Privacy Statement

This website, with the exception of the items listed below, does not store or capture personal information, but merely logs the user’s IP address (Internet Protocol: standard allowing data to be transmitted between two devices) which is automatically recognised by the webserver. This site uses cookies to keep track of your browser session, otherwise, it does not collect any personal information about you except that required for system administration of the website. Cookies are pieces of data created when you visit a site, and contain a unique, anonymous number. They are stored in the cookie directory of your hard drive, and do not expire at the end of your session

COOKIE POLICY

Cookies are small text files stored on your computer by your browser. They’re used for many things, such as remembering whether you’ve visited the site before or to help us work out how many new website visitors we get each month. They contain information about the use of your computer but don’t include personal information about you (they don’t store your name, for instance).

This is standard practice for all websites and are essential in helping us deliver a high quality website experience to you. If you do not know what cookies are, or how to control or delete them, then we recommend you visit AboutCookies.org for detailed guidance.
If you are not happy for us to use cookies, then you should either not use this site, or you should delete this site’s cookies after visiting it, or you should browse the site using your browser’s anonymous usage setting (called Incognito in Chrome, InPrivate for Internet Explorer, Private Browsing in Firefox and Safari etc.)

POLICY SCOPE

This privacy statement only covers this website. Links within this site to other websites are not covered by this privacy policy.

PRIVACY NOTICE
(WHY I COLLECT YOUR PERSONAL DATA AND WHAT I DO WITH IT)

WHY I  COLLECT YOUR DATA

When you supply your personal details to this practice they are stored and processed for four reasons (the terms in bold are those relevant terms used in the Data Protection Act 2018, which includes the General Data Protection Regulation):

1. I need to collect personal information about your mental health and emotional well-being in order to provide you with the best possible treatment. You requesting psychotherapy/counselling and our agreement to provide that care constitutes a contract. You can, of course, refuse to provide the information, but if you were to do that I would not be able to provide therapy.

2. I have a “Legitimate Interest” in collecting that information, because without it I couldn’t do my job effectively and safely.

3. I also think that it is important that I am able to make contact with you in order to confirm your appointments with me or to update you on matters related to your psychotherapy, counselling treatment, training requirements or clinical supervision. This again constitutes “Legitimate Interest”.

4. Provided I have your consent, I may occasionally send you general mental health and well-being information in the form of articles, advice or newsletters. You may withdraw this consent at any time by unsubscribing or by getting in touch with me in a way most convenient to yourself.

I have a legal and insurance obligation to retain your psychotherapy, counselling, training and clinical supervision records for 7 years after your most recent appointment (or up to the age of 25, where the records are those of a child), but after this period you can ask me to delete your records if you wish.

Your psychotherapy, counselling and clinical supervision records are stored on paper, in locked filing cabinets, and the building is always locked and monitored by CCTV when not in use.

Your non-psychotherapy, counselling or clinical supervision records are stored electronically (“in the cloud”). I have taken steps to ensure that this provider is fully compliant with the General Data Protection Regulations. Access to this data is password protected, and the passwords are changed regularly.

Some non-psychotherapy, counselling and clinical supervision and training data is stored on my office computer. These are password -protected, backed up regularly, and the building is locked and alarmed when not in use.

To communicate within the practice I make use of ‘Slack’, an encrypted messaging software, face-to-face secure email and telephone. Here your personal non-psychotherapy, counselling, clinical supervision information may be communicated between other UKCP or BACP registered psychotherapists and counsellors and other relevant practitioners which may include admin staff who take a message when you call and forward me an email to facilitate your appointment or treatment through peer, group or individual supervision. Slack are self-certified with the EU-US Privacy Shield.  In addition to your name being disclosed through your payment method to my accountant and bookkeeping service

WHAT I DO WITH YOUR DATA

I will never share your data with anyone who does not need access without your written consent. Only the following people will have routine access to your data:

Your practitioner(s) in order that they can provide you with psychotherapy or counselling treatment;
Our reception staff, because they prepare my psychotherapy, counselling notes, take calls and messages and in order to organise practitioners’ diaries, and coordinate appointments. All reception staff have signed stringent non-disclosure agreements;

I use Mailchimp to coordinate messages, so your name and email address may be saved on their server. Mailchimp is fully GDPR compliant.
From time to time, I may have to employ consultants to perform tasks which might give them access to your personal data (but not your psychotherapy, counselling or clinical supervision notes). I will ensure that they are fully aware that they must treat that information as confidential, and I will ensure that they sign a non-disclosure agreement.

YOUR RIGHTS

You have the right to see what personal data of yours I hold, and you can also ask me to correct any factual errors. Contact me for a Data Subject Request Form.
Provided the legal minimum period has elapsed you can also ask me to erase your records. Contact me for a Data Subject Erasure Request Form.

Under certain conditions you have the right to restrict processing of your data
You have the right to have your data transferred to other organisations including but not limited to psychotherapists, psychiatrists, medical consultants, and insurance companies.  Yet this will be subject to clinical boundaries, and requests for information to be transferred to educational establishments are not permitted.

I want you to be absolutely confident that I am treating your personal data responsibly, and that I am doing everything I can to make sure that the only people who can access that data have a genuine need to do so.

Of course, if you feel that I am mishandling your personal data in some way, you have the right to complain. Complaints need to be sent to what is referred to as the “Data Controller”. Here are the details you need for that:
Nadine Wilson
email: Sunflower.Therapy@pm.me
Telephone: 07857655105
Address: 335, 95 Spencer Street, Jewellery Quarter, Birmingham B18 6DA.

If you are not satisfied with our response, then you have the right to raise the matter with the Information Commissioner’s Office.
Address: Wycliffe House, Water Lane, Wilmslow, SK9 5AF
Telephone: 0303 123 1113
Email: https://ico.org.uk/global/contact-us/email/