The Practice will always make it clear to you when we collect your personal information and will explain to you what we intend to do with it and how long we store it
For the purpose of the Data Protection Act 1998 (soon to be General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679)) , the data controllers are Maya Gagni and Shirani Situnayake
When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
When you contact us via our website, your contact details will be stored only for the purpose to contact you back and discuss how we can help you. If we cannot help you, your details will be deleted from our emails.
Our website is fully protected and encrypted and we do not collect Cookies.
Collecting and Storing your information
When starting counselling we will collect your contact details and some basic information about you.
Click here to view a copy of the form.
By filling the form you will give us the consent to store your information.
After each session brief notes will be written for the sole purpose of mantaining a record of what has been discussed.
The information you will give us and the notes will be stored and kept securely and confidentially in a safe filing system. Any electronic correspondance is stored in an encrypted computer system protected by an Antivirus system that is updated on a regular basis.
Your details will be stored for 7 years ( Statutes of limitation under Civil Law or Tort)
Sharing your information and Confidentiality agreement
Maintaining a confidential services at the Practice is paramount to our work.
The Practice will only share your information in the following circumstances:
Consent to disclose information will be sought whenever possible.
Click here for a copy of the Contract you will be asked to sign which contains further information about the limitations of our Confidentiality agreement.
Accessing your information - Subject Access Request (SAR)
What is a subject access request?
Under the Data Protection Act 1998 an individual has the right to request all personal data that a Data Controller holds about them by making a subject access request. The Data Protection Act gives Data Controllers 40 calendar days to complete a subject access request. This time starts from the day we receive a clear request and enough identification to be sure that the request is from the data subject. Once this information has been received the designated Data Controller (your counsellor) will contact you to acknowledge that the 40 day period has started.
You can make a request to access your personal information by filing a SAR form and e-mail it to firstname.lastname@example.org for the attention of your counsellor.
Click here to download a SAR form.
Your rights to rectification and erasure
You have the right to ask us to rectify any information we hold about you and to delete them including your personal information that is no longer relevant to original purposes – for example when the therapeutic relationship has ended or if you wish to withdraw consent. In all cases and when considering such requests, these rights are obligatory unless it’s information that we have a legal obligation to retain.
Your rights to data portability
You have the right to receive your personal information as previously provided, and to transfer this information to another party.