Your privacy is a top priority. We're committed to always being a good custodian of your personal information, handling it in a responsible manner, and securing it with industry standard administrative, technical and physical safeguards.
We follow two guiding principles when it comes to your privacy:
Scottish Counselling Services is registered as a data controller with the Information Commissioner's Office (ICO).
It is also a company registered in Scotland (Company Number SC639767).
If you have any queries about this privacy notice or about any aspect of our data management, please contact email@example.com
We review and update this privacy notice regularly to ensure it continues to comply with the latest regulations and best practice. This privacy notice was last amended on 3 Feb 2020.
a) Storage and management of personal information
Any personal data provided by you is stored securely, and only the minimum required is kept in order to deal with your account so that you can use our service. We use one third party processors to provide email and text based services for our applications, and another third party to process our payments. Both of these rely upon some transfer of your privacy from us to these parties.
b) Visitors to our website
When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to track the number of visitors to the site. This information is only processed in a way that does not identify anyone.
What the information is used for
We may use information to:
We send messages by post, telephone, text, email or other digital methods. These messages may be:
We will keep records of purchases for financial audit reasons for six years.
We will not pass on your information to a third party to use in their own direct marketing without your consent.
Sharing your information
We will not share your information with any third parties unless:
By being a subscriber and using our products and services, you grant us permission to process personal data which you have provided to us.
We try to meet the highest standards when collecting and using personal information, and we take any complaints about this very seriously. We encourage you to let us know if you think that our collection or use of information is unfair, misleading or inappropriate. We also welcome any suggestions for improving our procedures.
This privacy notice does not provide exhaustive details of all aspects of our collection and use of personal information. However, we're happy to provide any additional information or explanation needed. Please send any requests for this to firstname.lastname@example.org
If you want to make a complaint about the way we've processed your personal information, you can contact the ICO as the statutory body which oversees data protection law - see ICO concerns.
Under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018), you have rights as a data subject which you can exercise in relation to the information we hold about you. You can read more about these rights on the ICO's website.
Access to your information
We try to be as open as we can in terms of giving people access to their personal information. You can find out if we hold any personal information about you by making a 'subject access request' under GDPR. If we do hold information about you, we will:
If you agree, we'll try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
Please be aware that we may withhold information from you or provide you with redacted documents in line with exemptions in appropriate legislation.
You can ask us to correct any mistakes in any factual information we hold about you, such as your address, date of birth, contact details etc.
The GDPR also gives you the right to have the data we hold about you deleted in some circumstances. This is called the 'right to erasure' or the 'right to be forgotten'. The right applies in the following circumstances:
Please be aware that we are unlikely to delete financial transactional data, core membership data, declarations you have made to us or any conduct related information that is being retained in the public interest.
Making a request
If you would like to exercise your above rights, please contact email@example.com with details of your request.
In many circumstances we will not disclose personal data without consent, but there are circumstances where we might do so. The list below provides some scenarios in which we may disclose personal data. Please be aware that this is not a complete list but serves as an example.
We will only share information that we consider to be necessary and proportionate.
We will only share personal data with other organisations where we are satisfied that the other organisation is entitled to receive it. Where relevant, we carry out due diligence checks on other organisations and ensure we have appropriate data protection agreements in place.
We're committed to holding all personal data within secure systems. We keep any paper-based personal data in locked cabinets to which only appropriate staff have access. We're working to reduce the amount of paper-based information we hold as it is easier to secure data if it is only held electronically.