This page explains:
- what information is being collected about you;
- how personal information is being used;
- to whom personal information is being disclosed; and
- how this personal information is stored and protected.
What personal information do we collect?
We store on this website only personal data that has been explicitly provided by practitioners who register on the website and who provide this data for the purpose of advertising their counselling practice or agency, or other data for the purpose of the performance of our contract with them.
We never store (or know) any details related to people's bank cards or credit cards.
Practitioners who register on the site commit to not submit to the site any information that is private or sensitive, either about themselves or about others (eg. fellow counsellors in their practice), and to promptly keep it up-to-date.
All personal data about practitioners listed on this website has been directly provided by, and may be immediately updated or deleted by, the practitioner themselves (or their agent), by logging in to the website. (The only exception is the practitioners 'login' email address, which for security purposes can only be updated or deleted by contacting us).
Practitioners who register must agree to keep their personal data promptly up to date. If you have concerns about the currency of the details provided by practitioners please, in the first instance, contact the practitioner concerned to remind them to update their details. If they fail to respond, you're welcome to contact us and let us know, quoting the practitioner's name and listed phone number, and a description of the problem.
If you submit a message to a practitioner via this website, the message you submit is emailed to the practitioner, but is not stored by us.
If you're listed on this website, you can see, review, update or delete the listed information
by logging in using the email address you registered with.
You can request a password reminder on the site's login page.
If you cannot remember your login email, email us, quoting the name that you appear with in the directory.
If you register, your information won't be displayed before we have confirmation that the email address you specify is one that you really do have access to. This is done either by sending you an email at that address, which you must respond to, or by finding the same email address on the website of a recognised organisation (such as BACP or IACP) and listed as yours (or other documentation or contact details as appropriate).
Everyone who chooses to list themselves in this directory provides at least the following details, which are stored in our database until the practitioner changes them, or requests their removal:
(a) your login details
(b) a first name and surname
(c) one piece of contact information - either an email address or a telephone number
(d) either a practice address (minimally the area in which you practice and the first part of your postcode, if UK based) or a method of practicing remotely (eg. email, phone, online).
You will be able to change those details (except for the login email address, which for security purposes can only be amended by contacting us), but cannot remove them except by requesting de-registration (since your profile must have a minimal amount of detail to be able to appear in searches and enable potential clients to contact you).
What further information you choose to submit is under your control.
Inappropriate or offensive information may be deleted from your profile, or your profile removed in this case.
Content that fails to meet the style guidelines of the site may be edited to comply, but we will not add any personal data that you have not already provided.
Where the web address you provide consistently and persistently redirects to a different website, we may change your registered web address to correspond to the directed-to website.
We do not retain any personal information that you remove from your profile. On your email request, we will de-registered you from the site; we do so by deleting all records of your registration and profile, including your personal data, from our database. You may do this at any time.
Whether you're a registered user or not, our website server follows the standard practice of storing for a limited period information such as:
(a) host names;
(b) IP addresses;
(c) domain name;
(d) the browser version and platform when information is requested;
(e) the time and date information is requested;
(f) a record of which pages have been requested.
Other than (a) - (f) we only store on this website the personal details that registered counsellors choose to submit to the site, and information about payments they choose to make.
If you send an email to one of our profile managers or website manager, that message may persist in their email folders.
We may use the information in (a) - (f) to produce statistics in relation to which pages are being accessed, and occasionally to help trace any problems - for example if a user experiences problems that appear to be related to a specific browser version or platform.
The following counsellor information, if held by us, is not made public:
(a) whether and how much you contribute to the running of the site
(b) your login email and password
(c) any email correspondence
Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you're responsible for keeping this password confidential. We ask you not to share a password with anyone, nor to use a password that you employ in other contexts.
All online financial transactions are carried out via PayPal, or similar established online payment operators.
If you make a payment, we will record the date, time and amount, but we
never know, and do not store, any transaction information related to credit or debit cards.
At your request, or when you de-register from the directory, we will delete our records of your personal data from our database; however
information held by PayPal, or similar service providers, on financial transactions that you have made with us may persist.
