I am committed to ensuring that your privacy is protected. Should I ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
For the purpose of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)- the data controller is Sharon Nicholson. ICO Registration no. Z360090X (Information Commisioners Office)
Information that maybe collected through using this website
You may give me information about you such as, but not limited to, your name, address, email and phone number, by corresponding with me by phone, email or website contact form.
With regard to each of your visits to my site, the following information may automatically be collected:
The internet industry body, the Internet Advertising Bureau, has set up a website to provide information and advice on cookies: www.youronlinechoices.com/uk/. Another source which gives information about how to delete and control cookies is www.aboutcookies.org/.
I may provide links to other websites offered by third parties. I have no control of, and accept no liability for, their privacy policies and practices, or any breach thereof. I advise that you read the privacy policies of any other sites that you visit.
Social Media: I have a presence on social media with my Facebook page, ‘Sharon Nicholson Counselling in Weymouth’. Your engagement with this page is welcome - please not that if you interact with this page in any way, your profile name, comments and responses will be in the public domain and may affect the therapeutic process if you are engaged in counselling with me.
My website is hosted by GoDaddy and the server is based in the US. GoDaddy is covered by the US Privacy Shield, and this means that any information that may pass from the UK to the US, such as your IP address, is at an approved level of security. Please see https://www.privacyshield.gov/list for further information.
Website contact forms and email correspondence
Website Contact forms
My website provider has advised me that no information from the contact forms is stored by this website.
My website has a secure SSL Certificate and this means that there is a secure connection from the web server to browser - the padlock icon and https prefix appears in your browser bar to evidence this.
Information sent to and from my site is encrypted, so your data is transferred as securely as possible via the contact forms.
I use your email address or telephone number to correspond with you regarding your enquiry about the services of Sharon Nicholson Counselling.
I only retain your information whilst we are corresponding, it is then deleted as confidential waste.
I do not share the information you have provided via the website contact forms with any third party unless required to do so by law.
If you sign up to receive my blog posts and other information about my services by email, your email address will be retained for these purposes until you unsubscribe.
You are able to unsubscribe from my mailing list at any time.
I use Protonmail when responding to website enquiries by email. Protonmail encrypts messages in transit by using TLS (Transport Layer Security).
Emails sent between ProtonMail accounts are automatically end-to-end encrypted, so if you wish to discuss sensitive information with me via email, I will suggest that you open a free ProtonMail account to do so securely.
As I cannot guarantee the security of emails sent or received by your email provider, I advise that no sensitive information is included within your email communications.
While emails are stored in my ProtonMail inbox, they are encrypted and unable to be accessed by ProtonMail or shared with third parties. Your email provider may keep a copy of the information that you have sent.
Emails to me are deleted when action has been agreed, or you have attended your first session.
General Data Protection Regulation (GDPR) information for clients of Sharon Nicholson Counselling in Weymouth
Information I collect
What do I use this information for?
This information is used as contact, emergency contact information, and in order to fulfil my professional and contractual obligations.
Disclosure of your information
I do not share or sell your information with any third parties for marketing purposes.
I maintain confidentiality in accordance with the British Association of Counselling and Psychotherapy (BACP) Ethical Framework for Counselling professions – this can be viewed at https://www.bacp.co.uk/events-and-resources/ethics-and-standards/ethical-framework-for-the-counselling-professions/
There are very few circumstances in which I would need to share your information:
If I have safeguarding concerns regarding either yourself, children, or other people that you are in contact with, I may need to share this information with other agencies.
I will endeavour to discuss with you in the first instance, but I retain the right to break confidentiality without prior consultation with you, should I consider that the urgency of the situation requires me to act immediately to safeguard the physical safety of yourself or others.
Any information shared will be proportionate and the minimum required.
Clinical Will - In the event of my death, or becoming incapacitated, a designated counselling colleague will have access to names and contact details of my current clients. This is to enable clients to be contacted and options of how to go forward maintaining wellbeing and safety will be discussed. My colleague follows the same confidentiality processes in line with GDPR.
I may have a legal obligation to share information if the courts order me to do so.
I keep brief, anonymised notes of our sessions together in line with the requirements of my professional insurance and the limitation act - Special category data Article 9 (2)(f) 'processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity'
I have a legal obligation to report any information that relates to terrorism, money laundering and radicalisation.
Data Retention Schedule - Where I store your personal data and for how long.
If you choose not to continue with counselling after your initial assessment session, your information will be destroyed within 1 month, as confidential waste.
If you choose to continue with counselling, all paper-based notes about our sessions together are coded and stored separately from your name and contact details.
All paper-based information will be stored securely in lockable filing cabinets in my office.
If we work together, I may store your contact number in my password-protected mobile phone, it is stored with a code, not your name, and will be deleted once counselling has ended.
After we finish working together, the information I hold about you will be destroyed after 5 years (paper notes will be shredded), this is at a time that is in line with my insurance company policy.
I have a legal obligation to keep financial records for 7 years, for the purposes of tax returns.
Your rights under GDPR
You have the right to be informed.
You have the right to access the personal information that I hold about you.
You have the right to data portability. I will provide a copy of this information except in the limited circumstances in which I am permitted not to.
Requests will be processed within 30 days, and free of charge, unless manifestly unfounded or excessive. An admin fee will be charged if the request is excessive and this may take longer to process.
You have the right to request amendments to the personal information I hold about you that is inaccurate or out-of-date.
You have the right to erasure and I will take all reasonable steps to erase your information unless I need to keep it for legal, auditing or internal business purposes.
You have the right to restrict processing.
You have the right to object (not applicable to the lawful basis of legal obligation)
You have rights related to automated decision making.
It should be noted that the ICO says that these are not absolute rights https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If I discover there has been a data breach of your personal information that could put you at risk, I will undertake to tell you, and the ICO, within 72 hours.
Complaints, questions and access requests should be addressed to Sharon Nicholson at
Sharon Nicholson Counselling, Weymouth, Dorset. Tel: 07984106004