Be the change you want to see

Privacy Statement

 

Your privacy is very important to me and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me.
I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
This privacy notice tells you what I will do with your personal information from initial point of contact through to after your therapy has ended, including:

  • Why I am able to process your information and what purpose I am processing it for
  • Whether you have to provide it to me
  • How long I store it for
  • Whether there are other recipients of your personal information
  • Whether I intend to transfer it to another country,
  • Whether I do automated decision-making or profiling, and
  • Your data protection rights.

I am happy to chat through any questions you might have about my data protection policy and you can contact me via email or phone.
‘Data controller’ is the term used to describe the person/organisation that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is Chenze Haywood-Rosa.

Who we are

My name is: Chenze Haywood-Rosa.
My website address is: b4change.net
I am registered with the Information Commissioner’s Office. My registration number is: ZB085020

My lawful basis for holding and using your personal information

The GDPR states that I must have a lawful basis for processing your personal data.

There are different lawful bases depending on the stage at which I am processing your data. I have explained these below.

If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information.

If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract.

The GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is that it is for provision of health treatment (in this case counselling) and necessary for a contract with a health professional (in

this case, a contract between me and you).

Your rights

I try to be as open as I can be in terms of giving people access to their personal information.

You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop processing your personal information.

You also have a right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances.

You can read more about your rights at ico.org.uk/your-data-matters. If I do hold information about you I will:

  • give you a description of it and where it came from;
  • tell you why I am holding it, tell you how long I will store your data and how I made this decision;
  • tell you who it could be disclosed to;
  • let you have a copy of the information in an intelligible form.

You can also ask me at any time to correct any mistakes there may be in the personal information I hold about you. To make a request for any personal information I may hold about you, please put the request in writing addressing it to chenze.h@protonmail.com. Please note there could be up to 6 week processing time to receive this information.

If you have any complaint about how I handle your personal data please do not hesitate to get in touch with me by writing or emailing to the contact details given above. I would welcome any suggestions for improving my data protection procedures.

If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint

How long do I retain your data?

Initial contact.

When you contact me with an enquiry about my counselling service, I will collect information to help me satisfy your enquiry.

This will include your name, address or email address and telephone number. If you decide not to proceed, I will ensure all your personal data is deleted within one month.

If you would like me to delete this information sooner, just let me know.

If you are accessing my services via a school, college, university or other institution your information will be kept for 5 years after you turn 18 years old. At this time all information held will be safely and securely destroyed.

While you are accessing counselling.

My practice is based in the UK and therefore is subject to UK law.

Confidentiality is essential in a therapeutic relationship, and, as a counsellor in private practice, I am not usually required by UK law to tell anyone anything that you tell me in our sessions, therefore your personal data and the content of our sessions will be strictly confidential. There are a few exceptions to this, such as The Terrorism Act, Proceeds of Crime, Road Traffic Act and The Children Act.

Please let me know if you would like me to explain these in more detail.

  • However, it is possible that in extreme circumstances I may feel it is appropriate to speak to someone else about an issue raised in our work, for example; if I thought that you or someone else was at risk of immediate and serious harm. In any situation where I thought I might need to break confidentiality I would always try to inform you first and, if possible, talk things through with you before taking any action.
  • I will keep a record of your personal details to help the counselling services run smoothly.These details are kept securely in a locked filing cabinet and only myself and a director of B4Change Consultancy Service Limited has access to those files. I also may hold referral details for a short time on a password protected PC which is not shared with any third party. I will keep written notes of each session. These are also kept in the same locked filing cabinet or on a password protected PC which is not shared with anyone else. For security reasons I do not retain text messages for more than one month. If there is relevant information contained in a text message, I will send a screenshot of this to my PC and keep it in a password protected file. Likewise, any email correspondence will be deleted after 3 months or printed as a hard copy and added to your file if deemed relevant. If necessary, I will keep this in a password protected file on my PC until it is no longer needed.

After Counselling Has Ended.

Once counselling has ended your records will be kept for 3 years and 5 years if you are under the age of 18 years of age from the end of our contact with each other and will then be securely destroyed. If you want me to delete your information sooner than this, please tell me.

Visitors to my website

My website is currently being updated and when someone visits my website, I use a third party service to collect standard internet log information and details of visitor behaviour patterns.

I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. I do not make, and do not allow a third party to make, any attempt to find out the identities of those visiting my website.

I use legitimate interests as my lawful basis for holding and using your personal information in this way when you visit my website.

Contact forms

No user-specific data is collected by me or any third party.

If you fill in a form on my website, that data will be temporarily stored on the web host before being sent to me.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you interact with my website (e.g. use the contact form) then you may opt in to saving your name, e-mail address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another message.

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

 

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

 

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

 

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on the website may include embedded content (e.g. videos, images, articles, etc.).

Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

I will use a third party service, to collect standard internet log information and details of visitor behaviour patterns.

I do this to find out things such as the number of visitors to the various parts of the site.

This information is only processed in a way that does not identify anyone.

I do not make, and do not allow a third party any attempt to find out the identities of those visiting my website.

Who I may share your data with

I will use a third party for example (google) so that I can continually improve my service to you, You can read Google Analytics privacy notice here: https://www.google.com/analytics/terms/us.html

I also use WordPress as the content management system for our website. You can find out about WordPress and their data protection policy here: https://wordpress.com

What rights you have over your data

If you have an account on the website, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us.

You can also request that we erase any personal data we hold about you.

This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Additional information

If you have any further questions about privacy that are not answered by the information on this page, please contact me with your question.

Appointment Information

Private appointments:

I offer a 40-50 minute age appropriate appointment at the allocated space and allotted time. The appointment will be arranged and agreed and a private, confidential comfortable room will be provided or a secure on-line third party application.

If you do not attended your appointment a call to client/family/young person or adult receiving therapy will be informed to comply with this contract.

Follow up appointments will be provided via a text message or agreed safe platform. Only initials are stored in my work phone. No mobile information is shared with a third party and once the counselling has reached an end the telephone number is deleted.