The personal data that we collect from you will be stored on our servers in secure facilities inside the European Economic Area ("EEA") or in the UK.
How is personal information used?
Where you choose to submit and display details related to your practice, those details may appear in searches on the website, and on your "profile" page.
If you're registered with us, we may use your contact details to communicate with you so that you can get the most out of the services that we provide.
Where you claim to be a member of a professional organisation, we may share the details you provide with that organisation, in order to verify your claim.
Keeping your personal details private is very important to us. Other than the profile information that you provide for public viewing, none of your personal information is stored in such a way that it can be publicly accessed over the Internet.
However, no data transmission over the internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot warrant the security of any information you transmit to us, and you do so at your own risk. Once we receive your transmission, we make our best efforts to ensure its security on our systems.
If you register on our website, we may contact any organisation which you claim or appear to be a member of, be registered with, or work for, to check your submitted details and to obtain a contact route (phone, email or postal) by which to communication with you to help check that you're who you say you are. During the checking process we may disclose to such organisations any of the information that you submit to us, for the purposed of making these security checks.
You have a right to know what personal data we hold on you
You're entitled to know what personal data we hold on you (and to delete it if you want to).
You can do this by logging in using the details you registered with.
We only hold on the website information on people who registered, and only store the
personal data that they themselves upload (for the purpose of public display).
If you have an account with
us, you can see what personal data we hold on you
by looking up your profile in the directory
in using your login email address and password (for all profiles).
We only hold personal data that you've submitted, for the purpose of having it publicly
displayed, so there shouldn't anything private or sensitive (except your password
for logging in, which we strongly advise you don't use for any other logins).
If you have forgotten your password, you can request a reminder via our login page.
If you have forgotten your login email address, you can request a reminder by contacting us.
In case you missed it, if you're not registered with the directory, we do not hold any personal data about you.
You have the right to be forgotten.
To have your data permanently removed from the website's database, please contact us via the details on the site's contact page, preferably using the email address you registered with. If you use a different email address, and we cannot establish your identity, we may email the registered email address for the profile concerned, to help identify that your request is valid.
All website data is stored on a secure server hosted by HeartInternet.
All personal information is input and updated via the website interface by the individual concerned (or their agent).
Apart from the individual's login details, all personal details are entered by the individual concerned, or their agent, for the purpose of public display.
All login and data-input pages use the HTTPS (HTTP Secure) protocol, for the protection of data transmitted over the internet.
Our hosting company is legally obliged to promptly report any personal data security breach. In this case, where appropriate, we will take the following action:
- Change all passwords on accounts whose password details may have been compromised
- Email all affected practitioners with their updated password, inviting them to set a new one
- Inform the Information Commissioner's Office (ICO) in accordance with the guidance listed on the ICO website.
In the case that you become aware of possible compromise of your data or that of others, please contact us via the details on the site's contact page.
If you make a complaint to us
we will review the complaint and inform you of the outcome, where appropriate.
We may have to disclose the complainant's identity to whoever the complaint is about,
for example, if the accuracy of a practitioner's profile is in dispute. If a complainant doesn't want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
If your complaint relates to the appropriateness or currency of the information listed in a practitioner profile,
please contact the practitioner directly.
If this does not resolve the issue, or is not appropriate, then please contact us with a description of the problem, listing the name and listed contact details of any practitioner(s) it relates to.
You have the right to lodge a complaint with a supervisory authority. However, most complaints
can be satifactorily and quickly resolved
by contacting the practitioner directly, or where that's not feasible or successful by contacting us.
If we find that a third party is contacting counsellors for commercial reasons via the site's email submission facilities, we will endeavour to block those messages.
Licencing and registration
This site may utilise public sector information licensed under the Open Government Licence v1.0.
A data controller for the purposes of the Data Protection Act 1998, Registration Number Z1366981. If you register with us, you will be given the contact
details of your profile manager, who acts in the roles of Data Controller, Data Processor and Data Protection Officer.