1. General

1.1 We are Hamilton Sargent registered with the Information Commissioner's Office under registration number ZA139337. We take the privacy of your information very seriously and this Privacy Notice is designed to tell you about our practices regarding the collection, use and disclosure of personal data which may be obtained via our website or other means including through our online booking system, email, or phone.

1.2 In this notice “you” refers to any individual whose personal data we hold or process (but it does not relate to personal data relating to our employees or staff).

1.3 In general, we provide counselling services. If we do provide such services to you, please note a separate “Privacy Notice for Clients” will apply and will be provided to you. We do not process personal data on a large scale, but we will hold and process personal data in order to supply our services and this privacy notice explains how we do so.

1.4 This notice is governed by the EU General Data Protection Regulation (the “GDPR”), UK GDPR, Data Protection Act 2018 and any other applicable data or privacy legislation.

2. Categories of Personal Data and Legal Basis

2.1 Below we have set out the categories of data we collect and how we process the data (for information about legal basis, please see below):

  • 2.1.1 We will hold contact information for potential clients who have booked an introductory call through our online booking system (available at https://hamilton-sargent-counselling.selectandbook.com/), or emailed or phoned us, such as your name, email address, home address, telephone number, details around your availability and how you consent to us contacting you (“Contact Information”) which we will use to provide our services and communicate with you;
  • 2.1.2 We may hold details about potential client's biopsychosocial history or reasons for wishing to attend counselling which may be detailed in emails, discussed within phone or video conferencing calls between us, and recorded in physical or digital notes ("Medical Information") which we will use to provide our services to you;
  • 2.1.3 We may hold a record of any correspondence or communication related to an initial enquiry potential clients have made ("Communication Information") which we will use to provide our services and communicate with you. This may include details of an introductory call booking, and other information collected through our secure online cloud practice management software (writeupp.com - further details outlined below), a phone call, SMS, video conferencing or email;
  • 2.1.4 We may hold anonymised information through the use of Cookies relating to your use of our website and provided through our third party supplier (Google Analytics) to monitor the use of and to improve our website ("Cookie Information");
  • 2.1.5 We may hold anonymised marketing information if you have arrived at our website through an online referral (e.g. Google Ads) to help us understand how these advertisements are being used in relation to our service ("Marketing Information");
  • 2.1.6 We may hold user-generated content through our third party supplier (Hyvor Talk) when you post a comment or react to our blog posts which may contain personal data ("User-Generated Information").

2.2 We process Contact, Communication and User-Generated Information on the basis of the performance of our contract with our clients, on the basis of our legitimate interest in providing our services to our clients or in certain circumstances as may be necessary for compliance with a legal obligation to which we are subject. Medical information will be processed on the basis that you have given your explicit consent and that it is necessary for the purposes of preventative or occupational medicine. We process Cookie Information and Marketing Information on the basis you have explicitly consented to these.

2.3 Generally, we will collect information directly from you. If we obtain your personal data from any other third party your privacy rights under this notice are not affected and you are still able to exercise the rights contained within this notice.

2.4 You do not have to supply any personal data to us however in practice we may be unable to provide our services to you without personal data (for instance we will need contact information in order to communicate with you). You may withdraw our authority to process your personal data (or request that we restrict our processing) at any time but there are circumstances in which we may need to continue to process personal data (please see below).

3. Data retention

3.1 Our current data retention policy is to delete or destroy (to the extent we are able to) personal data in accordance with the following retention periods:

Information relating to our website users

We will hold information relating to any enquiries made through our website, online booking system, email, SMS or phone call for 12 months from the date on which we collect the data, or, if you progress to become a client for 5 years from the date of your final counselling session with us.

3.2 The retention periods stated in this notice can be prolonged or shortened as may be required.

3.3 We review the personal data (and the categories of personal data) we hold on a regular basis to ensure the data we are holding is still relevant to our business and is accurate. If we discover that certain data we are holding is no longer necessary or accurate, we will take reasonable steps to correct or securely delete this data as may be required.

3.4 If you wish to request that data we hold about you is amended or deleted, please see section 7 below, which explains your privacy rights.

