Privacy Statement
Your Privacy is Important to Us
The Counselling Place is committed to ensuring that your privacy is protected. The Privacy Statement, below, explains how we collect, use, and protect your personal data in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, as regulated by the Information Commissioner’s Office (ICO) in the UK.
Who we are
The Counselling Place is a Limited Company based in Falkirk, Scotland. We provide confidential private counselling services to individuals and organisations.
Our data controller is C.J. Boyd.
You can contact us at: -
The Counselling Place
Brightstone Spaces
Williamson Street
Falkirk
FK1 1PR
Email: info@counsellingplacescotland.com
What Personal Data We Collect
We may collect and process the following personal data from you: -
-
Personal Identification Information: Name, date of birth, address, phone number, email address.
-
Sensitive Data: Health information, session notes, and other data you may share during your counselling sessions.
-
Payment Information: For invoicing purposes.
-
Referral Information: If you were referred by another service provider, we may collect basic information about the referrer.
How We Use Your Personal Data
We use your personal data for the following purposes: -
-
To Provide Counselling Services: This includes scheduling appointments, maintaining session records, and supporting your therapeutic process.
-
To Fulfil Legal Obligations: We may be required to share data to comply with legal obligations, such as in the case of safeguarding concerns.
-
Payment and Billing: We may use your personal data to process payments for services.
-
To Communicate with You: For appointment reminders, updates on your care, or administrative purposes.
How We Collect Your Personal Data
We collect your personal data through a variety of secure, GDPR-compliant platforms. Enquiry forms submitted on the website are securely stored by Wix. We use Microsoft 365 for email communications, storing forms, storing client notes, and securely managing data via OneDrive, all of which are protected by multifactor authentication. For notetaking during sessions, we use the Remarkable device, which ensures data is stored locally and securely, before being added to Microsoft 365 for safe storage. Invoicing and payment information are handled through QuickBooks, a GDPR-compliant platform designed to protect financial data. Each of these systems is carefully selected to safeguard your privacy and ensure compliance with data protection laws.
Legal Basis for Processing
Under GDPR, we are required to have a lawful basis for processing your personal data. The legal grounds we rely on include: -
-
Consent: When you voluntarily provide personal information, we will ask for your explicit consent to process sensitive personal data such as health information.
-
Contract: We process your data to provide the counselling services you have contracted us to deliver.
-
Legal Obligation: In certain cases, we may be required to process personal data to comply with a legal obligation.
-
Vital Interests: In rare circumstances, we may need to process data to protect your life or another individual’s life.
Sharing of Personal Data
Your personal data will be treated confidentially. We will only share your personal data in the following circumstances: -
-
With Your Consent: If you request that we share information with other professionals (e.g., your GP, another therapist).
-
Safeguarding or Legal Requirements: If we believe there is a risk of harm to yourself or others, or if we are legally required to share your information.
-
Service Providers: We may use third-party providers for IT support, secure data storage, or payment processing. These providers are required to comply with GDPR and ensure the security of your data.
Data Security
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect your data from unauthorised access, loss, or misuse. Your data will be stored electronically using secure, encrypted systems, and any physical records will be securely stored in locked files.
Retention of Data
We will retain your personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Anonymised client records will be retained for a period of up to seven years for legal, regulatory, and professional reasons. These records will not contain any personal information that could identify our clients, ensuring full compliance with GDPR and data protection principles. Regular audits will be conducted to ensure that no identifiable information is retained in our records beyond the necessary retention period.
Anonymisation and Deletion of Client Files Post-Counselling
30 days after you have completed your counselling sessions, we implement an anonymisation and deletion process to protect your identity, while retaining essential records for internal use and compliance.
The anonymisation process involves: -
-
Assigning each client a unique anonymisation code (e.g., CLT001) that is used to reference your records, instead of using identifiable information.
-
Removing personal identifiers, such as name, address, contact information, and any other details that are not necessary for the continued storage of records.
-
Deletion of Unnecessary Personal Data after the completion of counselling services, specifically, any personal details such as completed forms, emails, personal contact information and any other data that is not required for record-keeping purposes.
-
Essential Records, for professional, legal, or audit purposes (such as counselling notes) will be retained in their anonymised format for up to 7 years.
This process will be conducted 30 days after the conclusion of counselling sessions, ensuring that no unnecessary personal data is retained beyond the required period.
Your Rights
Under GDPR, you have the following rights regarding your personal data: -
-
Right to Access: You have the right to request a copy of the personal data we hold about you.
-
Right to Rectification: You have the right to request that we correct any inaccuracies in your personal data.
-
Right to Erasure: You can request that we delete your data where it is no longer necessary for us to retain it.
-
Right to Restrict Processing: You can ask us to limit the processing of your data in certain circumstances.
-
Right to Object: You have the right to object to the processing of your data for certain purposes.
-
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
-
Right to Withdraw Consent: If we are processing your data based on your consent, you can withdraw this consent at any time.
To exercise any of these rights, please contact us at: info@counsellingplacescotland.com
How to Make a Complaint
If you believe that we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO): -
ICO Website: [https://ico.org.uk](https://ico.org.uk)
ICO Helpline: 0303 123 1113
Changes to This Privacy Statement
We may update this Privacy Statement from time to time. Any changes will be posted on our website and, where appropriate, notified to you by email or in writing.