Home » privacy policy

Introduction

This page explains:

  • whether and what personal information is being collected about you;
  • how your personal information, if any, is being used;
  • how and when personal information is shared, if at all;
  • how this personal information is stored and protected ;
  • how you can determine whether we hold any personal data on you;
  • how you can get a copy of that information, if it exists;
  • how you can make sure that your personal information is up to date and accurate;
  • how to get us to delete your personal data from our system;
  • how to make a complaint about the use of your personal data


What personal data do we store?

 
  1. your login email and password
  2. the information that you yourself put in your public profile
  3. information about which pages you accessed on the website
  4. a record of any payments you made (but never bank or card details)

 

We store on this website only personal data that has been explicitly provided by practitioners who register on the website and who provide this data for the purpose of advertising their counselling practice or agency, or other data for the purpose of the performance of our contract with them.

We never store (or know) any details related to people's bank cards or credit cards.

Practitioners who register on the site commit to not submit to the site any information that is private or sensitive, either about themselves or about others (eg. fellow counsellors in their practice), and to promptly keep it up-to-date.

All personal data about practitioners listed on this website has been directly provided by, and may be immediately updated or deleted by, the practitioner themselves (or their agent), by logging in to the website. (The only exception is the practitioners 'login' email address, which for security purposes can only be updated or deleted by contacting us).

Practitioners who register must agree to keep their personal data promptly up to date. If you have concerns about the currency of the details provided by practitioners please, in the first instance, contact the practitioner concerned to remind them to update their details. If they fail to respond, you're welcome to contact us and let us know, quoting the practitioner's name and listed phone number, and a description of the problem.

If you're listed on this website, you can see, review, update or delete the listed information by logging in using the email address you registered with.

You can request a password reminder on the site's login page.

If you cannot remember your login email, email us, quoting the name that you appear with in the directory.

If you register, your information won't be displayed before we have confirmation that the email address you specify is one that you really do have access to. This is done either by sending you an email at that address, which you must respond to, or by finding the same email address on the website of a recognised organisation (such as BACP or IACP) and listed as yours (or other documentation or contact details as appropriate).

Everyone who chooses to list themselves in this directory provides at least the following details, which are stored in our database until the practitioner changes them, or requests their removal:

(a) your login details
(b) a first name and surname
(c) one piece of contact information - either an email address or a telephone number
(d) either a practice address (minimally the area in which you practice and the first part of your postcode, if UK based) or a method of practicing remotely (eg. email, phone, online).

You will be able to change those details (except for the login email address, which for security purposes can only be amended by contacting us), but cannot remove them except by requesting de-registration (since your profile must have a minimal amount of detail to be able to appear in searches and enable potential clients to contact you).

What further information you choose to submit is under your control.

Inappropriate or offensive information may be deleted from your profile, or your profile removed in this case. Content that fails to meet the style guidelines of the site may be edited to comply, but we will not add any personal data that you have not already provided.

Where the web address you provide consistently and persistently redirects to a different website, we may change your registered web address to correspond to the directed-to website.

We do not retain any personal information that you remove from your profile. On your email request, we will de-registered you from the site; we do so by deleting all records of your registration and profile, including your personal data, from our database. You may do this at any time.

Whether you're a registered user or not, our website server follows the standard practice of storing for a limited period information such as:
(a) host names;
(b) IP addresses;
(c) domain name;
(d) the browser version and platform when information is requested;
(e) the time and date information is requested;
(f) a record of which pages have been requested.

Other than (a) - (f) we only store on this website the personal details that registered counsellors choose to submit to the site, and information about payments they choose to make. If you send an email to one of our profile managers or website manager, that message may persist in their email folders.

We may use the information in (a) - (f) to produce statistics in relation to which pages are being accessed, and occasionally to help trace any problems - for example if a user experiences problems that appear to be related to a specific browser version or platform.

The following counsellor information, if held by us, is not made public:
(a) whether and how much you contribute to the running of the site
(b) your login email and password
(c) any email correspondence

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you're responsible for keeping this password confidential. We ask you not to share a password with anyone, nor to use a password that you employ in other contexts.

