Privacy Policy and GDPR
This Privacy Policy explains how I use and protect any information that you give to me when you use my services.
I am committed to ensuring that your privacy is protected and I take confidentiality and your right to privacy very seriously. Any information that you provide, by which you can be identified when using my services, will only be used in accordance with this privacy statement.
This policy may change from time to time. You are requested to please check this page to ensure that you continue to be comfortable with the measures that I take to protect your privacy. This policy is effective from 1st of September 2022.
By visiting http://annie-therapy.co.uk you are accepting and consenting to the practices described in this policy.
By continuing to use this site, you are agreeing to the use of cookies as described below.
For the purpose of the Data Protection Act 1998 (the Act) and GDPR, the data controller is Andriana Argyriadou.
What is GDPR?
On the 25th May 2018 General Data Protection Regulation (GDRP) legislation came into effect. GDPR replaces current data protection legislation, the Data Protection Act 1998.
It is designed to give individuals control back over personal information and to simplify regulation for business.
The 6 Principles of GDPR
Information is:
a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to
ensure that personal data that are inaccurate, having regard to the purposes for which they are
processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f) processed in a manner that ensures appropriate security of the personal data, including
protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The controller shall be responsible for and be able to demonstrate compliance with all of these principles.
Information that I collect
From your enquiry, you may give me information about you such as name, address, phone number and email, by filling in forms on my website or by corresponding by phone, e-mail or otherwise. I may also receive information about you from other sources, such as Google Analytics.
Use of my website
The use of Google Analytics helps facilitate the evaluation of the use of my website, for example which are the most popular pages, length of browsing time etc. in order to ascertain certain trends. By using this website you consent to this process, therefore, if you are not in agreement, please navigate elsewhere.
More specifically, with regard to each of your visits to my website, I may automatically collect the following information:
- Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- Information about your visit, including the full Uniform Resource Locators (URL) through and from my site (including date and time); services you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
- Any personal information such as name, postal address, telephone number, and email address given via the website will only be used to provide a requested service, and will not be disclosed to any other third party without your prior permission, or unless required to do so by law, such as terrorism, money laundering, drug trafficking, radicalisation or safeguarding concerns.
How I use your information and personal data
I may use your information:
- To carry out my obligations arising from any contracts entered into between you and me and to provide you with the information and services that you request from myself, such as to arrange appointments. This will be in accordance to the Professional Body I am registered with, the British Association for Counselling and Psychotherapy: https://www.bacp.co.uk/
- To notify you about changes to my services;
- To administer my website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- To operate my business efficiently including financial records
Links
The website may have links to third party sites I have no control over. If you visit those sites you should check you are happy with their own privacy policies and terms of use before providing any personal information. In addition, if you are linked to my website from a third party, I cannot be responsible for the privacy policies and practices of that third party site.
Where your data is stored
I accordance with professional guidelines, identifiable information about yourself, such as your name, email address and phone number, are stored separately from sensitive personal information about yourself. Any device that may contain those (such as a computer) will be password protected. Clinical notes are stored in a secure, locked cabinet and are destroyed 6 years after the end of your sessions, in accordance with professional and legal guidelines.
I use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails I send or receive may not be protected in transit.
I will also monitor any emails sent to me, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Should you choose not to consent to me using your contact details in any form submitted, please contact me by email:
All of the above steps are taken in order to enable you to speak freely and in confidence. If I am approached by a third party, this will be raised with you, as soon as the request becomes apparent. Your agreement to share any information will be explicitly sought and discussed in advance. The only exceptions to the above include: 1) if there is reasonable cause to believe that there is significant harm likely to be imminent to yourself, or another, 2) where there are reasonable grounds to believe that there is involvement with terrorism, or money laundering and 3) if specifically ordered to do so by a Court of Law.
Access to information
You can request access to the personal information that I hold about you.
You may request amendments to the personal information I hold about you that is inaccurate or out-of-date. If you request that I delete your personal information, I will take all reasonable steps to do so.
Your acceptance
By using the website, you consent to the collection and use of the information by me in accordance with our privacy policy.
Your rights
Any personal information submitted via my website is treated in accordance with the data protection Act 1998, including compliance with GDPR 2018. To find out more about your entitlements under this legislation, visit the Information Commissioner’s website at https://ico.org.uk/
Data Beaches
Should a data breach be detected, you and the ICO www.ico.org will be notified within 72 days in accordance with their requirements.
Contact
Complaints, questions, comments and access requests are welcomed and should be addressed to Andriana Argyriadou, Data Protection Officer,