that there is risk to the continuation of our work together.
Notwithstanding anything to the contrary, nothing in this Therapy Contract will limit or affect our liability if something I do negligently causes death or personal injury or with respect to any other liability which cannot be excluded or limited by law.
Appendix A – GDPR Privacy Notice [for Clients]
This notice describes what personal data I collect from you and how I store and process it as part of the counselling services provided by GD Wellbeing In the course of our practice I will collect, process and store personal data as a data controller.
I would like to reassure you that I adhere to all laws and procedures relating to the General Data Protection Regulation (GDPR) (EU) 2016/679, Data Protection Act 2018 or other applicable data privacy legislation and will only use your personal data to provide you with the specific service or services you explicitly agree to. I am registered with the Information Commissioner’s Office (ICO) registration reference: ZB759785
YOUR RIGHTS
-
- the right to access: You may request a copy of your clinical file for free at any time by emailing me. Your records are identifiable, retrievable and intelligible as per GDPR requirements. I will comply within 30 days.
-
- the right to rectification: You may update any of the information I hold for you at any time. I will amend them immediately.
-
- the right to erasure: You may request that I erase your data. I will comply within 30 days unless I cannot for legal reasons.
-
- the right to restrict processing: You may request that I restrict how I process your data. I will comply within 30 days unless I cannot for legal reasons.
-
- the right to object to processing: You may object to us processing your data. I will comply within 30 days unless I cannot for legal reasons.
-
- the right to data portability: Your data is retrievable and may be able to be moved if necessary.
-
- the right to complain to a supervisory authority: If you believe I have contravened the GDPR, you may contact the ICO.
-
- the right to withdraw consent: You may withdraw your consent for us to hold your information. I will comply immediately unless I cannot for legal reasons.
-
- the right to request information about the existence of automated decision-making, including profiling.
-
- the right to be notified if your personal data is rectified or erased, or processing is restricted, in accordance with the above.
DATA COLLECTION, PROCESSING & LEGAL BASIS
Below I have set out the categories of personal data and sensitive personal data (such as your genetic data or ethnic origin) I collect and how I process the data:
-
- I will hold your contact information such as name, email address, telephone number, home address as Ill as your emergency contact’s details (“Contact Information”) which I will use to provide our services and communicate either with you or your emergency contact in a secure manner;
-
- as a client, I will hold your biopsychosocial history and risk assessment data, other relevant medical history and ongoing information about your treatment and condition (“Medical Information”) which I will use in order to provide our services to you.
-
- I may hold certain financial information of yours, such as debit or credit card details, in order for us to receive payment in exchange for providing our services to you (“Financial Information”);
-
- If you visit our website, I will only hold Cookies necessary to enable the function of the Website. Information”. (A cookie is a small text file which asks permission to be placed on your computer’s hard drive or mobile device).
-
- a record of any correspondence or communication between you and us (“Communication Information”) which I will use to provide our services and communicate with you;
-
- I may hold certain information about you in order to provide information about our services. This may include names, email addresses, phone numbers, addresses, and other information (“Marketing Information”) which I will use to market and promote our services.
I will process the Contact Information on the basis that you have consented to it (for one or more specific purposes), where the processing is necessary for us to comply with our obligations under a contract with you (for instance for the provision of our services to you as a client) or for our legitimate interests in providing services to you as a client or potential client.
A legitimate interest in this context means a valid interest I have, or a third party has, in processing your personal data which is not overridden by your interests in data privacy and security. Medical Information consists of sensitive personal data and will be processed on the basis that:
-
- you have given your explicit consent to the processing;
-
- it is necessary for the purposes of preventative or occupational medicine (i.e. to assess whether an employee is able to work, for medical diagnosis, to provide health or social care or treatment, or for the management of health or social care systems) on the basis of applicable law or pursuant to a contract with a health professional; or
-
- it is necessary for the protection of your (or another person’s) vital interests, to the extent you are unable to provide consent (whether physically or legally).
I will process Financial Information on the basis of our legitimate interests (in providing services to you) or as necessary for the performance of a contract with you.
Cookie Information will be processed on the basis you have consented to it or in the case of strictly necessary cookies, on the basis of our legitimate interests in providing services to you.
Communication Information will be processed on the basis of our legitimate interests (in providing our services to you).
Marketing Information will be processed on the basis of our legitimate interests (in providing services to you) or on the basis that you have consented to it.
In addition to the above, all information may also be processed on the basis that it is necessary to comply with a legal obligation to which I are subject. Generally, I will collect information directly from you. If for any reason, I obtain your personal data from any other third party your privacy rights under this notice are not affected and you are still able to exercise the rights contained within this notice.
