At Online Therapy, we are strongly committed to protecting your privacy. We will not sell or share your data with a third party for any purpose not mentioned in this policy.
Online Therapy is registered with the ICO as a Data Controller and complies fully with Data Protection Law, GDPR guidelines and all confidentiality guidelines. Read more in our ICO profile.
You can navigate the majority of our site without giving us any personal information about yourself. However, sometimes we need additional information about you in order to provide the information or services you are requesting.
Personal information that this website collects, why we collect it, and how it is stored
We will only ever collect, store and use your personal data when we have an identified lawful basis and reason to do so, such as keeping in touch with you.
At present, we collect Personally Identifiable Information submitted to this website via a Counselling Contract accessed via Google Docs and an online shop where you can pay for your counselling sessions.
Google Doc counselling contract
All Online Therapy clients are asked to complete a counselling contract. This is accessed via a link on our website which redirects you to a secure Google Doc. The Personally Identifiable Information requested on this form includes your name, gender, date of birth, address, email and phone number.
Online Therapy’s policy is to keep minimum notes and records. The information stored includes:
• Personal information such as your name, date of birth, gender, address, phone number and email
• Your completed counselling contract
• Confidential case notes (describing the main focus of the session with any important information)
• Information for service evaluation and statistical purposes
Crucially, your Personally Identifiable Information is stored separately to any other record-keeping notes. In simple terms, any confidential case notes are anonymised and unlinked to your contact details.
You can request to see the information held on you and ask for it to be amended or deleted. If you have any concerns about the policy on confidentiality and record-keeping, you are welcome to discuss it fully with your therapist.
As part of a counsellor’s professional standards, from time to time your therapist may need to share some of your information in sessions with a qualified supervisor, always under a strict confidential and professional framework. The client identity is always kept anonymous.
Your therapist may have to make exceptions to the general rules of confidentiality in the following circumstances:
1. If he/she thinks there is a serious risk of harm to yourself or others.
2. Where he/she cannot contact you and suspects you are in danger. For example, if you had not been seen for several days and colleagues and friends felt concerned, information may be disclosed without your agreement.
3. Where there is a legal requirement to disclose information. This could be because it has been ordered by a court, or because the law requires for information to be passed on without consent, for example under the Terrorism Act 2000 or the Drug Trafficking Offences Act 1986. In the first and second of these cases, your therapist would attempt to talk this through with you beforehand if possible.
Payment for therapy
The ICO defines the lawful basis for processing your data for payment of therapy sessions as ‘contractual’. To administer your payment we collect your personal data to:
- Process your payment for therapy
- Get in touch should there ever be any issues processing your payment
All electronic forms that request financial data will use the Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and our servers.
Your financial details
Online Therapy complies with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and will never store card details.
Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk.
We will never use your personal information to send you Online Therapy advertising materials by email, telephone or mail. Nor will we ever sell or share your data with a third party for any marketing purpose.
Site visitation tracking
Like most websites, this site uses Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Website and server security
The way we store/use information
We store the information you provide about yourself in a secure environment in order to provide you with the information and/or services you request. The information is stored for the lifetime of the system unless you request that it be removed. We continually review what information we hold, and delete what is no longer required. We use a number of third party data processors who are all compliant with strict data processing requirements, detailed above in sections on the counselling contract and payment for therapy.
All of the personal data we process is processed by our staff in the UK. However, for the purposes of IT hosting and maintenance your information may be situated outside of the European Economic Area (EEA). This will be done in accordance with guidance issued by the Information Commissioner’s Office.
You must opt-in or give consent for us to share your identifiable information with third parties, who would be bound by a confidentiality agreement. However, the information you provide us about yourself may be shared with our employees to the extent necessary to accommodate your request. For example, if you provide your name, mailing address, telephone and email address, this information will be shared with appropriate personnel to fulfill your request.
We would not use your Personally Identifiable Information provided to us online for purposes other than those you requested without also providing you an opportunity to agree or otherwise limit such unrelated purposes.
We will take reasonable precautions to prevent the loss, misuse or alteration of information you give us. Whilst we endeavour to keep our systems and communications protected against viruses and other harmful effects we cannot bear responsibility for all communications being virus-free.
All traffic (transferral of files/data) between this website and your browser is encrypted and delivered over HTTPS.
Our website is protected by a web application level firewall. This website’s server is also protected by a firewall. It is hosted within a UK data centre. Some of the data centre’s more notable physical security features are as follows:
- 24 x 7 x 365 manned security and monitoring on site
- Smart Card access policies
- Internal and external CCTV systems
- Security breach alarms
Leaving our website
We are not responsible for the privacy practices or the content of any other websites linked to our website. If you have followed a link from this website to another website you may be supplying information to a third party.
Your Right to Access Your Data
We respect your right to control your data. You have a right to update, correct or delete your personally identifiable information at any time by contacting us. Your rights include:
- The right to be informed about how we capture, store and use your data.
- The right of access. If you wish to obtain a record of the personal data we hold about you, through a Subject Access Request, we will respond within one month.
- The right to rectification. If we have captured information about you that is inaccurate or incomplete, we will update it.
- The right to erase. You can ask us to remove or randomise your personal details from our records.
- The right to restrict processing. You can ask us to stop using your personal data.
- The right to data portability. You can ask to obtain your personal data from us for your own purposes.
- The right to object. You can ask to be excluded from marketing activity.
- Rights in relation to automated decision making and profiling. We respect your right not to be subject to a decision that is based on automated processing.
For more information on your individual rights, please see the Information Commissioner’s Office‘s information for the public.
Making a complaint
We want to exceed your expectation in everything we do in terms of handling and processing your data. However, we know that there may be times when we do not meet our own high standards. When this happens, we want to hear about it in order to deal with the situation as quickly as possible and put measures in place to stop it happening again.
We take complaints very seriously and we treat them as an opportunity to develop our approach. This is why we are always very grateful to hear from people who are willing to take the time to help us improve.
If you are still unhappy with how we have dealt with a complaint about how we use your data, please contact the Information Commissioner’s Office.