top of page

Privacy Policy

Introduction

Your privacy is very important to Purple Blossom Counselling and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me.  I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.  This privacy notice tells you what I will do with your personal information from initial point of contact through to after your therapy has ended, including:

 

  • Why I am able to process your information and what purpose I am processing it for

  • Whether you have to provide it to me

  • How long I store it for

  • Whether there are other recipients of your personal information

  • Whether I intend to transfer it to another country,

  • Whether I do automated decision-making or profiling, and

  • Your data protection rights.


I am happy to chat through any questions you might have about my data protection policy and you can contact me via email at laura@purpleblossomcounselling.co.uk.


‘Data controller’ is the term used to describe the person / organisation that collects and stores and has responsibility for people’s personal data.  In this instance, the data controller is me [Laura Stoops]. 

 

I am registered with the Information Commissioner’s Office, reference number: ZB584571.


My postal address is: 18 Briar Hill, Belfast, BT8 6XW.  My phone number is: 07342498730. My email address is: laura@purpleblossomcounselling.co.uk

My lawful basis for holding and using your personal information

The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. I have
explained these below:

 

If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information.

If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract.

The GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately.  This type of information is called ‘special category personal
information’. The lawful basis for me processing any special categories of personal information is consent initially. I will then retain any counselling records in case of the need to reference
them in the future (the official legal basis is to defend against potential legal claims).

How I use your information

General enquiry

When you contact me with a general enquiry the information you share will be sent to me via email.  The email provider is GMAIL.

If you decide not to proceed with an initial chat and / or appointment, I will delete your correspondence after 1 month from your last contact.  If you would like me to delete it sooner, just let me know.

 

New client initial chat appointment
When you book an initial chat appointment, I will ask for some information to help ensure you get the most from the time. This will include your name, contact number, email address and brief details of what you would like to discuss.  This information is collected using the Google Workspace. 

Alternatively, your GP or other health professional may send me your details when making a referral or a parent or trusted individual may give me your details when booking an initial chat on your behalf.


I will ensure all your personal data is deleted within 5 years of my last contact with you. If you would like me to delete this information sooner, just let me know.

Before your first session

If you decide to begin counselling, you will be asked for some information.  This information will include, your name, your date of birth, contact details for your GP (I will only contact them if you ask me to or if there is serious risk of harm to you), details of any medical conditions, brief details on what you would like to work on in counselling.

If you are having online or telephone counselling, you will be asked for some additional information.  This additional information includes, a second contact method (phone number) for use should the connection fail during a session, an emergency contact name, and an emergency contact number. 

All of this information will be securely stored in Google Workspace.  This information will be deleted after 5 years.  If you would like me to delete this information sooner, just let me know.

While you are accessing counselling.
Rest assured that everything you discuss with me is confidential.  That confidentiality will only be broken if any of the below occur:

  • There is risk of harm to you or others

  • You share details of a serious crime (e.g. terrorist activities),

  • I am compelled by a court of law, or

  • You ask me to.

I will always try to speak to you about this first, unless there are safeguarding issues that prevent this.

I will keep a record of your personal details to help the counselling services run smoothly. These details are kept securely using Google Workspace (read their privacy policy here, https://policies.google.com/privacy?hl=en-UK) and are not shared with any third party. 

 

I will keep brief, digital notes of each session, these are kept securely in Google Workspace. 

 

For security reasons I do not retain text messages for more than 1 month. If there is relevant information contained in a text message I will add it securely to your client record on Google Workspace. Likewise, any email correspondence will be deleted after 1 month if it is not important. If necessary I will add it securely to your client record on Google Workspace.

 

After counselling has ended. 

Once counselling has ended your records will be kept for 5 years from the end of our contact with each other and are then securely destroyed. If you want me to delete your information sooner than this, please tell me.

Fees and Payment

If you choose to prepay for your sessions, or to pay online following a session, your payment details will be processed using Stripe.  To read more about Stripe and their privacy policy, click here: https://stripe.com/gb/privacy.

If you choose to pay following receipt of an invoice, your contact details will be stored in Quickbooks and invoices sent to you through the Quickbooks software.  To understand more about Quickbooks and to read their privacy policy, click here: https://quickbooks.intuit.com/hk/privacy/.

Third party recipients of personal data

I sometimes share personal data with third parties, for example, where I have contracted with a supplier to carry out specific tasks.  In such cases I have carefully selected which partners I work with. I take great care to ensure that I have a contract with the third party that states what they are allowed to do with the data I share with them. I ensure that they do not use your information in any way other than the task for which they have been contracted.

I have contracted Google Workspace to collect and store the client information outlined in the 'How I use your information' section above.  The purpose of using this system is to ensure secure handling and storage of client information in line with Data Protection and GDPR requirements and to have a secure platform to run online counselling sessions (read their privacy policy here, https://policies.google.com/privacy?hl=en-UK).  

The website provider I use is Wix and it adheres to Data Protection and GDPR requirements.  To find out more about how Wix manages privacy, read their Privacy Policy here, https://www.wix.com/about/privacy

I use Google Analytics to monitor the traffic to the website and to help better manage any marketing.  To read the Google Privacy Policy, click here, https://policies.google.com/privacy.

I have registered with the Information Commissioner's Office (ICO), reference number: ZB584571.  The ICO's role is to uphold information rights in the public interest.  They deal with any concerns over handling of personal information.  Your information would only be shared with them if you had a concern, or there was a data breach. 

Your rights

I try to be as open as I can be in terms of giving people access to their personal information. You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop processing your personal information. You also have a right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances. You can read more about your rights at ico.org.uk/your-data-matters.


If I do hold information about you I will:

  • give you a description of it and where it came from;

  • tell you why I am holding it, tell you how long I will store your data and how I made this decision;

  • tell you who it could be disclosed to;

  • let you have a copy of the information in an intelligible form.

You can also ask me at any time to correct any mistakes there may be in the personal information I hold about you.

To make a request for any personal information I may hold about you, please put the request in writing addressing it to laura@purpleblossomcounselling.co.uk.

If you have any complaint about how I handle your personal data please do not hesitate to get in touch with me by writing or emailing to the contact details given above. I would welcome

any suggestions for improving my data protection procedures.

 

If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint.

Data Security

I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept secure.  To ensure your data is secure I am using a system (Google Workspace) that is ISO/IEC 27001:2022 compliant, HIPAA compliant and GDPR UK and EU compliant.  Two Factor Authentication has been set up to further ensure the security of your information.

If you provide me with any hard copy information, such as letters, paper contracts, or I take any written notes during sessions, these will be scanned and saved to your record on Google Workspace.  The hard copies will then be shredded as soon as they are added to Google Workspace.  Storage of any hard copies before being uploaded will be in a locket cabinet.

The desktop computer I use is password protected and I have a separate business mobile with password and pin code security.  The business email address requires Two Factor Authentication to access the emails.

Visitors to my website.
When someone visits my website, I use a third party service, Google Analytics to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. I do not make, and do not allow Google Analytics to make, any attempt to find out the identities of those visiting my website.


I use legitimate interests as my lawful basis for holding and using your personal information in this way when you visit my website.


I use Google Analytics so that I can continually improve my service to you, You can read Google Analytics privacy notice here, https://policies.google.com/privacy.


I use Wix as the content management system for our website - find out about Wix and data protection here, https://support.wix.com/en/article/general-data-protection-regulation-gdpr.


Like most websites we use cookies to help the site work more efficiently - find out about our use of cookies here, www.purpleblossomcounselling.co.uk/cookie-policy.

This document was last updated on March 3, 2024

bottom of page