Privacy policy

I am committed to protecting and respecting your privacy.

Please read the following carefully to understand how I will treat and regard your personal data. If you have any questions about this policy or my privacy practice please send them by email to lynsey@changeworkssussex.co.uk

You may also contact me through the contact page of my website or discuss your questions/concerns at a pre-arranged meeting with me.

A. Collection of information

Information about you comes from various sources. This includes:

  • Details of your visits to my website including, but not limited to, traffic data, location data and other communication data.
  • Information that you provide by filling in forms on my website which includes requesting further services.
  • Contact and/or personal details which you provide to me either face-to-face or through digital means.
  • Correspondence by letter or email.
  • A brief written record detailing topics discussed following any meeting or significant contact between us. Please ask if you wish to see a copy of any record written by me.
  • Date of birth of any child or young person under the age of 18 and a parent or guardian’s signature verifying this and agreeing for the child to receive a service from me.
  • Receipts for services used.
  • Comments contributed/added to this website and blog page (https://www.changeworkssussex.co.uk/)*.

B. Where I store your personal data

  • Personal data collected from you through my contact form will either be sent securely to my email address or will be stored on the server which is inside the European Economic Area (“EEA”).
  • Contact details and records are kept securely either locked away or on a password protected device and stored on a server which is inside the EEA.
  • By submitting your personal data you agree to this transfer, storing or processing. I will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

C. Uses made of the information

  • To provide you with information or services that you request from me or which I feel may interest you, where you have consented to be contacted for such purposes.
  • To carry out my obligation arising from any contract with you which we enter into.
  • To notify you about changes to my service.

D. Disclosure of your information

  • I will not disclose any personal information which I have about you unless:
  • I have good reason to believe that any individual, including yourself, may be seriously harmed should I fail to disclose the necessary information.
  • I am under a duty to disclose or share your personal data in order to comply with any legal obligation.
  • It becomes necessary in order to enforce or apply my terms of use.
  • I need to protect myself or others from fraudulent activity.
  • Please be aware that I will aim to protect your privacy at all times and should disclosure become necessary then I will limit any information shared to the bare minimum.

E. Third Parties

  • In order to protect your confidentiality:
  • My use of text messaging and email communications will, in the main, be limited to practical issues unless we agree otherwise and I have written evidence of this agreement. This is because of the potential risk to you from your sensitive information being available, in theory, to system administrators and others. You may request that there is no communication at all using these less secure methods.
  • I need to make you aware that should you pay for any services which I offer through a method other than cash you may be identified by financial services personnel whose privacy policies you may wish to consult.
  • I advise that you check the privacy policies of any websites of partner networks and affiliates whose details and/or links you may find on my website before you submit any personal data to these websites. I do not accept responsibility or liability for these policies.
  • I will not share your information with any third party service provider unless I receive permission from you to do so.
  • As part of my contractual obligation to insurance companies I am required to share certain information with them if they have contracted me to provide a service to you. The information shared will be known to you if this is the case.
  • It is part of psychotherapeutic practice and necessary for registration purposes to discuss work on a regular basis with a supervisor/s. This information is anonymised so that you or anyone else discussed in this way will not be identifiable.

F. Retention of personal information

  • Personal information relating to services received is kept for a period of seven years following the ending of the service. Contact details where no contract is agreed are destroyed immediately. All records are destroyed securely.
  • Personal information relating to children and young people where they are the main focus for the intervention will be kept for six years following their eighteenth birthday and then destroyed securely.
  • Following the temporary or permanent closure of my practice through ill-health or death I have appointed a professional executor who will have access to your personal information and will use your information in line with this privacy policy. Your information will then be kept for a period of three months unless there is sufficient reason for this period to be extended. You may request the name and contact details of this professional executor at any time. At such a time the details will be available on my website

G. Control of personal information

  • You have certain rights concerning the information I hold about you, as defined under the General Data Protection Regulation. If you wish to exercise these rights please let me know. These rights include:
  • Requesting a copy of your information.
  • Updating or correcting your information
  • Deleting your information

H. Data breaches

  • I will promptly inform you should I become aware of any unauthorised access to your personal data unless your contact details have changed and I no longer have access to them.

I. Complaints

  • If you wish to make a complaint about the way in which I have handled your personal information please contact me directly and I will investigate the matter. If you are not satisfied with my response or you believe that I am not processing your personal information in accordance with the law then you can complain to the Information Commissioner’s Office (ICO) and/or to my registering body – the United Kingdom Council of Psychotherapy and Counselling (UKCP).

J. Changes to my privacy policy

  • Any changes I may make to my privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail.

*What personal data we collect on this website and why we collect it

Comments contributed/added to this website:

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media:

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies:

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites:

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

How long we retain your data:

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data:

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data:

Visitor comments may be checked through an automated spam detection service.