Privacy Policy

 

1. Introduction

 

Your privacy is a priority and we promise to try to respect it in a responsible manner, securing it with administrative, technical and physical safeguards.

 

The following guiding principles apply:

 

1. Honesty

2. Integrity

3. Transparency

 

 

Dandelions Counselling does not need to voluntarily register with the Information Commissioner’s Office (ICO), but has done so as part of best practice.

 

We are a registered partnership and do not incorporate any other business or concern. Our registered address is a private one, and because of the nature of our business and necessary safeguards, may be provided on request. 

 

If you have any queries about this privacy notice or about any aspect of our data management, please contact our Data Protection Officer (DPO) at listening@dandelionscounselling.co.uk

 

We'll update this privacy notice regularly to ensure it continues to comply with the latest regulations and best practice. This privacy notice was published on the website on 25 May 2018.


2. How your information is stored and processed


a) Storage and management of personal information

 

Our principal data management system is Microsoft Office on a computer hard drive which is maintained and developed by the DPO. This system enables us to efficiently store the email address, contact details, and email content only, about our students, former students, clients, former clients, supervisees, former supervisees, and partners, in a way that ensures adequate security so that only the DPO has access. It also simplifies our responsibilities for data retention and subject access requests. The information system is accessed via 3 secure passwords, known only to the DPO. These passwords are not stored anywhere else or on any other software or hardware facility. We do not use Cloud.


b) Visitors to our website

 

We do not use the third-party service, Google Analytics. We do not make and do not allow Google to make, any attempt to find out the identities of those visiting our website.

 

We do not use cookies to help the site work more efficiently. 

 

No user-specific data is collected by us or any third party. 


c) Interested Parties

 

The legal basis we use for processing interested parties personal information is a combination of contract and legitimate interest.

 

We carefully safeguard the information we hold. This information comes from the way parties engage with us and information provided through application forms. The information may also come from members’ interactions with us, for example, through social media or surveys. It may include, for example, contact details, interests or guidance documents.


What the information is used for

 

We collect this information to provide teaching, supervision, and counselling services to engaged parties. 

 

We also use student, client and supervisee information to comply with regulatory functions. When interested parties contact us, we need to identify them to ensure confidentiality to the best of our ability. We may do this by asking for certain information known only to you.

 

We may also monitor or record any communications with members including telephone calls. We'll use these recordings to check your instructions to us, to analyse, assess and improve our services and for training and quality purposes. We may monitor or record student or other tutorials for corroboration purposes.

 

We send messages to text and email only. These messages will only ever relate to matters concerning counselling, training, or supervision.

 

We will never pass on your information to a third party to use in their own direct marketing without your consent.

 

Sharing your information

 

During your contact with us, we’ll tell you how your information will be used and that it may be necessary to share it with other services and organisations i.e. our awarding body, insurance carrier, or professional bodies.

 

We will not share your information with any third parties unless:

 

1. You have consented to this (for example by providing information to us after we’ve told you that we will supply the information to a third party)

 

2. it is required for the management of your membership or a legitimate business purpose

 

3. it is as part of our duty to protect a child, a vulnerable adult, yourself or the public

 

4. For the prevention and detection of a crime or the assessment of any tax or duty

 

5. We are required to do so by any court or law or any relevant regulatory authority

 

6. To protect the rights, property or safety of Dandelions Counselling or any third parties (for example for the purposes of fraud protection)

 

7. We transfer our rights and duties to provide products and services to another organisation

 

8. We are required to answer a complaint made via a professional body

 

As a professional organisation, it is in our legitimate interests to verify the membership status of a student when we receive a query from a third party, regarding student placement working. Other information such as contact details are not disclosed.

 

By using the services offered by Dandelions Counselling through payment or otherwise, and using our products and services, you grant us permission to process personal data which you have provided to us.

  

When you make a payment to us, you do so at your own risk through your own financial institution.

