Privacy Policy
ACCESSING THE WEBSITE
This website, with the exception of the items listed below, does not store or capture
personal information, but merely logs the user’s IP address (Internet Protocol: standard
allowing data to be transmitted between two devices) which is automatically recognised by
the webserver. This site uses cookies to keep track of your browser session, otherwise, it
does not collect any personal information about you except that required for system
administration of the website. Cookies are pieces of data created when you visit a site, and
contain a unique, anonymous number. They are stored in the cookie directory of your hard
drive, and do not expire at the end of your session
COOKIE POLICY
Cookies are small text files stored on your computer by your browser. They’re used for
many things, such as remembering whether you’ve visited the site before or to help us work
out how many new website visitors we get each month. They contain information about the
use of your computer but don’t include personal information about you (they don’t store
your name, for instance).
This is standard practice for all websites and are essential in helping us deliver a high quality
website experience to you. If you do not know what cookies are, or how to control or delete
them, then we recommend you visit AboutCookies.org for detailed guidance.
If you are not happy for us to use cookies, then you should either not use this site, or you
should delete this site’s cookies after visiting it, or you should browse the site using your
browser’s anonymous usage setting (called Incognito in Chrome, InPrivate for Internet
Explorer, Private Browsing in Firefox and Safari etc.)
POLICY SCOPE
This privacy statement only covers this website. Links within this site to other websites are
not covered by this privacy policy.
PRIVACY NOTICE
(WHY WE COLLECT YOUR PERSONAL DATA AND WHAT WE DO WITH IT)
WHY WE COLLECT YOUR DATA
When you supply your personal details to this practice they are stored and processed for
four reasons (the terms in bold are those relevant terms used in the Data Protection Act
2018, which includes the General Data Protection Regulation):
1. We need to collect personal information about your mental health and emotional well-
being in order to provide you with the best possible treatment. You requesting
psychotherapy/counselling and our agreement to provide that care constitutes a contract.
You can, of course, refuse to provide the information, but if you were to do that we would
not be able to provide therapy.
2. We have a “Legitimate Interest” in collecting that information, because without it we
couldn’t do our job effectively and safely.
3. We also think that it is important that we are able to make contact with you in order to
confirm your appointments with us or to update you on matters related to your
psychotherapeutic and counselling treatment. This again constitutes “Legitimate Interest”.
4. Provided we have your consent, we may occasionally send you general mental health and
well-being information in the form of articles, advice or newsletters. You may withdraw this
consent at any time by unsubscribing or by getting in touch with us in a way most
convenient to yourself.
We have a legal and insurance obligation to retain your psychotherapy and counselling
records for 5 years after your most recent appointment (or up to the age of 25, where the
records are those of a child), but after this period you can ask us to delete your records if
you wish.
Your psychotherapy and counselling records are stored on paper, in locked filing cabinets,
and the building is always locked and alarmed when not in use.
Your non-psychotherapy/counselling records are stored electronically (“in the cloud”). We
have taken steps to ensure that this provider is fully compliant with the General Data
Protection Regulations. Access to this data is password protected, and the passwords are
changed regularly.
Some non-psychotherapy/counselling data is stored on our office computer. These are
password -protected, backed up regularly, and the building is locked and alarmed when not
in use.
To communicate within the practice we make use of ‘Slack’, an encrypted messaging
software, and face-to-face. Here your personal non-psychotherapy/counselling information
may be communicated between other BAATN, UKCP or BACP registered psychotherapists/
counsellors and the relevant practitioner to facilitate your appointment or treatment
through peer, group or individual supervision. Slack are self-certified with the EU-US Privacy
Shield.
WHAT WE DO WITH YOUR DATA
We will never share your data with anyone who does not need access without your
written consent. Only the following people will have routine access to your data:
Your practitioner(s) in order that they can provide you with psychotherapy or
counselling treatment;
Our reception staff, because they prepare our psychotherapy/counselling notes and
in order to organise our practitioners’ diaries, and coordinate appointments. All
reception staff have signed stringent non-disclosure agreements;
We use One.com to coordinate our messages, so your name and email address may
be saved on their server. One.com is fully GDPR compliant.
From time to time, we may have to employ consultants to perform tasks which
might give them access to your personal data (but not your
psychotherapy/counselling notes). We will ensure that they are fully aware that they
must treat that information as confidential, and we will ensure that they sign a non-
disclosure agreement.
YOUR RIGHTS
You have the right to see what personal data of yours we hold, and you can also ask
us to correct any factual errors. Contact us for a Data Subject Request Form.
Provided the legal minimum period has elapsed you can also ask us to erase your
records. Contact us for a Data Subject Erasure Request Form.
Under certain conditions you have the right to restrict processing of your data
You have the right to have your data transferred to other organisations including but
not limited to psychotherapists, psychiatrists, medical consultants, and insurance
companies.
We want you to be absolutely confident that we are treating your personal data responsibly,
and that we are doing everything we can to make sure that the only people who can access
that data have a genuine need to do so.
Of course, if you feel that we are mishandling your personal data in some way, you have the
right to complain. Complaints need to be sent to what is referred to as the “Data
Controller”. Here are the details you need for that:
Fiona Beckford
email: enquiry@thetownpractice.org
Telephone: 0979 656 774
If you are not satisfied with our response, then you have the right to raise the matter with
the Information Commissioner’s Office.
Address: Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Telephone: 0303 123 1113
Email: https://ico.org.uk/global/contact-us/email/