You do not have to supply any personal data to us however in practice I would be unable to provide our services to you without personal data (for instance I will need contact information in order to communicate with you). You may withdraw our authority to process your personal data (or request that I restrict our processing) at any time but there are circumstances in which I may need to continue to process personal data (please see below).
DISCLOSURE, DATA STORAGE & RETENTION
Who has access to your personal data? I do not disclose any information you provide to any third parties other than as follows:
-
- I may consult with other professionals involved in your treatment only with your explicit signed consent.
-
- If I believe you or another person is at risk of being harmed e.g. if I are concerned that you are in serious danger of attempting or completing suicide, in imminent danger or temporarily unable to take responsibility for your actions, I advise the relevant emergency authorities and/or your doctor and/or your nominated emergency contact. Any decision to break confidentiality would not be taken lightly. I will usually consult with our clinical supervisor and where possible, advise you as Ill. You have an ethical and legal right to know the importance of and/or see what is being said about you if you wish and I will make every effort to include you in the process except in circumstances where it would harm you or others to inform you (e.g. child protection situations, mental incapacity, terrorism).
-
- I may discuss our work in a general way with the clinical supervisor and supervision group in order to maintain high standards of practice. I will never use names or personally identifiable details.
-
- I may participate in forums, listservs, relevant online groups and other opportunities to collaborate and consult with other professionals in order to further our training and skill set. I do not share names or any identifying details.
-
- Your name may be contained in financial records and our online diary. It is possible that third parties may have access to those records, for example, an accountant, tax adviser, legal adviser or administrative assistant.
-
- I may be required to disclose some of your personal data to your health insurance company. For instance, if I invoice your health insurance company directly in respect of your treatment, I may be required to provide certain information including your Contact Information, appointment and attendance dates, progress notices and the applicable consultation or treatment fee.
-
- Clinical will – If an accident, illness or our passing prevents your practitioner from being able to contact you, I have nominated a trusted colleague who will be able to access the practitioner’s client list and contact you if necessary. I have documented the procedure to follow in a clinical will and you will be provided with necessary referrals. They will destroy personal and sensitive data and archive clinical notes safely at the appropriate time in line with GDPR requirements.
-
- I may be required to disclose certain data to regulators or other lawful authorities;
-
- If I are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime);
-
- In order to enforce any terms and conditions or agreements for our services that may apply;
-
- As necessary in order to protect both our and your rights, property and safety (for instance in relation to fraud protection).
What happens if there is a data breach?
Although I take measures to protect your data, information can be intercepted, and breaches can occur. If there is a data breach, I will follow the regulations set out in Article 33 of the GDPR. This includes notifying the ICO of the nature and consequences of the breach within 72 hours, and any measures I have taken to address it, unless the personal data breach is unlikely to result in high risk to your rights and freedoms. I will also notify you without undue delay if the breach is likely to result in a high risk to your rights and freedoms.
How long is your personal data stored for?
I review the personal data (and the categories of personal data) I hold on a regular basis to ensure the data is still relevant to our business and is accurate. If I discover that certain data I are holding is no longer necessary or accurate, I will take reasonable steps to update, correct or securely delete this data as may be required. Generally, I will aim to review all personal data held by us every 12 months.
Except where you explicitly agree otherwise or there is legal reason for us to continue storing it, your Contact Information, Financial Information, Communication Information and any other information not specifically mentioned in this section or privacy notice will be stored securely for a period of 7 years from receipt of the data or after your final session with GD Wellbeing.
What about Security?
I will take reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to safeguard the information I collect from you and to protect against unlawful access, accidental loss or damage. These measures may include (as necessary):
-
- protecting our servers with software firewalls;
-
- locating our data processing storage facilities in secure locations;
-
- encrypting all data stored on our server with an industry standard encryption method that encrypts the data between your computer and our server so that in the event of your network being insecure no data is passed in a format that could easily be deciphered;
-
- securely disposing of or deleting your data;
-
- regularly backing up and encrypting all data I hold.
I will take reasonable steps to ensure that I and our staff are aware of their privacy and data security obligations.
INTERNATIONAL TRANSFERS
Your personal data may be transferred where some of our service providers (such as hosting service provider) are based outside of the EEA and in this instance, I will ensure that I have an agreement with such service providers to provide adequate safeguards and a copy of such agreements or information as to what these safeguards are will be made available.
THIRD PARTY SERVICES
Our site may contain links to and from the website of our partner networks, advertisers and affiliates. If you follow a link to any of these website, please note that these websites have their own privacy policies and that I do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
NOTIFICATION OF CHANGES TO THE CONTENTS OF THIS NOTICE
I will post details of any changes to our policy on the GD Wellbeing website to help ensure you are always aware of the information I collect, use, and in what circumstances, if any, I share it with other parties. Please check www.gdwellbeing.co.uk regularly for any updates.