Heart to Heart Counselling Privacy Notice Last updated August 2024 Introduction Welcome to Heart to Heart Counselling and Supervision! I am committed to protecting your privacy and ensuring the confidentiality of your personal data. This Privacy Notice explains how I collect, use, and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 (DPA 2018), and relevant international data protection laws depending on where you are located. Who I Am Heart to Heart Counselling and Supervision is operated by Daniela Ohiaeriaku ("Counsellor"). I provide counselling services to individuals and take your privacy seriously. If you have any questions regarding your privacy, please feel free to reach out to me at any time. What Personal Data Do I Collect? When you engage with my counselling services, I may collect the following personal data: •Contact Information: This includes your name, email address, and phone number, which allow me to communicate with you effectively. •Emergency Contact: During our initial consultation, I will ask for the contact details of an emergency contact person to ensure your safety. •Session Records: I will keep very brief notes from our sessions as a factual record of our discussions. These notes will be held in written form and anonymised where appropriate. Additionally, the following information may be requested at or before your first appointment: •Full name including title •Date of Birth •Address •Email address •Mobile / Telephone number/s •Name of the GP practice you are registered with •Medication history (past and present, only if relevant to your reasons for attending counselling) This information may be used to communicate with you directly about appointments or payments and to identify you with your GP or emergency services if necessary for your safety. How We Use the Information We Collect I will use your personal data for the following purposes: 1.Providing Counselling Services: I will use your contact information to arrange, cancel, and reschedule your appointments. This information is essential for me to fulfil my duty of care to you. 2.Communicating with You: Your contact details will be used solely for communication pertaining to our sessions, including reminders, feedback, and any administrative matters. This communication may occur in person or via my smartphone through text, phone calls, or email. 3.Ensuring Your Safety: If you provide an emergency contact, I will store this information securely and use it if necessary to ensure your safety. 4.Payment Processing: If you choose to pay for my services through third-party payment providers such as Stripe, your personal data may be shared with them for the specific purpose of processing your payment in accordance with their Privacy Notices. 5.Record Keeping: I keep anonymised notes from our sessions for my reference and to improve the quality of care I provide. Any electrical equipment (such as my laptop or smartphone) used to contact you is password protected, and paper documents or notes are stored in a locked cabinet. Texts, voicemails, and emails will be deleted once they are no longer necessary or after your contract with me concludes. Lawful Basis for Processing Your Personal Data The lawful bases on which I rely to process your personal data include: •Consent: I will obtain your explicit consent to process your personal data for the purposes outlined above. •Contract: Processing is necessary for the performance of the contract between us for the provision of counselling services. •Legal Obligation: I may need to process your personal data to comply with legal obligations, such as safeguarding duties. International Data Transfers If you are a resident of Europe or the Philippines, I want to assure you that your personal data will be treated with the same level of protection as required under UK, EU, and Philippine data protection laws. I may transfer your data to countries outside the UK, EU, or the Philippine jurisdiction. In such cases, I will ensure that appropriate safeguards are in place for the protection of your personal data, in compliance with applicable data protection laws. This includes utilising mechanisms such as standard contractual clauses or ensuring that the recipient country has an adequacy decision from the UK or EU. Third-Party Disclosure I want to assure you that I will not sell, rent, or otherwise disclose your personal information to any third parties for marketing or any other purposes. Your personal data will only be shared with trusted service providers for administrative purposes where necessary. This includes service providers like Webhealer, my website host, who have their own Privacy Notices in place regarding their commitment to compliance with the GDPR. Data Retention and Deletion All personal and sensitive information held will be deleted after your contract with me has concluded. Any texts, voicemails, and emails will be deleted once they are no longer necessary or after your contract with me has ended. My brief personal notes, which I keep on the themes of our sessions, will be retained for three years following the conclusion of our work together. This retention period is in accordance with the guidelines set by the British Association of Counselling and Psychotherapy. After the three-year period, these notes will be securely shredded. Children's Privacy Our website is designed for a general audience, and I do not knowingly collect personal information from children under the age of 13. If I become aware that I have inadvertently collected personal information from a child under 13, I will take steps to delete such information. How Do I Protect Your Personal Data? I take data security very seriously. Here are some of the measures I have in place: •Secure Storage: Your personal information is securely stored on password-protected devices. I ensure that only I can access this information. •Confidentiality in Sessions: Everything you discuss during our sessions is confidential. I will only break confidentiality if I have serious concerns about your safety or the safety of someone else. •Encrypted Communication: When conducting online or telephone sessions, I use secure platforms with end-to-end encryption to ensure a private conversation. Your Rights You have various rights regarding your personal data under the UK GDPR: 1.The Right to Access: You can request to view the personal information I hold about you at any time. If you wish to access this data, please feel free to email me. 2.The Right to Rectification: If you believe any of the personal data I hold about you is incorrect or incomplete, you can ask me to correct it. You can do this either by talking to me directly or in writing. 3.The Right to Erasure: Under certain conditions, you can ask me to delete the personal data I hold about you. If you wish to make such a request, please contact me via email. However, please note that there may be legal obligations that prevent me from deleting certain information. 4.The Right to Restrict Processing: You may request that I limit the processing of your personal data in certain circumstances, such as when you contest the accuracy of your information. 5.The Right to Data Portability: You have the right to request the transfer of your personal data to another service provider in a structured, commonly used, and machine-readable format. 6.The Right to Withdraw Consent: If I am processing your data based on your consent, you have the right to withdraw your consent at any time. This can be done by contacting me directly. Data Breaches In the event of a data breach that poses a risk to your rights, I will take appropriate measures to mitigate the breach. I will notify relevant authorities as required by law and inform you of the breach if it could significantly affect your rights. Raising Concerns If you have any questions or concerns regarding your personal data or this Privacy Notice, please do not hesitate to contact me. I am here to assist you, and I genuinely welcome any feedback you may have about your experience. Additionally, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you feel that your data protection rights have not been upheld. I am registered with them under the reference number ZB339865. Changes to This Privacy Notice I may update this Privacy Notice from time to time to reflect changes in my data protection practices or legislation. Any updates will be communicated to you directly or through the Heart to Heart website. Contact Information If you have any questions or would like to know more about your personal information, please do not hesitate to reach out to me: •Email: ohiaeriaku@gmail.com