Legal & privacy information for The Green Rooms. Counselling, Psychotherapy and Coaching in Glasgow and Newton Mearns.
Your privacy is very important to us and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to us. We adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic
Communications (EC Directive) Regulations 2003.
The term ‘your work with us’ refers to the time you have spent with any of our team members, including receiving Counselling, Psychotherapy, Coaching, Group Therapy, Mindfulness, or any other service we have provided to you.
• Why we are able to process your information and what purpose we are processing it for
• Whether you have to provide it to us
• How long we will store it for
• Whether there are other recipients of your personal information
• Whether we intend to transfer it to another country
• Whether we do automated decision-making or profiling
• Your data protection rights.
We are happy to chat through any questions you might have about our data protection policy – you are welcome to contact us via: email@example.com
‘Data controller’ is the term used to describe the person/organisation that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is The Green Rooms.
The Green Rooms is registered with the Information Commissioner’s Office
Personal information that we collect about you will not be rented, sold or exchanged with any third parties. Data that is forwarded to third parties is used only to meet our commitments by law. No user-specific data is collected by us or any third party.
Your details may be used to monitor traffic to and from our website to help us improve the design and layout of the site. This data is collected by ’34sp.com’. We do not make, and do not allow 34sp.com to make, any attempt to find out the identities of those visiting my website.
We use legitimate interests as a lawful basis for holding and using your personal information in this way when you visit our website.
We use Google Analytics so that we can continually improve our service to you. We use WordPress as the content management system for our website.
We will never email you with marketing unless we have your express consent, and you can opt out of this any time you wish.
Personal data – Initial Contact
The GDPR states that we must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which we are processing your data:
- If your work with us has now ended, we will use legitimate interest as the lawful basis for holding and using your personal information.
- If you are currently working with us, or if you are in contact with us to consider working with us, we will process your personal data where it is necessary for the performance of our contract.
- The GDPR also makes sure that we look after any sensitive personal information that you may disclose to us appropriately. This type of information is called ‘special category personal information’. The lawful basis for us processing any special categories of personal information is that it is for provision of health treatment and necessary for a contract with a health professional.
When you contact us with an enquiry about services we will collect information to help us satisfy your enquiry. This will include your name, email address, phone number, and any other information that you wish to disclose at that time.
Alternatively, your GP or other health professional may send us your details when making a referral, or, a parent or trusted individual may give us your details when making an enquiry on your behalf. If you decide not to proceed we will ensure all your personal data is deleted as soon as practically possible. If you would like to know when this has been done, please just ask.
Personal data – Duration of our work together
In providing your personal details you consent to us using the data collected in order to meet our commitments to you and provide the service you expect. This will include sending information such as replies to questions, appointments (offers and confirmations), office location information and other information we deem necessary for you to attend a consultation or appointment. We may also contact you if you miss an appointment. We may contact you at other times if we believe it is professionally appropriate to do so. This may be via email, telephone or mail.
Rest assured that everything you discuss with us is usually confidential. That confidentiality will only be broken in the following circumstances:
- It is believed that you are in danger of serious harm.
- It is believed that another person or other people are in danger of serious harm.
- If required by a court of law.
- Within professional supervision. All Counsellors, Psychotherapists, Coaches and Mindfulness Practitioners have an ethical responsibility to attend regular Therapeutic Supervision to ensure they are giving their clients the best possible service. Client identities are not disclosed within supervision.
We will always try to speak with you about a potential or actual break of confidentiality first, unless there are safeguarding issues that prevent this.
We will keep a record of your personal details to help the services we provide you to run smoothly. These details are kept securely and are not shared with any third party (other than the companies which control the software). Your signed forms are kept in a locked cabinet, your phone number is kept on our locked phones (via a Google account) and your email address is kept within our password-protected email account (via 34sp.com).
