Business number: 636872 (as registered with the Companies Registration Office in Ireland).
Business address: Starritstown, Convoy, County Donegal, F93 W8D7, Ireland.
This is a notice to inform you of my policy regarding all the information that I collect and record about you.
The protection of your privacy and confidentiality is very important to me. I understand that all visitors to my website are entitled to know that their personal data will not be used for any purpose unintended by them, and will not accidentally fall into the hands of a third party.
My policy complies with the Data Protection Act 2018 accordingly incorporating the EU General Data Protection Regulation (GDPR).
The law now requires me to tell you about your rights and my obligations to you in regards to the processing and control of your personal data. My way of meeting this requirement is by requesting that you read the information provided at www.knowyourprivacyrights.org
What is the basis for which I process information about you?
Information I process because I have a contractual obligation with you (when you book an appointment with me you are agreeing to the terms and conditions as set out in my policies).
Information I process with your consent (for example, the information you provide when booking an appointment or when making an enquiry about my service).
Information I process for the purposes of legitimate interests (such as, record-keeping for the proper and necessary administration of my business).
Information I process because I have a legal obligation (for example, I may be required to give information to legal authorities if they so request or if they have the proper authorisation, such as, a search warrant or court order).
What information do I collect from you?
Your name, date of birth, and contact details (telephone number and e-mail address) are requested whenever you book an appointment. As advised by my professional body, I also keep session notes to form an ongoing record of our contact.
Who might I share your information with?
No information will be shared with a third party without your written informed consent.
There are some exceptions to this concerning risk of harm to yourself or to another person (more information on confidentiality can be found under my Terms and Conditions).
How do I ensure your personal information is kept secure?
(1) Use of my website
For maximum security my website is issued with an SSL (Secure Sockets Layer) Certificate, which enables site visitors to view my website over an HTTPS (Hyper Text Transfer Protocol Secure) connection. This increases and improves the security of accessing and using my website, as any personal information you share on my website will be encrypted and authenticated, and thereby secured.
When you access my website you will see a padlock icon in your browser’s URL bar or toolbar. This is confirmation that the website is HTTPS secure and all information shared on the website will be encrypted.
My website is also maintained and updated by an independent web design and development company. This includes carrying out regular security scans in order to prevent and remove viruses which could compromise the website’s security.
(2) Making appointments on my website
Appointments for counselling calls are made through an online scheduling system. The system uses an intake form to collect initial information when an appointment for a counselling call is made. The information is then stored in the system, along with a history of appointments made. This information is only available for me to view, being the account holder of the system, which is password-protected.
(3) Making payments through my website
When you make a payment through my website for a counselling call it is done through a third-party payment service provider called Stripe, which is attached to my scheduling system. In order to ensure a straightforward booking process, your debit or credit card details are entered into the booking system before being transferred to the payment provider. This means I do not take your debit or credit card details myself and I am not able to view or have access to this type of personal information. No card details are saved or stored, unless you choose to have them saved for future payments.
When you make a payment, your debit or credit card details are encrypted and authenticated when you enter their details, making the entry as secure and protected as possible. Stripe is certified to PCI (Payment Card Industry) Service Provider Level 1. This is the highest level of certification available and means that all the security requirements for Visa and Mastercard are followed. Stripe is also GDPR compliant with regards to the processing of personal information.
(4) Receiving a counselling call
Counselling calls are conducted in a private room through a headset, ensuring the client’s voice cannot be heard by any third-party. No counselling calls are recorded.
(5) Personal information shared through email communication
Emails are kept private and secure on my service provider’s server. They are only viewed in my personal computer, which is password-protected. Past emails are backed up and saved manually rather than stored in a cloud-based system.
(6) Storage of personal information
All personal information that I retain is stored on a personal computer, which is password-protected and has up-to-date anti-virus protection software. I also use an external hard drive for back up storage, which is kept in a secure and locked location.
How long do I keep hold of your information?
It is a requirement of my professional insurer that all records are kept for up to 6 years from the date of the last contact. All information will be destroyed at the end of that period.
How do I access the personal information you hold about me?
At any time you may review or update personally identifiable information that I hold about you. To obtain a copy of any information that I hold you may send me a request at firstname.lastname@example.org
After receiving the request, I will tell you when and how I expect to provide you with the information.
When I receive any request to access, edit or delete personal identifiable information I will take reasonable steps to verify your identity before granting you access or otherwise taking any action. This is important to safeguard your information.
How do I make a complaint?
If you are in any way dissatisfied about how I process your personal information, you have a right to lodge a complaint with the Data Protection Commissioner. This can be done at www.dataprotection.ie/docs/complaints/1592.htm
Review of this privacy statement