Privacy Statement

This Privacy Statement describes how our organisation collects and uses personal information. Service users should be aware that by contacting us, by using our services, and even by visiting our website, they are agreeing to be bound by this statement. Additionally: we may amend this statement from time to time by updating its contents. Service users are therefore advised to check this page from time to time to ensure that they are happy with any changes that have been made. Any queries about this Privacy Statement, or queries relating to the collection and management of personal data, may be directed to us via email at: beheardfeelbetter@gmail.com

At Bath Wellbeing Counselling, we are committed to protecting personal information so as to protect people’s privacy. We do this in accordance with the current legislation, that being the Data Protection Act 2018, which is the UK’s implementation of the General Data Protection Regulation, known as GDPR. This regulation controls how personal information, known as personal data, is used by organisations within the European Union, and how it provides greater protection for all persons. We uphold this legislation not only to ensure that everyone within our organisation is acting lawfully, but to protect the interests of those we serve, particularly our clients.  

The Data Protection Act requires those responsible for using personal data to do so according to six data protection principles. Briefly, these ensure that information is:

  • Used transparently;
  • Used for specified, explicit purposes;
  • Limited to only what is necessary;
  • Accurate and up to date;
  • Kept no longer than is necessary;
  • Handled in a way that ensures appropriate security.

According to these principles, as the data controller, Bath Wellbeing Counselling is required to be open, honest and clear with all service users, known as data subjects – right from the start – in respect of: 

  • Why information is collected, 
  • What information is collected, 
  • How information will be collected, and 
  • How information will be used 

– in relation to the services we offer. 

Why information is collected – its specified, explicit purposes – and how it is used:

Bath Wellbeing Counselling asks for information in order to deliver the service that is requested of us. Our organisation does not use your details for marketing, unless you have given us consent to do so. More specifically, the reasons why we hold personal data are as follows:

  • Identity data is collected so that we know how to refer to you, and also for communication purposes, as below.
  • Contact/communication data is collected so that we are able to contact you. This is necessary for the service we provide; however, we are happy to liaise with you as to your chosen means of communication, whether that be email, or text, for example. 
  • Sensitive data is collected in order to aid us in the task of providing counselling services, as well as providing an aide memoire for counsellors from one session to the next.

What information is collected?

  • Identity data, such as first and last names;
  • Contact/communication data, including: postal address, email address and telephone numbers, together with the preferred method of communication;
  • Sensitive data in respect of the client’s reason for seeking counselling, as well as other relevant details regarding their general and mental health; this includes medication, existing health conditions and any other factors deemed relevant to the service we provide; 

NB: The principle regarding data collection and usage being limited to only what is necessary, means that data that does not enable delivery of the service our organisation provides is neither collected, nor subsequently used and/or retained. Additionally, with regard to the principle that data should be kept for no longer than is necessary, this means that Bath Wellbeing Counselling does not retain personal data for clients who have completed their counselling, though if they express an intention to return to counselling at a later stage, or think they may return, this provides legitimate grounds for data retention. In the absence of such grounds, personal data is archived once counselling has ended. 

How information will be collected:

Personal data is usually recorded electronically during initial contact with the client, using a secure database management system, access to which is restricted to relevant personnel, via password. If it is not possible to access this system during the initial contact, information may be recorded on paper prior to transferring it to the electronic format at the earliest opportunity, after which, the paper version is shredded. Such information, together with sensitive data, may be acquired by telephone or during the initial face-to-face session. 

It is usual practice for counsellors to keep notes in respect of counselling sessions, to assist them with the service they provide. The notes are stored electronically and archived after counselling has ended. Archived notes are permanently deleted after one year. The notes do not include the client’s name, or other identifiers. Clients have the right to see these notes and accordingly, counsellors are obliged to provide them upon request; this is achieved via a Subject Access Request, as explained below.

