top of page
Rumena Pervin - Privacy Policy

Privacy Policy

Client confidentiality is a cornerstone of Counselling and Psychotherapy.

 

I am fully committed to safeguarding the privacy of visitors to this website as well as that of my former, current and prospective clients.

Introduction

This page sets out the Privacy Policy of my own private practice and explains how I will treat your personal information.

​

If I am helping you on behalf of another organisation such as a charity or an online therapy provider, it is the Privacy Policy of that other organisation that will apply, not the one described on this page.

​

Many privacy policies are extremely long documents written in legalese with the intention to use the low likelihood of them being read to acquire wide ranging permissions to gather and leverage personal data, usually for commercial gain.  Whilst it is vital that you read this Privacy Policy so that you can take an informed decision on whether to accept it, if you read it all the way through, you will see that it is centred on protecting your privacy in line with the law and confirming that there be no commercial sale of your data.  It also provides full transparency on the use of cookies to provide this website’s features.

​

By using this website or my therapeutic services that it describes, you accept and consent to the terms and conditions contained within this Privacy Policy and, by implication, the respective privacy policies of the third party providers highlighted in the ‘Use of online third parties’ sub-section below.

​

Before you disclose the personal information of any other person(s) to me, you must obtain their consent to both the disclosure and the processing of that personal information in accordance with this Privacy Policy and the respective privacy policies of the third party providers highlighted in the ‘Use of online third parties’ sub-section below.

Updates to this Privacy Policy

From time to time, I may amend and/or update this Privacy Policy without notice to you, by publishing a new version on this page.


Therefore you should check this page periodically to ensure that you remain willing to accept the Privacy Policy that it sets out.  To help you, the bottom of this page indicates the date of the most recent change.

​

If any single change is notably substantial, I will reset this website’s ‘cookie banner’ to obtain fresh consent from returning visitors.

​

Additionally, you should periodically review the privacy policies of any third party providers highlighted in the ‘Use of online third parties’ sub-section below.

​

You confirm that I shall not be liable to you or any third party for any changes made to this Privacy Policy or the respective privacy policies of any third party providers highlighted in the ‘Use of online third parties’ sub-section below.

​

If you observe a change that is unacceptable to you, please contact me so that we can take the necessary action in line with your rights (see the ‘Your rights’ sub-section below).

My guiding principles for this Privacy Policy

Whilst the protection of privacy is ultimately achieved through the implementation of policy, my specific arrangements are guided by the following core principles:

 

  • End-to-end Confidentiality:  You deserve to feel confident that every single aspect of your therapeutic journey, including any use of this website, benefits from being confidential

  • Minimised Exposure:  You deserve to be assured that your data is captured transparently, in the most minimal form practical, is held securely for the shortest time necessary and is used only for the purposes for which it was provided by you

  • Compliant Practise:  You deserve the protections provided by my adhering to the relevant laws and the Ethical Framework of my professional body (the British Association of Counselling and Psychotherapy).

UK law

I adhere to the UK’s prevailing data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

 

The GDPR ensures your personal and confidential data is kept private and held securely and that it is processed in the way that you have agreed to.  It protects your rights as a consumer of a service or product that might involve your identifiable data such as your name and address or whether you have a specific condition.  It also covers any notes that I take during your therapy sessions as well as emails or texts that we exchange.

​

For legal purposes, I am the Data Protection Officer for the personal information I store about you.  I am registered as such with the UK’s Information Commissioner’s Office (ICO) and comply with its data handling requirements.  You can see my ICO registration here.

Limits on client confidentiality

Under UK law, there are some very specific and truly exceptional circumstances in which client confidentiality can be broken, namely:

 

  • Your disclosing of a serious or life-threatening risk of harm to yourself or others

  • Your disclosing of involvement in (or knowledge of) an act of terrorism or its funding

  • My receipt of either a Disclosure Order from a competent court or a Coroner’s request.

Capture and usage of personal information

I only collect personal data that is:

​

  • Necessary for the good practise of Counselling and/or Psychotherapy so that we can engage effectively in our work together AND

  • EITHER provided to me through your use of this website and/or my therapeutic services OR generated in the normal course of you using my services (e.g. your appointments record will form the basis of your invoices).

 

I will keep a record of the following:

​

  • Name

  • Postal Address

  • Tel No.

  • Email address

  • Some minimal medical information (e.g. your doctor’s name in case of an emergency during therapy and any current prescriptions)

  • Therapy contract

  • Session notes

  • Details generated in the course of using my services (e.g. your appointments record for invoicing purposes)

  • Any information contained in (or relating to) any communication that you send to me by whatever method (e.g. a client testimonial via this website’s ‘Feedback’ page)

  • Any other personal information that you choose to provide to me.

