Marches Counselling Service is committed to keeping the personal information people share with us safe and being clear about how we collect their data, how it is stored and what we do with it.
This policy applies to the MCS website marchescounselling.org as well as contact initiated by people to ask for information, support or training from us, to use our services, donate to us, work or to support us.
This policy applies to personal information that is given to arrange person-to-person, telephone and webcam counselling/psychotherapy appointments. However there are additional protocols pertaining to sensitive information (clinical notes) recorded and kept on file by our counsellors that are governed by the MCS Confidentiality Policy (C-02).
MCS is a registered charity and not required to be registered with the Information Commissioners Office (ICO) under the General Data Protection Regulations (GDPR) [(EU) 2016/679]. In line with ICO guidance (See document 20140911, “The exemption from registration for ‘not-for-profit’ organisations”) MCS complies with the “Eight data protection principles of good practice”)
If you have any queries about this policy, please get in touch with the office administrator:
By email: firstname.lastname@example.org
By post: 57 St Owens Street, Hereford, HR1 2JQ
By phone: 01432 279906
What information do we collect about you?
Information given directly to us
We will collect and store information given to us by someone when they contact us or fill in one of the forms on our website (including the CPD mailing list and Paypal):
- To book an appointment
- Register for an event
- Register for a workshop or CPD
- Make an enquiry
- Complete a survey
- Sign up to support a campaign
- Support our work through a donation
- Fundraise on our behalf
- Tell us their story (for example, as a media case study)
- Give feedback or make a complaint
- Apply for a job or work with us
- Register as a volunteer
- Enter into a contract with us
- Are photographed or filmed (for example, at a MCS event)
- In the case of providing personal information to proceed with a self-referral for counselling, privacy is explained verbally or in an email to the person concerned, depending on how they have contacted us. We explain in simple terms how the information they have given will be securely kept in line with privacy legislation and how they can access this policy. It is also made clear that this information will be destroyed if they do not proceed with counselling
- Our Client Privacy Notice for data processing is sent to a person who is proceeding with referral to counselling (see appendix 1)
Information someone gives us indirectly
- We store certain data about peoples’ visits to our website, for example, about their location or IP address
- We store information about how they navigate our website, although this cannot be used to personally identify someone.
- We do not collect and store personal information if a person interacts with us on our social media platforms: Facebook, Twitter, Instagram and LinkedIn. However these platforms, as hosts for MCS accounts (pages etc), may do so. MCS isn’t responsible for data collected by these platforms and people are asked to check their own privacy settings on these individual sites
- Certain types of personal information are recognised by data protection law as being more sensitive.
- MCS will not collect sensitive information when it is given indirectly, for example if a person chooses to disclose such information on a social media site without the intention of requesting a service from us. We advise people to think carefully about how they share such information on the internet where appropriate
- MCS is an adult counselling service. Young people aged 13 and under are advised to gain the permission of a parent/guardian before sharing information with us through our online website and social media platformsc
How personal information is used by MCS
We will use personal information to do the following:
- Provide people with information or services they have requested
- Process one-off or regular donations and to claim Gift Aid.
- Make our marketing campaigns more targeted and relevant to potential clients and donors; we will only send marketing information to someone if they have given us specific consent to do.
- Respond to direct requests where a person contacts us with a query – i.e. we will use personal information to respond.
- Carry out general administrative tasks like dealing with complaints and feedback, essential record-keeping.
- Take payments from individuals when processing orders and payments for goods an services.
- keep a person safe in the event that we reasonably think a person (or someone else connected to them) is at risk of serious harm or abuse.
- Conduct polls, surveys and market research. For example, we may invite people to take part so that we can improve our website, services and/or strategic development.
- Improve visitors experience of our website, so that we may offer a more user-friendly navigation.
- Process applications to work at MCS
How long we keep personal information
- We undertake to not keep personal information for any longer than necessary and only in relation to the purpose for which it was first collected. This is in line with GDPR and as advised by ICO.
- We may however hold some types of data for up to seven years. For example, in the case of financial transactions we will keep personal information for as long as legally required in respect of tax or accounting purposes.
- We will only use personal information given to us by an individual for the purposes for which it was obtained in the first place. We do not share it with any third parties who use such information to sell services, for marketing or other promotional purposes
- However, there are two very explicit ways in which your data might be shared:
- In the event that we use third party suppliers to help deliver our services, fundraising activities and campaigns. For example, we use Mailchimp to send out newsletters via email.
- Where we are legally bound to disclose your personal information because of concerns around child sexual abuse and terrorism.
Information governance – keeping personal information safe
- We have both digital and administrative safeguards to make sure individuals’ data is secure at MCS. Systems and protocols pertaining to access to information is reviewed on a regular basis and limited to those people who have permission to access it.
- MCS webforms are used for the purposes of obtaining essential contact information and discourage the sharing of sensitive information. Where we pass highly sensitive data over the internet such as credit or debit card details, or clinical information pertaining to personal circumstances, MCS uses an end to end encrypted email account (Protonmail).
- We recognise that there are inherent risks to passing information over public networks and will use alternative means if a person has legitimate concerns. We always check at the point of first contact preferred ways of communication. However MCS, like all organisations, cannot guarantee 100% security of data handled in this way.
Access to information and managing personal data
MCS upholds the entitlement for people to exercise their rights under EU data protection laws (GDPR). These are as follows:
- Right of Rectification: to ask for information about them to be updated or corrected.
- Right to Data Portability: Receive a copy of the information which we store
- Right to Restrict Use: Ask for personal information about them to stop being used in certain cases, including if it is believed that the personal information is incorrect or the use is unlawful.
- Right to Object: Objecting to use of personal information (where a party is processing it on legitimate interest basis) and to personal information being deleted.
- Right to Erasure: In certain circumstances, a person can ask for information about them to be deleted
We will not charge for either considering or complying with a request unless it is deemed to be excessive in nature. We will ask for a proof of identity and upon this being successfully verified, a person is entitled to obtain the following information about their personal data held by us:
(i) The purposes of the collection, processing, use and storage of the personal data.
(ii) The source(s) of the personal information, if it was not obtained from the person themselves.
(iii) The categories of personal data stored.
(iv) The recipients (or categories of recipients) to whom someone’s personal data has been or may be transmitted, along with the location of those recipients.
(v) The envisaged period of storage for their personal data or the rationale for determining the storage period.
(vii) The use of any automated decision-making and/or profiling
Complaints and feedback
If you’re unhappy with our response, you may then raise your concern directly with the Information Commissioner’s Office: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Alternatively you can visit the ICO website.
(Last updated: Feb 2021)
Cookies are little text files downloaded by and stored on your device (phone, laptop, tablet, etc.) when you visit a website. Cookies are used to help the website owner (in this case, MCS) to provide you with a smooth experience while you browse.
- Make our website work
- Collect anonymous data to gain insight into how visitors use our website
- Allow you to share content with social networks like Twitter and Facebook.