All online financial transactions are carried out via PayPal, or similar established online payment operators. If you make a payment, we will record the date, time and amount, but we never know, and do not store, any transaction information related to credit or debit cards. At your request, or when you de-register from the directory, we will delete our records of your personal data from our database; however information held by PayPal, or similar service providers, on financial transactions that you have made with us may persist.

The personal data that we collect from you will be stored on our servers in secure facilities inside the European Economic Area ("EEA") or in the UK.


How is personal information used?

Where you choose to submit and display details related to your practice, those details may appear in searches on the website, and on your "profile" page.

If you're registered with us, we may use your contact details to communicate with you so that you can get the most out of the services that we provide.

Where you claim to be a member of a professional organisation, we may share the details you provide with that organisation, in order to verify your claim.

Keeping your personal details private is very important to us. Other than the profile information that you provide for public viewing, none of your personal information is stored in such a way that it can be publicly accessed over the Internet.

However, no data transmission over the internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot warrant the security of any information you transmit to us, and you do so at your own risk. Once we receive your transmission, we make our best efforts to ensure its security on our systems.

If you register on our website, we may contact any organisation which you claim or appear to be a member of, be registered with, or trained with, to check your submitted details and to obtain a contact route (phone, email or postal) by which to communication with you to help check that you're who you say you are. During the checking process we may disclose to such organisations any of the information that you submit to us, for the purposed of making these security checks.


Your rights

You have a right to know what personal data we hold on you

You're entitled to know what personal data we hold on you (and to delete it if you want to).

You can do this by logging in using the details you registered with.

We only hold on the website information on people who registered, and only store the personal data that they themselves upload (for the purpose of public display).

If you have an account with us, you can see what personal data we hold on you by looking up your profile in the directory by logging in using your login email address and password (for all profiles).

We only hold personal data that you've submitted, for the purpose of having it publicly displayed, so you shouldn't submit as part of your profile anything private or sensitive (except your password for logging in, which we strongly advise you don't use for any other logins).

If you have forgotten your password, you can request a reminder via our login page.

If you have forgotten your login email address, you can request a reminder by contacting us.

In case you missed it, if you're not registered with the directory, we do not hold any personal data about you.

You have the right to be forgotten.

To have your data permanently removed from the website's database, please contact us via the details on the site's contact page, preferably using the email address you registered with. If you use a different email address, and we cannot establish your identity, we may email the registered email address for the profile concerned, to help identify that your request is valid. (If we can't then establish contact that way, we will remove the practitioner's personal profile anyway).

With the exception of payment records (held by Paypal) and any personal information you choose to include in your emails to those who help you register and manage your profile, all personal data is stored on a secure server hosted by HeartInternet.

On your request we will delete your personal data from that database (payment records may persist).

If you have made personal disclosures in any emails which you may have sent to those who help support the directory, we will delete them promptly on your request (if they still exist). In this case please let us know what email address you sent it to, and roughly when. If you can include some content that would help us search for it, that would be helpful too. We will confirm either that we have deleted it, or that we can find no remaining email that matches that description (which would happen if it had already been deleted). If you have replied to our messages to an address other than the one we sent from (eg. if you have used a helper's personal email address because you looked it up elsewhere or knew them) we probably won't have access to that mail box, but will endeavour to successfully communicate your request and let you know of any feedback we receive about the outcome.

Please note that search engines like Google or Bing could take several days to notice that your profile's gone from our website, and in the interim may still list content from it in any snippet they give in search results that list that old profile link. We don't have any control over those or similar web providers, so please get in touch with them directly if you are concerned that they are showing information about you that you no longer list on our site.


Data Security

With the exception of payment records (held by Paypal) and any personal information you choose to include in your emails to those who help you register and manage your profile, all all personal data is stored on a secure server hosted by HeartInternet.

All personal information is input and updated via the website interface by the individual concerned (or their agent).

Apart from the individual's login details, all personal details are entered by the individual concerned, or their agent, for the purpose of public display.

All login and data-input pages use the HTTPS (HTTP Secure) protocol, for the protection of data transmitted over the internet.