​

The purposes for which I will use your personal information are to:

​

  • Administer this website and my private practice (e.g. arranging appointments)

  • Enable your use of the therapeutic services described on this website (e.g. to arrange an initial assessment of your needs)

  • Send you billing-related information (e.g. invoices)

  • Send you non-marketing communications (e.g. emails addressing any enquiry that you have submitted).

Client testimonials

If (and only if) you wish to write a review at any point for my website, it will be fully anonymised in the event that it is published here.

Use of online third parties

In functional terms, this website is relatively simple with no user registration or online purchasing.  However, it still relies on some third party elements (and their use of cookies) to support its central purpose of promoting my private practice.

 

The core of this website is built using the WiX Platform which has some reliance on cookies as detailed here.  The WiX Privacy Policy can be found here.

​

The ability to view, store and share my digital business card is provided by the HiHello platform rather than WiX.  Although it is me that is the HiHello account holder rather than you, you should still read their Privacy Policy in both summarised and full form, with the latter addressing their use of cookies.

External sharing and cross-referencing

I do not and will not:


  • Share any of your personal information with a third party for any reason, except as may be required by the law (see ‘Limits on client confidentiality’ sub-section above)

  • Use any third party data sources (e.g. credit checking agencies) to cross-reference or enrich data collected by me.

International data sharing

For my clients inside of the UK, international data transfers are not required or performed and are therefore not a privacy consideration.

​

For my clients outside of the UK, personal information that I collect may be transferred to the UK for processing, storage and use in accordance with this Privacy Policy and the third party privacy policies on which it relies.

​

Clients outside of the UK expressly agree to the transfer of personal information to the UK as described in this sub-section.

Hyperlinks to other websites

My website includes hyperlinks to, and details of, third party websites.

 

I have no control over, and therefore cannot be responsible for, the privacy policies and practises of third parties or their websites.

 

The websites of third parties are obviously not governed by this Privacy Policy and you should exercise caution by carefully reviewing the Privacy Policy of any such site.

Security

To prevent unauthorised access or disclosure, I apply appropriate physical, electronic and managerial procedures to safeguard and secure the personal information collected either online or in conversation.

​

I will:

​

  • Take reasonable technical and procedural precautions to prevent the loss, misuse or alteration of your personal information.

  • Store all the personal information you provide using a combination of:

    • Secure computers (with password, firewall and anti-virus/malware protection) AND

    • Paper records physically held in locked storage cabinets.


You acknowledge that:

​

  • The transmission of information over the internet is ultimately insecure and therefore I cannot absolutely guarantee the security of your personal data sent over the internet

  • Therefore there are circumstances in which your personal data may be intercepted, lost, corrupted or accessed by unauthorised persons.

Retention

My data retention arrangements are set out below and are intended to ensure that I comply with my legal obligations.

​

In general, I will retain paper and digital documentation containing personal data to:

 

  • Enable the provision of my therapeutic services

  • Enable my compliance with the law

  • Inform any prospective or ongoing legal proceedings to which I believe the documentation may be relevant

  • Establish, exercise or defend my legal rights.

 

Subject to the four preceding considerations:

​

  • I will keep written notes of each session in anonymised form, but will store them separately to your personal information that I hold

  • As a requirement of my insurance, session notes are, by default, kept for a period of 7 years after we have ended our work, after which they will be securely destroyed

  • Any emails or text messages (and therefore potentially you telephone number) will, by default, be retained for 7 years as above

  • Under UK law, you have the right to ask me to delete your data before 7 years have passed; please contact me if this is something that you want to action

  • Your telephone number and texts will be stored on my (PIN-protected) business telephone.

Your legal rights

In summary and subject to any overriding legal requirements and appropriate ID checks, your rights enable you to ask me, either verbally or in writing, to:

 

  • Provide you with any personal information I hold about you (which I must provide within one month)

  • Limit how I use your personal information or to stop processing your personal information entirely

  • Object to my use of your personal data in specified circumstances

  • Change or delete (as applicable) any incorrectly recorded personal data that I hold about you

  • Delete your personal information in its entirety.

 

You can read a more detailed treatment of your rights here.

Complaints

If you wish to complain about how I hold your data, then in the first instance please contact me, Rumena Pervin, in my capacity as my Practice’s Data Protection Officer, at rumena@rumenapervin.com.

 

If your concerns are not addressed to your satisfaction, then you can contact the UK Information Commissioner’s Office (ICO) here.

Breaches

I will report any data breach to you, to the Information Commissioner’s Office and to the British Association of Counselling and Psychotherapy within 48 hours of it becoming apparent that any personal data has been compromised.

Most recent update to this Privacy Policy

2nd March 2024

bottom of page