Privacy Policy- Caitlin Imray Therapy in Stirling and online

Introduction

Protecting your privacy is my upmost priority and I can assure you that your personal information will be securely stored and used only for its intended purpose. I strictly abide by existing data protection laws, including the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003.

This privacy notice outlines how I will handle your personal information from our first interaction to the end of our contact/ therapy sessions.

I am happy to discuss any queries or concerns you might have about my data protection policy and you can contact me via [email protected].

‘Data controller’ is the term used to describe the person/ organisation that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is me. I am registered with the Information Commissioner’s Office [Insert registration number]. [Company registration details if appropriate].

My postal address is: [Address]
My phone number is: [Telephone].
My email address is: [Email].

My lawful basis for holding and using your information

According to the GDPR, I must have a valid reason for processing your personal data, which varies depending on the stage of processing. Below, I’ve outlined these reasons:

• If you’ve completed therapy with me, I will use legitimate interest as the lawful basis for retaining and utilizing your personal information.
• If you’re currently undergoing therapy or considering it, I will process your personal data based on the necessity for fulfilling our contractual agreement.

Furthermore, the GDPR ensures proper handling of any sensitive personal information you may share, known as ‘special category personal information.’ The lawful basis for processing such information is its relevance to providing health treatment, in this case, counselling, and its necessity for the contractual relationship between us as health professionals.

How I use your information

Initial Contact

When you reach out to inquire about my counselling services, I’ll gather information to address your needs. This may include your full name, phone number, email and date of birth. Alternatively, your GP or another healthcare provider may provide your details when referring you, or a trusted individual may provide your information on your behalf.

If you choose not to proceed, I’ll ensure that all your personal data is deleted within a month. If you prefer an earlier deletion, you can let me know.

While you are having counselling

During your counselling sessions, rest assured that everything you share remains confidential. Confidentiality will only be breached if I have concerns about safety or risk of harm, supervision and subpoena. Further details of these are provided in our contract. I’ll always aim to discuss this with you first, unless there are safeguarding concerns preventing this.

I will maintain a record of your personal information to facilitate the smooth operation of the counselling services. These details are securely stored on password protected Google Drive. and are not disclosed to any third party.

Brief written session notes are anonymised as much as possible and are kept in a password protected Google Drive. Email correspondence will be deleted after one year if deemed unimportant. If necessary, I will save in an anonymised file in a password protected Google Drive.

After the counselling sessions conclude, your records will be retained for one week from our last contact, after which they will be securely destroyed. If you wish, you can request that I delete this sooner.

Third party recipients of personal data

Occasionally, I may share personal data with third parties, such as contracted suppliers for specific tasks. In these instances, I carefully choose which partners to collaborate with. I ensure that there is a contractual agreement in place outlining the permissible use of the shared data. I verify that they solely utilize your information for the designated task outlined in the contract.

Third party recipients of personal data include: Google Workspace and BlueHost.

Your rights

I aim to maintain transparency by providing individuals with access to their personal information if requested. You have the right to request the deletion, limitation, or end the processing of your personal data. Additionally, you can request a copy of the information held about you and object to its use in certain circumstances.

More information about your rights can be found at https://ico.org.uk/your-data-matters.

If I do hold information about you, I will:

• Provide a description of the information and its source.
• Explain the reasons for holding it, the duration of storage, and the decision-making process.
• Disclose who it may be shared with.
• Provide a copy of the information in an understandable format.

You can also request corrections to any inaccuracies in your personal information by contacting me in writing at [email protected].

If you have any concerns regarding the handling of your personal data, please reach out to me via the contact details provided above. I am open to suggestions for enhancing my data protection procedures.

For formal complaints regarding the processing of your personal information, you can contact the ICO, the regulatory authority overseeing data protection law in the UK, at https://ico.org.uk/make-a-complaint for further guidance.

Data Security

I place great importance on the security of the data I hold about you, and therefore, I am committed to taking all necessary measures to ensure that it is stored securely.

All files I keep are electronic, and stored in a password protected Google Drive. I am the only person who has access to this Google Drive.

Additional information for website owners and employers

When visitors browse my website, I utilize a third-party service, MonsterInsights (which is connected to Google Analytics), to gather standard internet log information and analyse visitor behaviour patterns.

This helps me understand metrics like the number of visitors to different sections of the site. However, this information is processed in a manner that
maintains anonymity; neither I nor MonsterInsights (which is connected to Google Analytics) attempt to identify individual visitors.

I rely on legitimate interests as the lawful basis for collecting and utilizing your personal information in this manner when you visit my website.

To continuously enhance my service to you, I utilize MonsterInsights (which is connected to Google Analytics). You can review MonsterInsights’ and Google Analytic’s privacy notice here:

• https://www.monsterinsights.com/privacy-policy/
• https://policies.google.com/technologies/partner-sites

Additionally, I utilize WordPress as the content management system for my website. You can learn more about WordPress and its approach to data protection here: https://en-gb.wordpress.org/about/privacy/.

Like most websites, we use cookies to enhance site functionality. You can find information about our use of cookies [insert link].

No user-specific data is collected by me or any third party. If you submit a form on my website, the data is temporarily stored on the web host before being transmitted to me.