 

We will keep records of purchases for financial audit reasons for six years. We will also keep records of qualifications, communications, and complaints for six years. The basic records of a user’s name will be kept indefinitely in case ex-students wish to re-join. 


d) Members of the public who make inquiries

 

We never record or process any data from members of the public who contact us with general inquiries. If a query does require us to take personal data, we will explain this at the time. We do not record phone calls.

 

We may retain emailed queries from the general public for a maximum of one year on a computer hard drive.


e) Photography and filming

 

We will never photograph or film you.


f) Volunteers

 

We collect only the information that we need for volunteers. Information is retained for the duration of their volunteering then is immediately deleted.

 

3. Audit and regulatory requirements

 

We may share any data about our work, with:

 

1. HMRC - see HMRC personal information charter

 

2. the Information Commissioner’s Office

 

3. Companies House - see Companies House personal information charter 

 

4. The BACP

 

5. The CPCAB

 

and other regulatory bodies, should this be necessary to complete our statutory audit and regulatory requirements.

 

We would use ad hoc access to legal help to provide advice and guidance on a range of topics and we may share personal data with them at times. 


4. Your rights


‘You have the right to be forgotten.’

 

Under the General Data Protection Regulation (GDPR) you have rights as an individual data subject which you can exercise in relation to the information we hold about you. You can read more about these rights on the ICO's website.


5. Complaints and queries

 

We try to meet the highest standards when collecting and using personal information, and we take any complaints about this very seriously. We encourage you to let us know if you think that our collection or use of information is unfair, misleading or inappropriate. We also welcome any suggestions for improving our policies, procedures, and processes.

 

This privacy notice does not provide exhaustive details of all aspects of our collection and use of personal information. However, we’re happy to provide any additional information or explanation if required. Please email or text any requests for this to the DPO at the email address above.

 

If you want to make a complaint about the way we've processed your personal information, you can contact the ICO as the statutory body which oversees data protection law - see ICO concerns. Please also see Dandelions Counselling complaints policy on the website.


6. Access to your personal information

 

We try to be as open as we can in terms of giving people access to their personal information. You can find out if we hold any personal information about you by making a ‘subject access request’ under GDPR.

 

If we do hold information about you, we will:

 

1. give you a description of it

 

2. tell you why we are holding it

 

3. tell you who it could be disclosed to

 

4. provide a copy of the information in layman's terms

 

5. destroy it without reasonable delay at your request

 

To request any personal information we may hold, you must put your request in writing to our DPO at the email address above.

 

If you agree, we'll try to deal with your request informally, for example by providing you with the specific information you need over the telephone.

 

We will correct any mistakes in any information we hold immediately or within 24 hours.


7. Disclosure of personal information

 

We will not disclose personal data without consent. However, when we investigate a complaint, for example, we'll need to share personal information with the organisation concerned and with other relevant bodies. We will tell you when we do this and ask for your consent in the first instance.


8. Data security

 

We recognise that the information you provide may be sensitive and we will respect your privacy and confidentiality. We keep information about you confidential. This means we store it securely and control who has access to it. We sometimes share personal data with third parties where we have contracted them to carry out specific tasks for us. In such cases, we carefully select which partners we work with. We take great care to ensure that we have a contract with the third party that states what they are allowed to do with the data we share with them. We ensure that they do not use your information in any way other than the task for which they have been contracted.

 

We will only share personal data with other organisations where we are satisfied that the other organisation is entitled to receive it and will keep your information secure.

 

We're committed to holding all personal data within BACP on secure systems. We keep any paper-based personal data in locked cabinets to which only the DPO has access. We're working to reduce the amount of paper-based information we hold as it is easier to secure data if it is only held electronically. The majority of personal data is held electronically on Word, and that is hosted by Microsoft.   

 

Our information systems are secure, and we are suitably trained to ensure their continued security.

 

 

Dandelions Counselling 25 May 2018