GDPR Policy

In this policy:

References to “I” or “ Lucia Garcia” are to Lucia Garcia at Counselling for Change.

References to  “the Website” are to http://www.counsellingforchange.life

References to “you” or “the client” refer to the person/body receiving services from Lucia Garcia at Counselling for Change.

Your personal information

Information collected:

  • Personal Information: Any personal information and mental health information that you knowingly provide me with through forms, text and emails. This information refers to personal contact information and basic personal and mental health history. The information is collected for contractual and therapeutic purposes.

  • Clinical notes: These notes are taken during the therapy sessions and contain relevant information for the development of the therapy sessions. They are handwritten, stored locked in one location only and no electronic copy of them exist.

  • Basic name and email information: provided by the client via the Wix website, social media and mailing list facilities to join Lucia Garcia’s newsletter and be kept up to date with any upcoming workshop.

 

Counselling Clinical

Lucia Garcia has a counselling clinical, which is someone ie a separate counsellor who has access to names and contact details only in the case of an emergency and if Lucia Garcia is suddenly incapacitated for a while. In such an event or the event of her death, the appointed person will destroy any clinical notes and client’s personal information.

 

Your rights 

  • You have the right to be informed about the collection and use of your personal data. You have the right to access any of your data that is kept on records. Accessing your data is free. Lucia Garcia has up to one calendar month to comply with your request. Lucia Garcia may refuse to respond to certain requests if they are manifestly unfounded or excessive. For repetitive requests, a fee of £20 will be charged each time data is requested. It is important to note that clinical notes contain information that it is easy to misinterpret without the support of Lucia Garcia or another therapist. To receive such information please email us your request and contact information to lucia@counsellingforchange.life

  • You have the right to rectify any personal data that is inaccurate or incomplete. The request has to be done in writing and one calendar month must be allowed for the rectification to take place. Clinical notes cannot be rectified.

  • You have the right to have your personal data erased. The request should be done ideally in writing although it can also be done verbally. Once the request has been received, Lucia Garcia has up to a month to process the request. As soon as the process has been requested, you will be notified. Please note certain information referring to clinical notes and basic client information has to be kept for up to 5 years to comply with insurance purposes.

  • You have the right to restrict processing, this means you can limit the way in which Lucia Garcia uses your data. Please note this is not an absolute right and only applies in certain circumstances. The request should be done ideally in writing although it can also be done verbally. Once the request has been received, Lucia Garcia has up to a month to process the request. As soon as the process has been requested, you will be notified.

  • You have the right to data portability, this means you obtain and reuse your personal data for your own purposes across different services. This right only applies to information you have provided to Lucia Garcia and it does not apply to clinical notes. Lucia Garcia doesn’t keep your personal data in a computerised system.

  • You have the right to object to the processing of your personal data in certain circumstances. You have an absolute right to stop your data being used for marketing purposes. Objections should be made in writing and can be done verbally. Lucia Garcia has up to a month to process the request. As soon as the process has been requested, you will be notified.

  • You have the right not to be submitted to any automatic decision making.            

 

Data requests

  • For all data requested the client must allow a calendar month for the request to be processed and implemented.

  • Request can be done verbally or in writing. For written request please send an email to lucia@counsellingforchange.life For verbal request please call 074.1386.7149

  • Any data request that is excessive or deemed beyond your statutory rights will carry an admin fee of £20 per request.

 

Using your information

  • Your information is used for therapeutic purposes only and to support the daily office running of Lucia Garcia at Counselling for Change.

  • Your information will not be passed to any third party for marketing purposes.

  • When expressing explicit consent, your information will be used to keep you up to date with any workshops or newsletter issue by Lucia Garcia at Counselling for Change.

 

Data Breaching

Lucia Garcia will always ensure your data is treated with the utmost confidentiality and care. Your clinical notes are only kept in one filing cabinet 

Detecting Data breaches:

Lucia Garcia will perform regular checks to ensure the data that is kept under her supervision is safe. This will include:

  • Ensuring filing cabinets are always locked and client’s files are not accessed by anybody else but her. Action will be taken in case of any anomalies are found in these files.

