Introduction

At My Online Counsellor we prioritise your privacy and the protection of your personal data. This document explains how we collect, use, and share your personal data when you engage with our counselling services, in accordance with the General Data Protection Regulation (GDPR).

Data Collection

We collect and process the following types of personal data:

- Personal Identification Information: such as your name, contact details (email address, phone number, address), and date of birth.

- Health Information: including details about your mental and physical health, medical history, and any relevant health conditions.

- Session Records: notes taken during your counselling sessions, which may include sensitive information about your mental health, personal circumstances, and treatment progress.

- Payment Information: details necessary for processing payments, such as bank account or credit card information.

- Communication Data: records of any communications you have with us via email, phone, or other means.

Purpose and Legal Basis for Processing Your Data

We process your personal data for the following purposes:

1. Provision of Counselling Services

- Purpose: To provide you with appropriate counselling and therapy services.

- Legal Basis: Processing is necessary for the performance of a contract with you (Article 6(1)(b) GDPR).

2. Health and Safety

- Purpose: To ensure your safety and well-being during sessions, including risk assessments.

- Legal Basis: Processing is necessary to protect your vital interests (Article 6(1)(d) GDPR) and for the provision of health or social care (Article 9(2)(h) GDPR).

3. Administrative Purposes

- Purpose: To manage appointments, communicate with you, and handle payments.

- Legal Basis: Processing is necessary for the performance of a contract with you (Article 6(1)(b) GDPR) and for our legitimate interests in managing our business (Article 6(1)(f) GDPR).

4. Legal and Regulatory Compliance

- Purpose: To comply with our legal obligations, such as record-keeping and reporting.

- Legal Basis: Processing is necessary for compliance with a legal obligation (Article 6(1)(c) GDPR).

Data Sharing

We may share your personal data with the following parties:

- Healthcare Professionals: With your consent, we may share information with other healthcare providers involved in your care.

- Regulatory Bodies: When required, we may share data with regulatory bodies to comply with legal obligations.

- Service Providers: We use third-party service providers to manage our operations, such as IT services and payment processors, who are bound by confidentiality agreements.

Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction. These measures include secure storage solutions, encryption, and access controls.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including any legal, accounting, or reporting requirements. Typically, this will be for a minimum of 7 years following the end of our counselling relationship, unless a longer retention period is required by law.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

- Right to Access: You have the right to request copies of your personal data.

- Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or incomplete.

- Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.

- Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.

- Right to Data Portability: You have the right to request that we transfer your data to another organization, or directly to you, under certain conditions.

- Right to Object: You have the right to object to our processing of your personal data, under certain conditions.

Contact Us

If you have any questions about this privacy policy or our data practices, please contact us at:

My Online Counsellor

Debbiecrew@myonlinecounsellor.org

General Data Protection Regulation (GDPR), registered number C1510715

## Complaints

If you believe that we have not complied with your data protection rights, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Website: [www.ico.org.uk](https://www.ico.org.uk)

Telephone: 0303 123 1113

This privacy policy was last updated on 18th July 2024.