This Privacy Policy explains how I, Sharon Nicholson, use and protect any information that you give to me when you use this service.
I am committed to ensuring that your privacy is protected. Should I ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.
By visiting www.sharon-nicholson.com and working with me, you are accepting and consenting to the practices described in this policy.
By continuing to use my site, you are agreeing to my use of cookies described below.
Any changes I make to my privacy and cookie policy will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any changes to my privacy and cookie policy.
For the purpose of the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) - the data controller is Sharon Nicholson. ICO Registration no. Z360090X (Information Commisioners Office)
Data that maybe collected about you
You may give me information such as your name, email address and contact number through filling in a form on this site or through correspondence by email, phone or otherwise.
I may also receive information about you from other sources such as Google Analytics, technical information such as your computer IP address, browsing type and information about your site visit such as URL, date and time, page interactions.
Cookies
My site uses cookies to distinguish you from other users of my site and to help with the performance of my website. A cookie is a small file of letters and numbers that my site may store on your browser or the hard drive of your computer, if you agree. Cookies contain information that is transferred to your computer’s hard drive.
My site uses the following cookies:
Strictly necessary cookies that are required for the operation of my site.
Functionality cookies to help remember your preferences.
Analytic cookies that help recognise and count the number of visitors to my site.
If you do not want my site to use cookies in your web browser, you can decline them in the cookie policy pop up or change your browser settings so that it blocks cookies altogether.
Please note that some of my cookies are essential for my site to work properly.
The internet industry body, the Internet Advertising Bureau, has set up a website to provide information and advice on cookies: www.youronlinechoices.com/uk/. Another source which gives information about how to delete and control cookies is www.aboutcookies.org/.
I may provide links to other websites offered by third parties. I have no control of, and accept no liability for, their privacy policies and practices, or any breach thereof. I advise that you read the privacy policies of any other sites that you visit.
My website is hosted by GoDaddy and the server is based in the US. GoDaddy is covered by the US Privacy Shield, and this means that any information that may pass from the UK to the US, such as your IP address, is at an approved level of security. Please see https://www.privacyshield.gov/list for further information.
Website contact forms and email correspondence
My website has a secure SSL Certificate.
Information sent to and from my site is encrypted, so your data is transferred as securely as possible via the contact forms.
The transmission of information via the internet is not completely secure. Although I will do my best to protect your personal data, I cannot guarantee the security of your data transmitted to my site. Therefore, any transmission is at your own risk.
Emails
I use Protonmail when responding to website enquiries by email. Protonmail encrypts messages in transit by using TLS (Transport Layer Security).
Emails sent between ProtonMail accounts are automatically end-to-end encrypted, so if you wish to discuss sensitive information with me via email, I suggest that you open a free ProtonMail account to do so.
I cannot guarantee the security of emails sent or received by your email provider.
While emails are stored in my ProtonMail inbox, they are encrypted and unable to be accessed by ProtonMail or shared with third parties. Your email provider may keep a copy of the information that you have sent.
Emails that you send to me are deleted when action has been agreed or our work together has finished.
If you sign up to receive updates, special offers and other information about my services by email, your email address will be retained for these purposes until you unsubscribe. You can unsubscribe at any time.
General Data Protection Regulation (GDPR) information for clients of Sharon Nicholson
My lawful basis for holding and using your personal information:
GDPR legislation requires me to have a lawful basis for processing your personal data. This will depend at what stage of the process we are at:
· If you are in contact with me considering having therapy, I will process your personal data only for the purposes of responding to your enquiry and ultimately meeting my contract.
· Once you are in therapy I will process your personal data on the grounds of consent, and because it is necessary for the performance of our contract.
· Once therapy has ended, I will use legitimate interest as the basis for holding your information.
· Any sensitive information you share with me will fall under ‘special category data’. If an offence is disclosed, this could be classified as ‘criminal offence data’
The lawful basis for me processing these categories of data is that [it is necessary for provision of health treatment (counselling) and necessary for a contract with a health professional (in this case a contract between me and you)] or [it is for legitimate claims or judicial acts] (special category data) and for counselling purposes (criminal activity data).
To share any of this particular data with the police my lawful basis would be:
- The legitimate interests of a third party, namely the police
- For the prevention and detection of unlawful acts & necessary in the public interest (For sensitive and criminal offence data)
How I use your information:
Initial Contact:
When you contact me with an enquiry about my counselling services, I will collect information to help me satisfy your enquiry. This might include your contact details, and some very limited details about the nature of your enquiry. Alternatively, I might receive information about you from a referral such as your GP, an employee assistance programme, or a relative or partner. If either of us decide not to proceed with a counselling relationship I will ensure that all of your personal data is deleted within 28 days.
I maintain confidentiality in accordance with the British Association of Counselling and Psychotherapy (BACP) Ethical Framework for Counselling professions – this can be viewed at https://www.bacp.co.uk/events-and-resources/ethics-and-standards/ethical-framework-for-the-counselling-professions/
I use Zoom as a third party provider in order to process your information.
In normal circumstances I would only use your data for the purpose for which it was collected (i.e. a counselling relationship), and it would not be shared, unless falling within a reason to breach confidentiality as detailed in our contract. The sort of sharing that would take place with your consent might include:
· Sharing information with another health professional, as agreed
· Writing a report requested by you
· Obtaining further sessions from your Employer or Employee Assistance provider
There are very few circumstances in which I would need to share your information:
Contractual Obligation
· If I have safeguarding concerns regarding either yourself, children, or other people that you are in contact with, I may need to share this information with other agencies. I will endeavour to discuss with you in the first instance, and any information shared will be proportionate and the minimum required.
· Clinical Will - In the event of my death, or becoming incapacitated, a designated counselling colleague will have access to names and contact details of my current clients. This is to enable clients to be contacted, and options of how to go forward maintaining wellbeing and safety discussed. My colleague follows the same confidentiality processes in line with GDPR.
Legal obligation
· I may have a legal obligation to share information if the courts order me to do so.
· I keep very brief, anonymised notes of our sessions together, in line with the requirements of my professional insurance
· I have a legal obligation to report any information that relates to terrorism, money laundering and radicalisation.
Your Rights
· You have a right to request access to your records at any time, and this must be responded to within 30 days.
· You have a right to ask for data to be erased at any time, although in the case of session notes I have a right to maintain these to meet my ethical and professional obligations.
· You can also ask me at any time to correct any mistakes there may be in the personal information I hold.
· You have a right to ask me to limit how I use your personal data or to stop processing it.
· You have a right to make a complaint regarding my handling of your data, but I would ask that we discuss that to see if the matter can be resolved. If you want to make a formal complaint you can contact the Information Commissioner’s Office.
It should be noted that the ICO says that these are not absolute rights. For further information about your information privacy rights, please see https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If I discover there has been a data breach of your personal information that could put you at risk, I will undertake to tell you, and the ICO, within 72 hours.
Contact
All complaints, questions and access requests should be addressed to Sharon Nicholson at
sharon-nicholson@protonmail.com
Sharon Nicholson, Weymouth, Dorset. Tel: 07984106004
Copyright © 2017 Sharon Nicholson Counselling - All Rights Reserved.
This website uses cookies to help with site navigation. By continuing to use this site you accept our use of cookies. Please see our Privacy Policy for further information about cookies and how to manage them.