Confidentiality:


We may need to share information about clients who we feel are at risk of harm. This is explained in our Counselling Contract which is covered during the initial counselling session. Briefly, it is considered defensible (and therefore good practice) to breach confidence, in good faith, in order to assist the prevention or detection of a serious crime. This is because a counsellor cannot be legally bound to confidentiality about a crime. In addition, in some situations, clients’ needs and/or the public interest may potentially outweigh the general duty of confidentiality – that need being a need to prevent serious harm to the client (or to others), for example. Accordingly, in a medical emergency, breaching confidentiality may be considered necessary to protect a person’s vital interests, as detailed in Article 9 (2) (c) of the  Regulation (EU) 2016/679 of the European Parliament and of the Council. Other valid reasons for breaching confidentiality include: issues pertaining to national security, acts of terrorism, drug trafficking, and safeguarding in relation to children and vulnerable adults. NB: More information on the issue of confidentiality can be found on the BACP (British Association for Counselling and Psychotherapy) website, and specifically, their publication: ‘Good Practice in Action 014 (Legal Resource): Managing confidentiality within the counselling professions,’ Section 4: Exceptions to the duty of confidentiality, pages 11 – 18.

Visitors to my website:

When someone visits my website, I use a third party service, Google analytics to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. I do not make, and do not allow Google analytics to make, any attempt to find out the identities of those visiting my website. I use legitimate interests as my lawful basis for holding and using your personal information in this way when you visit my website. I use Google analytics so that I can continually improve my service to you, you can read Google’s privacy policy here. I use WordPress as the content management system for our website – find out about WordPress and data protection. No user-specific data is collected by me or any third party. If you fill in a form on my website, that data will be temporarily stored on the web host before being sent to me.

How we use cookies:

A cookie is a small file that asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Security:

At Bath Wellbeing Counselling, personal data management adheres to the principle of appropriate security, so as to prevent unlawful access. Accordingly, our organisation adheres to the following procedures: 

  • Office hardware, including PCs and laptops, is password protected.
  • As stated above, personal data is stored electronically using a secure database management system, access to which is restricted to relevant personnel, via password.
  • We believe we use reasonable administrative, logical, physical and managerial measures to safeguard your personal information against loss, theft and unauthorized access, use and modification. Unfortunately, no measures can be guaranteed to provide 100% security. Accordingly, we cannot guarantee the security of your information.
  • Our site is not directed to children under 16. If you learn that your minor child has provided us with personal information without your consent, please contact us.

What rights do you have over your data?

All data subjects have the right:

  • To be informed about how their data is being used;
  • To access and receive a copy of their personal data and other supplementary information. This is achieved via a Subject Access Request (SAR). SARs may be made verbally or in writing, including via social media and also by a third party. Organisations must respond without delay and within one month of receipt of the request, or within three months if the request is complex. The information should be disclosed securely and provided in an accessible, concise and intelligible format. Requests may be refused only if an exemption or restriction applies. In most circumstances, organisations are not permitted to charge a fee for responding to a Subject Access Request, however, there may be a charge if a lot of information is requested, or the request takes a lot of time and effort to process. 
  • To request that inaccurate information is corrected, either because it is wrong, or because it needs updating due to changed circumstances. Correction of inaccurate data requested by a data subject is actioned at the earliest opportunity and the subject informed once this has been achieved;
  • To request the deletion of personal data;
  • To stop or restrict the processing of their data;
  • To data portability, which enables data subjects to obtain any personal data held by one organisation and reuse it, hence copying and transferring it from one service or environment to another; 
  • To object to how personal data is processed in certain circumstances;
  • To lodge a complaint with the Data Protection Commissioner.

In respect of the above, service users should be aware that some of the above requests may result in us being unable to deliver the service being requested.

Complaints:

If you are not happy with any aspect of the way we collect and use your data, we very much hope you will talk to us first. We will always do everything we can to address your concerns. However, if, having discussed the matter with us, you are still unhappy, or if you do not feel you can raise the matter with us, you have the right to complain to the Information Commissioner’s Office and you can do this via their website: https://ico.org.uk/make-a-complaint/, or by telephoning them on 0303 123 1113.

Scroll to Top