  • Keeping up to date with information regarding GDPR concerning the third party companies or software Lucia Garcia uses for the running of Lucia Garcia at Counselling for Change.

 

Reporting Data Breaches

In the event of a data breach, Lucia Garcia will inform:

  •  ICO (Information Commissionaires Officer):  ICO is the UK Data Protection Authority. Reporting the data breach to ICO will happen within 72 hours of Lucia Garcia being aware of the breach.

  • If the breach is likely to result in a high risk of adversely affecting clients’ rights and freedoms, the clients will be informed as soon as possible.

  • Records of any data breaches will be kept even if they are minor and don’t suppose a risk to any client.

 

Investigating Data Breaches

In the event of a data breach, Lucia Garcia will follow the next steps to understand and solve the cause of the incident:

  • Investigate the motive of the data breach: what is the motive of the data breach

  • Investigate the means of the data breach: what tools have been used to create the data breach

  • Opportunity: how and when was the data breach.

  • Gathering all evidence: a report will be issued to ensure all gathered data is analysed in detail and the necessary steps are taken to avoid/minimised any further data breaches.

 

Taking Action

Once the above steps have been taken and conclusions have been drawn and confirmed, Lucia Garcia will:

  • Write a report ensuring solutions are found to ensure any data breaches are minimised in the future.

  • Lucia Garcia will implement any necessary solutions to avoid/minimise any further data breaches as soon as possible.

 

Trusted third parties policies 

Lucia Garcia engages the services of different companies for accounting and day to day running of Lucia Garcia at Counselling for Change.

  • Therapy clients:

Your clinical notes and therapy information is never shared with any other company. Your basic personal data will be shared with two third parties for the sole purpose of running the financial accounts of Lucia Garcia at Counselling for Change. Please see company details below and link to their policies:

Company: Wave – Accounting Software

https://my.waveapps.com/privacy/

Company: Gmail – Email correspondence

https://policies.google.com/privacy?hl=en-US

  • Newsletter Subscribers:

The basic information provided to Lucia Garcia includes only your name and email address. These details will be used for Lucia Garcia marketing purposes only and it will never be shared with another company for any other purposes besides the day to day running of Lucia Garcia at Counselling for Change. Lucia Garcia will never sell or trade your data.

To ensure the daily running of the business your basic data is added onto the following online platforms:

 

Company: Mailchimp – Safe Newsletter Software

https://mailchimp.com/legal/privacy/

Company: Wix – Website platform

https://www.wix.com/about/privacy

  • Workshop Clients:

If you have given Lucia Garcia personal information to subscribe to any of her online or face to face workshops, your basic personal data will be shared with two third parties for the sole purpose of running Lucia Garcia at Counselling for Change accounts and business. Please see company details below and link to their policies:

Company: Wave – Accounting Software

https://my.waveapps.com/privacy/

Company: Gmail – Email correspondence

https://policies.google.com/privacy?hl=en-US

If while subscribing to the workshops you have given your explicit consent to be added to Lucia Garcia’s newsletter, your basic information (name and email address) will be shared with the following two platforms (for the only purpose of ensuring you get the information you have signed up for)

Company: Wave – Accounting Software

https://my.waveapps.com/privacy/

Company: Gmail – Email correspondence

https://policies.google.com/privacy?hl=en-US

  • Paypal payments:

Under no circumstances will Lucia Garcia hold sensitive payment details such as your card number, expiry date and security code. All transactions are handled through the accredited payment bureau, Paypal. For more information on Paypal privacy policy please refer to 

http://www.paypal.com/cgi-bin/webscr?cmd=p/gen/ua/policy_privacy-outside

 

This GDPR policy is in accordance with the Data Protection Act 2018.

 

Reviewed on:  May 2020

Signed by: Lucia Garcia Garcia

 

Next Review on: May 2021

  • Instagram
  • Facebook
  • Twitter

​​074.1386.7149

Stoke Newington
London
N16

©2020 BY COUNSELLING FOR CHANGE.