‍ ‍

Privacy Policy

‍ ‍

Welcome to my private therapy practice website. This Privacy Policy explains how I, Danielle Carrott, collect, use, store, and protect your personal data when you use my website, contact me, or engage in online therapy services.

1. Key Identity & Registration Details

I protect your personal data in line with the requirements of the General Data Protection Regulation (GDPR). The GDPR requires data controllers such as ourselves to document our lawful basis for processing personal data. It also gives you rights over how your data is processed. This privacy policy documents the data we collect, why and how we process it, and how to exercise your rights.

The data controller responsible for this website is Danielle Carrott Counselling.

 Email: dlc.counselling@gmail.com

Telephone: 07884328762

I am registered with the Information Commissioner's Office (ICO). My ICO registration reference number is Registration reference: ZB741191.

  • Professional Memberships:  I am an Accredited member of National Counselling and Psychotherapy Society (NCPS). I adhere to their ethical framework regarding confidentiality.

Types of Data Collected & The Lawful Basis.

As an online therapist I process two distinct types of data, which require different legal justifications under the UK GDPR.

  • Personal Data: Names, DOB, email addresses, phone numbers, and GP information. I hold the information due to contractual necessity (to deliver the therapy sessions) and Legitimate interests (for administrative business operations).

  • Special Category Data: I keep brief notes of each clinical session, again as required by my insurers. These notes will not be shared with any third party unless subject to a court order. With this in mind, I keep details to a minimum and try to focus on the process used and outcomes, rather than disclosing private matters. I am obliged to maintain records of these notes for 5 years. You have the right to receive a copy of these notes and any other data I hold at any time.

  • Lawful Basis: Article 6(1)(f) / Article 9(2)(h) of the GDPR. This covers the provision of health or social care treatment. I uphold NCPS ethical code of conduct, The records are kept on a secure password protected device and locked away in a secure environment.

·        Google Analytics: I use Google Analytics to track visitor interaction with the site in order to produce statistical reports. Google collects details of the pages you view and the time you viewed them, the features of your browser, and your IP address. For more information on how Google handles the data it collects, see Google’s privacy policy.

To opt out of Google Analytics tracking on our site, see the Google Analytics section of our cookie policy.

Lawful basis for processing: Pursuance of our legitimate interests. To allow us to analyse how visitors interaction with our site to improve our site and our services.

  • BACS Payments: Payments are made via direct bank transfer (BACS). I do not store your bank details; they appear only on my professional bank statements for accounting purposes.

Squarespace.

I use square space to host the site site, run contact forms, and I may track analytics (cookies). This information may also include details about your use of this website, including:

·       Clicks

·       Internal links

·       Pages visited

·       Scrolling

·       Searches

·       Timestamps

The contact form inquiries are securely processed through Squarespace. See their private policy here.

Zoom.

I use Zoom to facilitate the live video and audio for our therapy sessions. Our sessions are strictly live, password-protected, encrypted, and never recorded (unless explicit, separate written consent is obtained for a specific training purpose).

4. Data Sharing & Insurance Obligations.

Data and client information may be passed over in such safeguarding cases as:

  • Holistic Insurance: Data may be shared with my professional indemnity insurance provider (Holistic Insurance Services) only if a legal claim or formal complaint arises.

‍ ‍Legal Exceptions to Confidentiality: All material from sessions remains confidential except in the following circumstances:

·       Risk of Harm

·       Subpoena by a Court of Law

·       Acts of Terrorism

·       Organised Crime

·       Child Protection Act

As far as reasonably possible I would always aim to discuss this with the client before taking action, the limits of confidentiality are discussed during the first initial session with the client and written in a contract that both parties sign and have a copy of.

  • Clinical Supervision: Within supervision non-identifying themes may be discussed with a qualified clinical supervisor to maintain professional standards, as required by the NCPS. They also uphold NCPS code of conduct and confidentiality.

Your Legal Rights

Under the UK GDPR, you have the right to:

‍ ‍

  • Access your data by requesting a copy of the records I hold about you.

  • Rectify any inaccurate or incomplete information.

  • Restrict or object to the processing of your personal data.

  • Request Erasure of your data. Please note that my legal and insurance obligations to retain clinical notes for 5 years will generally override requests to delete clinical data early.

If you wish to exercise any of these rights, please contact me at dlc.counselling@gmail.com.

‍ ‍

8. Complaints

If you have any concerns about how I handle your data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk. I would, however, appreciate the chance to resolve your concerns directly with you first.

‍ ‍