Our hosting company is legally obliged to promptly report any personal data security breach. In this case, where appropriate, we will take the following action:

  • Change all passwords on accounts whose password details may have been compromised
  • Email all affected practitioners with their updated password, inviting them to set a new one
  • Inform the Information Commissioner's Office (ICO) in accordance with the guidance listed on the ICO website.

In the case that you become aware of possible compromise of your data or that of others, please contact us via the details on the site's contact page.


Complaints

If a third party complains directly to you about information in your profile being misleading or incorrect, please log in and update or remove the problematic content, if any.

If your complaint relates to personal information about you being used by a practitioner in their profile (e.g. a testimonial that identifies you by name, or a reference to you as being their colleague) please contact us. We will remove any identified reference to you from the practitioner's profile (or take down their profile if necessary) and let them know of the change.

Alternatively you may choose to contact the practitioner directly.

For other cases, if you make a complaint to us we will review the complaint and inform you of the outcome, where appropriate.

We may have to disclose the complainant's identity to whoever the complaint is about (or the nature of the complaint may make that obvious - for example, if the complaint is about the practitioner using your personal data in their profile). If a complainant doesn't want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

If your complaint relates to the appropriateness or currency of the information listed in a practitioner profile, but does not relate to you or others (for example if the practitioner's address or fee structure is out of date) please first contact the practitioner directly.

If this does not resolve the issue, or is not appropriate, then please contact us with a description of the problem, listing the name and listed contact details of any practitioner(s) it relates to.

You have the right to lodge a complaint with a supervisory authority. However, most complaints can be satifactorily and quickly resolved by contacting the practitioner directly, or where that's not feasible or successful by contacting us.

The supervisory authority for information rights is the Information Commissioner's Office (ICO), who can also assist you via their helpline number 0303 123 1113.


How do we use cookies?

When you visit some pages on this website, your computer may be issued with cookies. These are text files placed on the user's device (computer or mobile phone), for the purposes of managing and improving the services on the website (and for registered users, to support their use of the logged-into part of the site). Cookies do not contain any personally identifying information, and we do not link the information we store in cookies to any personally identifiable information the user may submit via this website. Users have the opportunity to set their devices to refuse cookies or warn the user before accepting them. For information on how to do this, the user should refer to the help menu on the browser or visit http://www.aboutcookies.org/. By registering and by using this website, you consent to the processing of your data for statistical purposes and to manage your account.

Access to the secure areas of a website is dependent upon the use of cookies. Most browsers allow the user to control the cookies, including whether or not to accept them and how to remove them. If you disable cookies on your computer, some features of our website will be unavailable to you. In particular, you won't be able to log in and manage your profile.


Giving Consent

By registering as an advertiser on this site and ticking the box that says

I have read the terms and conditions below (yes, I really have) and by clicking 'register' agree to them

you consent to the public display of any information you submit to be advertised. You must not submit personal data to the site which you do not want to be made public.

We've bent over backwards to make our terms and conditions as short and as readable as possible (less than 400 words, in plain English) so please take them seriously. The directory is mainly run on a voluntary basis so registering frivolously by making consent declarations that you don't mean is a frustration to those who support it, and takes up real people's time and effort.

In accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and Data Protection Act 2018, all user consents, and the date of consent, are recorded in the site's database. The process for consent since 13th August 2009 inclusive, is exemplified currently on the site's registration page.

The process for consent, and related content prior to the introduction of our Plain English T&C on 13th August 2009 are listed here.

Personal data operations are carried out in accordance with the Lawful Bases of Consent and of Contract.


Personal Data Management and Incident Response

In accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and Data Protection Act 2018, the directory's Personal Data Management and Incident Response plans and processes are outlined here.


Licencing and registration

This site may utilise public sector information licensed under the Open Government Licence v1.0. A data controller for the purposes of the Data Protection Act 2018, GDPR, and Data Protection (Charges and Information) Regulations 2018, Registration Number Z1366981. If you register with us, you will be given the contact details of your profile manager, who acts in the roles of Data Controller, Data Processor and Data Protection Officer.