We will keep professional written notes of each session, which are kept securely in a locked cabinet. We do not retain text messages for longer than necessary. If there is information contained in a text message that needs to be saved, we will either ask you to send the information to us via email, or we will screenshot the text and save it. Likewise, any email correspondence will be deleted after it is no longer necessary to keep.
Personal data – After we have stopped working together
Once our work together has ended, your records will be kept for approximately 3 years, and then securely destroyed. This 3-year time duration is chosen as it is the BACP’s limit on raising a complaint, and also that there is no benefit to keeping records longer than this. If you would like your records deleted sooner than 3 years, please request this.
Security and storage of Information
We have taken technical and organisational measures to ensure that all of the information that you provide to us is securely stored, and to protect your data from loss, manipulation, or unauthorised access. We limit the number of staff that have access to the software that contains personal information, and our staff are fully aware of the essential nature of confidentiality.
We continually adapt our security measures to technological progress and developments.
While we implement all reasonable security measures on this site, however, you should be aware that 100% security is not always possible.
CCTV Privacy Notice
CCTV may be used at our premises, as a security measure. We ensure that personal data acquired from CCTV is:
- Processed lawfully, fairly and transparently.
- Collected for specified, explicit and legitimate purposes, and not further processed for other purposes.
- Adequate, relevant and limited to what is necessary.
- Accurate and, where necessary, kept up to date.
- Kept in a form that allows data subjects to be identified for no longer than is necessary.
- Processed securely.
- Automatically erased after 30 days unless it indicates possible criminal acts or threats to public security.
- Accessed only by authorised personnel.
- Switched off temporarily when this is deemed necessary and appropriate.
The following technical and organisational measures are implemented, as is meeting data subjects’ rights:
- To be informed.
- Of access.
- To rectification.
- To erasure.
- To restrict processing.
- To data portability.
- To object.
- In relation to automated decision-making and profiling.
The lawful basis for processing CCTV personal data (Article 6) is for the purposes of legitimate interests pursued by the data controller:
“Indicating possible criminal acts or threats to public security by the controller and transmitting the relevant personal data in individual cases or in several cases relating to the same criminal act or threats to public security to a competent authority should be regarded as being in the legitimate interest pursued by the controller.”
CCTV footage disclosed to the police (or other competent authority as defined by Schedule 7 of the DPA 2018, whether national or international), is processed for a law enforcement process as defined by Part 3 of the DPA 2018, and not processed under the GDPR. In light of this, before we would disclose footage, we would weigh our lawful basis against the data subjects’ privacy rights.
On request, we will provide to you a copy of any CCTV footage of you including the following information:
- The purposes of the processing.
- The categories of personal data involved.
- The recipients (or categories of recipients) to whom the personal data has been or will be disclosed.
- The envisaged period for which the personal data will be stored (or, if this is not possible, the criteria used to determine that period).
- The existence of the right to request that the controller rectifies or erases the personal data or restrict processing, or to object to processing.
- The right to lodge a complaint with a supervisory authority.
- Where the personal data has not been collected direct from the data subject, any available information about its source.
- The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences for the data subject of such processing.
Your right to obtain a copy of your personal data cannot adversely affect the rights and freedoms of others. In the case of CCTV, this means we can not give you access to footage if doing so means sharing the personal data of others. In practical terms, this means we would either pixelate others’ faces before giving access or if this is “manifestly unfounded or excessive”, we would either charge a reasonable admin fee (Article 12.5) or refuse the request and document our reasons.
If you have any questions or complaints regarding our use of CCTV you can email The Green Rooms Director, Alison Barr on: firstname.lastname@example.org
European Union’s General Data Protection Regulations
From 25th May 2018, the European Union’s General Data Protection Regulations (GDPR) are in effect in all European states including the UK. The recording and use of sensitive information require your explicit consent – you need to actively state that you agree to a record being kept and used, that you have been informed of the purpose(s) for which the record is made, how it will be used, and limitations on confidentiality. This includes information about your: • Racial or ethnic origin • Political opinion • Religious belief or belief of a similar nature • Trade union membership • Physical or mental health condition • Sex life • Criminality, alleged or proven • Criminal proceedings, their disposal and sentencing • Genetic data • Biometric data, where is uniquely identifies you.