4. Sharing your information

4.1 We do not disclose any information you provide to any third parties other than as follows:

  • 4.1.1 We utilise secure online cloud practice management software (writeupp.com) which acts as a data processor to store your personal data which may include your Contact information, Medical information and Communication Information. Emails, secure direct messages and text messages may be sent to you and by you through this system. Our online booking system (available at https://hamilton-sargent-counselling.selectandbook.com/) is also a part of this software. Pathway Software, the company behind Writeupp has developed software for the NHS for the last 5 years and is ISO 27001:2013 certified. Writeupp may use third-party suppliers to provide functionality within WriteUpp, for example, to deliver and send text and email messages. All third-party suppliers are GDPR compliant, and the use of these services will be in accordance with the third-party suppliers’ terms and conditions and their respective privacy policies. Writeupp’s privacy policy can be viewed at https://www.writeupp.com/privacy-policy.pdf.
  • 4.1.2 We utilise a commenting system (https://talk.hyvor.com/) which acts as a data processor for User-Generated Information to enable website users to post reactions and comments to blog posts on our website. The comments and other data exchanged are stored securely within the Hyvor Talk system. Your personal data will be processed and transmitted in accordance with the General Data Protection Regulation (GDPR). For more information, please refer to their privacy policy. Comments are moderated before going live on the website. You are able to post using a pseudonym to protect your confidentiality. If any past or current counselling clients post using their actual name we will not respond to protect your confidentiality and the integrity of our work together.
  • 4.1.3 We utilise third party website analytics software (https://analytics.google.com/) which acts as a data processor and uses Cookies to understand and assess how website users use and navigate our website. This is anonymised and you are asked to consent to the use of these when you first arrive at our website. You can update your privacy preferences at any time. More information is detailed in our Cookie Policy and you can also read Google's privacy policy.
  • 4.1.4 We utilise a third party advertising partner (Google Ads) to drive traffic to our website. Through this we have access to anonymised information around users who click through to our website through these advertisements. You will consent to this through your use of Google's services and you can read their privacy policy for more information on how your data is handled.
  • 4.1.5 From time to time we will transfer personal data to our processors or sub-processors which will include our web hosting provider (https://www.siteground.co.uk/), our encrypted email and cloud storage provider (https://protonmail.com/) and phone line providers, and other GDPR compliant service and technology providers we utilise within our business operations;
  • 4.1.6 We may be required to disclose certain data to regulators or other lawful authorities;
  • 4.1.7 if we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example for the purposes of prevention of fraud or other crime);
  • 4.1.8 in order to enforce any terms and conditions or agreements for our services that may apply.

4.2 Other than as set out above, we shall not disclose any of your personal data unless you give us permission to do so. If we do supply your personal data to a third party, we will take reasonable steps to ensure that your privacy rights are protected and that third party complies with the terms of this notice.

5. Security

5.1 We will take all reasonable steps to ensure that appropriate technical and organisational measures are carried out in order to safeguard the information we collect from you and protect against unlawful access and accidental loss or damage. These measures may include (as necessary):

  • 5.1.1 Use of SSL encryption on this website;
  • 5.1.2 using a site scanning service for this website in order to detect malware;
  • 5.1.3 use of password protection, encryption, firewalls, antivirus on equipment used;
  • 5.1.4 use of an encrypted email and cloud services;
  • 5.1.5 securely disposing of your data;
  • 5.1.6 regularly backing up data we hold on an encrypted storage device.

6. Cookies

6.1 Like most websites, we use cookies to help provide you with the best experience whilst using our service. For more information please view our cookie policy.

6.2 If you choose not to accept or disable certain cookies, this will not affect your access to the majority of information available on our website however certain online services may not be available.

7. Your privacy rights

7.1 With respect to your personal data, you have the right to:
  • 7.1.1 request that your personal data will not be processed;
  • 7.1.2 ask for a copy of any personal data that we have about you;
  • 7.1.3 request the correction of any errors in or update of the personal data that we have about you;
  • 7.1.4 request that your personal data will not be used to contact you for direct marketing purposes;
  • 7.1.5 request that your personal data will not be used for profiling purposes;
  • 7.1.6 request that your personal data will not be used to contact you at all;
  • 7.1.7 request that your personal data be transferred or exported to another organisation, or deleted from our records; or
  • 7.1.8 at any time, withdraw any permission you have given us to process your personal data.

7.2 All requests or notifications in respect of your above rights may be sent to us in writing at the contact details listed below.

7.3 We will endeavour to comply with such requests as soon as reasonably possible but in any event, we will comply within one month of receipt (unless a longer period of time to respond is reasonable by virtue of the complexity or number of your requests).

8. Data breaches

8.1 If personal data we hold about you is subject to a breach or unauthorised disclosure or access, we will report this to the ICO as is deemed necessary.

8.2 If a breach is likely to result in a high risk to your data rights and freedoms, we will notify you as soon as reasonably possible.

9. Transferring your information outside the UK or EEA

9.1 We will not transfer your personal data in a systematic way outside of the European Economic Area or UK, but there may be circumstances in which certain personal information is transferred outside of the European Economic Area or UK (for instance, if our suppliers are located outside of the UK or EEA, or if our web hosting provider or email provider uses servers outside of these areas).

9.2 If we transfer your information outside of the European Economic Area or UK, and the third country or international organisation in question has not been deemed by the EU Commission or Secretary of State (as the case may be) to have adequate data protection laws, we will provide appropriate safeguards and we will be responsible for ensuring your privacy rights continue to be protected as outlined in this notice.

10. Notification of changes

We will post details of any changes to our privacy notice on our website. Please ensure you check the website regularly for any updates.

11. Contact us

If at any time you would like to contact us with your views about our privacy practices, or with any enquiry or complaint relating to your personal information or how it is handled, you can do so by contacting us at GDPR@hamiltonsargentcounselling.co.uk.

12. Complaints

If we are unable to resolve any issues you may have or you would like to make a further complaint, you can contact the ICO by visiting http://www.ico.org.uk/ for further assistance.

13. Copyright

This wording was purchased from Private Practice Paperwork Ltd. and no part of it may be copied, shared or published elsewhere without direct purchase and authorisation from their website.

Last updated: 30/12/2021 09:34:00