1.1 We are Natasha Krystyna Counselling. We take the privacy of your information very seriously and this Privacy Notice is designed to tell you about our practices regarding the collection, use and disclosure of personal data which may be obtained via our website or other means including online forms, email, or phone.
1.2 In this notice “you” refers to any individual whose personal data we hold or process (but it does not relate to personal data relating to our employees or staff).
1.3 In general, we provide counselling and psychotherapy services. If we do provide such services to you, please note a separate “Privacy Notice for Clients” will apply and will be provided to you. We do not process personal data on a large scale, but we will hold and process personal data in order to supply our services and this privacy notice explains how we do so.
1.4 This notice is governed by the EU General Data Protection Regulation (the “GDPR”), UK GDPR, Data Protection Act 2018 and any other applicable data or privacy legislation.
2. Categories of Personal Data and Legal Basis
2.1 Below we have set out the categories of data we collect and how we process the data (for information about legal basis, please see below):
2.1.1 we will hold contact information for our users who have registered with us, such as name, email address and telephone number (for authentication) (“Contact Information”) which we will use to provide our services and communicate with you;]
2.2 We process Contact Information on the basis of the performance of our contract with our client, on the basis of our legitimate interest in providing our services to our clients and users or in certain circumstances as may be necessary for compliance with a legal obligation to which we are subject.
2.3 Generally, we will collect information directly from you. If we obtain your personal data from any other third party your privacy rights under this notice are not affected and you are still able to exercise the rights contained within this notice.
2.4 You do not have to supply any personal data to us however in practice we may be unable to provide our services to you without personal data (for instance we will need contact information in order to communicate with you). You may withdraw our authority to process your personal data (or request that we restrict our processing) at any time but there are circumstances in which we may need to continue to process personal data (please see below).
3. Data retention
3.1 Our current data retention policy is to delete or destroy (to the extent we are able to) personal data in accordance with the following retention periods:
Information relating to our website users
We will hold information for registered and non-registered users for 1 month from the date on which we collect the data, or, if later, from the date on which you cease to be a registered user.
3.2 The retention periods stated in this notice can be prolonged or shortened as may be required.
3.3 We review the personal data (and the categories of personal data) we hold on a regular basis to ensure the data we are holding is still relevant to our business and is accurate. If we discover that certain data we are holding is no longer necessary or accurate, we will take reasonable steps to correct or securely delete this data as may be required.
3.4 If you wish to request that data we hold about you is amended or deleted, please see section 7 below, which explains your privacy rights.
4. Sharing your information
4.1 We do not disclose any information you provide to any third parties other than as follows:
4.1.1 we may be required to disclose certain data to regulators or other lawful authorities;
4.1.2 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example for the purposes of prevention of fraud or other crime);
4.1.3 in order to enforce any terms and conditions or agreements for our services that may apply]
4.2 Other than as set out above, we shall not disclose any of your personal data unless you give us permission to do so. If we do supply your personal data to a third party, we will take reasonable steps to ensure that your privacy rights are protected and that third party complies with the terms of this notice.
5.1 We will take all reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to safeguard the information we collect from you and protect against unlawful access and accidental loss or damage.
5.2 We will take reasonable steps to ensure that our employees are aware of their privacy and data security obligations.
6.2 If you choose not to accept or disable certain cookies, this will not affect your access to the majority of information available on our website however certain online services may not be available.
7. Your privacy rights
7.1 With respect to your personal data, you have the right to:
7.1.1 request that your personal data will not be processed;
7.1.2 ask for a copy of any personal data that we have about you;
7.1.3 request the correction of any errors in or update of the personal data that we have about you;
7.1.4 request that your personal data will not be used to contact you for direct marketing purposes;
7.1.5 request that your personal data will not be used for profiling purposes;
7.1.6 request that your personal data will not be used to contact you at all;
7.1.7 request that your personal data be transferred or exported to another organisation, or deleted from our records; or
7.1.8 at any time, withdraw any permission you have given us to process your personal data.
7.2 All requests or notifications in respect of your above rights may be sent to us in writing at the contact details listed below.
7.3 We will endeavour to comply with such requests as soon as reasonably possible but in any event, we will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).
8. Data breaches
8.1 If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will report this to our data protection manager and/or the ICO as is deemed necessary.
8.2 If a breach is likely to result in a high risk to your data rights and freedoms, we will notify you as soon as reasonably possible.
9. Transferring your information outside the UK or EEA
9.1 We will not transfer your personal data in a systematic way outside of the European Economic Area or UK but there may be circumstances in which certain personal information is transferred outside of the European Economic Area or UK.
9.2 If we transfer your information outside of the European Economic Area or UK, and the third country or international organisation in question has not been deemed by the EU Commission or Secretary of State (as the case may be) to have adequate data protection laws, we will provide appropriate safeguards and we will be responsible for ensuring your privacy rights continue to be protected as outlined in this notice.
10. Notification of changes
We will post details of any changes to our privacy notice on our website. Please ensure you check the website regularly for any updates.
11. Contact us
If at any time you would like to contact us with your views about our privacy practices, or with any enquiry or complaint relating to your personal information or how it is handled, you can do so by contacting us at firstname.lastname@example.org
If we are unable to resolve any issues you may have or you would like to make a further complaint, you can contact the ICO by visiting http://www.ico.org.uk/ for further assistance.
This wording was purchased from Private Practice Paperwork Ltd. and no part of it may be copied, shared or published elsewhere without direct purchase and authorisation from their website.