Records will be kept for the purposes of supporting the practitioner to their fullest capacity, recording any potentially legally or ethically required information, and to follow good practice guidelines. Identifying information will be present on emails, text messages, phone contact details, diary entries and via other necessary electronic means. Paper-based client notes are kept securely, and are not shown to anyone unless legally required. No names or identifying information will be recorded on client notes. Records will be deleted when they are no longer required.
You have the right to erasure of records in the following circumstances: • Where there is personal data that is no longer necessary for the purpose to which it was originally collected/processed. • When you withdraw consent. • When you object to the processing and there is there is no legitimate interest for the continuing of the processing. • If the personal data is unlawfully processed (I.e. in breach of the GDPR). • Where the personal data has to be erased to comply with a legal obligation. • Where the personal data is processed in relation to the offer of online services to a child.
In the following circumstances there may be a refusal regarding the request for erasure: • To exercise the right of freedom of expression and information. • To comply with a legal obligation or in the public interest, or the exercise of official authority. • For public health purposes in the public interest. • For archiving purposes in the public interest, scientific research, historical research or statistical purposes. • In the exercise or defence of legal claims. There are extra requirements when the request for erasure relates to children’s personal data. This is because the child may not be fully aware of the risks involved in the processing at the time of consent.
You have the right to request portability of records for your own purposes and across different services. The request must be made in writing. The records will be provided in a structured, commonly-used and machine-readable form, and will be free of charge.
You have the right of access to your records. The request must be made in writing. The data will be provided within one month free of charge. If you believe there are any inaccuracies, you can request that these are corrected, with agreement from your Counsellor/Psycotherapist/Coach. If there is a disagreement regarding what is accurate, both versions should be recorded.
Terms and Conditions – most recent update 10th January 2016
Ownership of website content
All right, title and interest in this website and all of its content, including software or HTML code, scripts, text, artwork, photographs, images, designs, video, audio and written and other materials that appear as part of this website, and all related intellectual rights (including copyright, trade marks, and rights in designs) within this website are owned by The Green Rooms. All content is provided only for your personal and non-commercial use. This means that you may not, and may not permit or help another person, to copy, publish, transmit, distribute, sell, license or otherwise exploit this website or any of its content, whether in its original format or in any modified version. (You are, however, entitled and encouraged to share the content for personal use.)
The Green Rooms retains all rights in and to our trade marks, including trade names, logos and brand names.
From time to time, we may need to modify, vary or withdraw (on either a permanent or temporary basis) some of the products and services and/or the features and specifications of some products on our website, and we reserve the right to do this. We aim to ensure, but cannot guarantee, that there are no typographical errors, inaccuracies or omissions relating to product descriptions, pricing or availability on our website. The inclusion of any products or services on this website does not guarantee that these products or services will be available at any particular time.
From time to time, this website may contain links which will direct you to external web sites or webpages operated by third parties. The Green Rooms does not control these sites, and has no liability for such third party sites and/or their content.
The Green Rooms takes all reasonable measures necessary to try to ensure that this website and its content are free from viruses and defects, but cannot guarantee that your computer equipment, hardware or software or any data stored or created by your computer equipment will not be damaged, corrupted, lost or otherwise affected if you access or use this website or any content. We recommend that you take all steps necessary to protect your equipment when using this website or any content, such as installing reputable anti-virus software. We will not be liable for any loss or corruption to data, or any damage to computer equipment, that may arise from your failing to take such reasonable precautions.
Further information on your rights (including the UK Data Protection Act) is available from the Information Commissioner’s Office website at www.ico.gov.uk