Privacy Policy for Counselling Network Website (UK)

Last Updated: [Date - e.g., October 26, 2023]

At Counselling Network, we are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, and protect your personal data when you use our website [Your Website Address Here] (the "Website") and engage with our counselling services. Counselling Network is based in the UK and operates in accordance with UK data protection law, including the General Data Protection Regulation (GDPR) as implemented by the Data Protection Act 2018.

1. Who We Are (Data Controller)

Counselling Network [Your Business Name or Therapist Name if Sole Trader] is the data controller responsible for your personal data collected through this Website.

2. What Personal Data We Collect

We may collect and process the following types of personal data:

* Personal Information you Provide Directly:

This includes information you provide when you:

• Contact us: Name, email address, phone number, and any information you choose to include in your message.
• Book an appointment: Name, email address, phone number, and potentially brief details about your counselling needs.
• Create an account (if applicable): Username, password, and potentially further profile details.
• Complete online forms or questionnaires: Information relevant to your counselling needs, well-being, or career.
• Participate in surveys or provide feedback.

* Sensitive Personal Data (Special Category Data):

In the context of providing counselling services, we may collect information about your:

• Mental and emotional health.
• Well-being.
• Personal circumstances and challenges.
• Therapy session notes (kept securely and confidentially by your therapist).

* Website Usage Data (Automatically Collected):

When you visit our Website, we may automatically collect certain information, including:

• IP address.
• Browser type and version.
• Operating system.
• Referring website.
• Pages you visit on our Website.
• Date and time of your visit.
• Cookies and similar tracking technologies (see section 9 below).

3. How We Collect Your Personal Data

We collect your personal data through the following means:

• Directly from you: When you actively provide information through our Website, forms, email, phone, or during counselling sessions.
• Automatically: Through cookies and similar technologies when you browse our Website.

4. Purposes of Processing and Legal Bases

We process your personal data for the following purposes and rely on the following legal bases under GDPR:

5. Who We Share Your Personal Data With

We may share your personal data with the following categories of recipients:

• Therapists within Counselling Network: Your personal data may be shared with the therapist you are working with to provide counselling services. All therapists are bound by confidentiality agreements and professional ethical codes.
• Service Providers: We may use third-party service providers who process data on our behalf, such as:
  • Website hosting providers.
  • Email service providers.
  • Payment processors (if applicable for online payments).
  • Analytics providers (e.g., Google Analytics).
  • IT support providers.

  We will have contracts in place with these providers to ensure your data is processed securely and in accordance with data protection law.

• Legal and Regulatory Authorities: We may disclose your personal data if required by law, legal process, or governmental request, or to protect our rights, property, or safety, or the rights, property, or safety of others.
• In Safeguarding Situations: In exceptional circumstances where there is a serious risk of harm to yourself or others, we may need to disclose information to relevant safeguarding authorities or emergency services. This would only be done in accordance with legal and ethical guidelines.

6. International Data Transfers

We primarily store and process your personal data within the UK and European Economic Area (EEA). If we transfer your data to countries outside the UK/EEA, we will ensure that appropriate safeguards are in place to protect your data, such as:

• Transferring to countries deemed to provide an adequate level of data protection by the UK or EU.
• Using Standard Contractual Clauses approved by the UK Information Commissioner's Office (ICO) or the European Commission.

7. Data Retention

We will retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including for the duration of our counselling relationship, and to comply with legal, regulatory, accounting, or reporting requirements. Retention periods for counselling records are typically defined by professional guidelines and legal requirements.

• Enquiry Data: Data from general enquiries will be retained for [e.g., 12 months] after the enquiry is closed.
• Client Records: Counselling records will be retained for [e.g., 7 years] after the end of the therapeutic relationship, in accordance with professional guidelines and insurance requirements.
• Marketing Data (if consent given): We will retain marketing data until you withdraw your consent or indicate you no longer wish to receive marketing communications.
• Website Usage Data: Website usage data is typically retained in anonymized and aggregated form for analytical purposes for [e.g., 2 years].

After the retention period expires, your personal data will be securely deleted or anonymized.

8. Your Data Protection Rights

Under GDPR, you have the following rights regarding your personal data:

• Right to be informed: You have the right to be informed about the collection and use of your personal data (which is the purpose of this Privacy Policy).
• Right of access: You have the right to request access to the personal data we hold about you and to receive a copy of it (Subject Access Request).
• Right to rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
• Right to erasure ("right to be forgotten"): In certain circumstances, you have the right to request that we erase your personal data.
• Right to restrict processing: In certain circumstances, you have the right to request that we restrict the processing of your personal data.
• Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
• Right to object: You have the right to object to the processing of your personal data in certain circumstances, including for direct marketing purposes.
• Rights in relation to automated decision making and profiling: We do not currently use automated decision-making or profiling that significantly affects you. If we do so in the future, you will have the right to object and to have human intervention.

To exercise any of these rights, please contact us using the contact details provided in section 1. We may need to verify your identity before responding to your request.

9. Cookies and Similar Technologies

Our Website may use cookies and similar tracking technologies to collect website usage data. Cookies are small text files that are placed on your device when you visit a website. We use cookies for the following purposes:

• Essential Cookies: These cookies are necessary for the Website to function properly, such as enabling core site functionality, security, and accessibility.
• Analytics Cookies: These cookies help us understand how visitors use our Website, such as which pages are visited most often, and how users navigate the site. This information helps us improve our Website. We may use Google Analytics for this purpose.
• Functionality Cookies (Optional): We may use functionality cookies to remember your preferences (e.g., language settings) and enhance your user experience.

You can manage your cookie preferences through your browser settings. You can choose to accept or reject cookies, or to be notified when cookies are being set. Please note that disabling certain cookies may affect the functionality of our Website.

For more information about cookies and how to manage them, you can visit www.allaboutcookies.org.

10. Security of Your Personal Data

We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, destruction, or damage. These measures include:

• Secure storage of data.
• Encryption of sensitive data.
• Access controls to limit who can access your personal data.
• Regular security assessments and updates.
• Confidentiality agreements for all staff and therapists.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will post any changes on our Website and update the "Last Updated" date at the top of this policy. We encourage you to review this Privacy Policy periodically. For significant changes, we will endeavour to provide more prominent notice or, where required by law, seek your consent.

12. Contacting Us and Complaints

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us using the contact details provided in section 1.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. You can contact the ICO at: