Carolynne Bull and CMB Counselling hereinafter referred to as ‘CMB’ are committed to protecting the privacy of all people who we hold information on (referred to as data subjects).
The following statement outlines how we use and protect your information and who to contact if you have any issues or queries regarding our Privacy Statement. This statement is fully compliant with EU GDPR and UK GDPR regulations and ensures we conform to all laws as the “data controller” of the information you provide to us.
How we collect your information
We collect information:
- when you contact us directly via email, phone, post, and message functions;
- when you complete booking, referral, enquiry, application, evaluation forms (online and hard copy) for CMB services;
- when your personal information is passed on to us (with your consent) from authorised third-parties.
Use of your information
We will only process the data we collect about you if there is a reason for doing so, and if that reason is permitted under data protection law. We will have a lawful basis for processing your information: if we need to process your information in order to provide you with the service you have requested or to enter into a contract; if we have your consent; if we have a justifiable reason for processing your data; or if we are under a legal obligation to do so.
Where we need to, in order to provide you with the service you have requested or to enter into a contract, we use your information:
- to enable us to provide you with access to relevant documentation and information;
- to supply the services you have requested;
- to enable us to collect payment from you; and
- to contact you where necessary concerning our services, such as to resolve issues you may have with the service you have received from CMB.
We also process your data where we have a justifiable reason for doing so. We have listed the reasons below:
- to improve the effectiveness and quality of service that our service users can expect from us in the future;
- to enable our support services team to help you with any enquiries or complaints in the most efficient way possible;
- to contact you for your views and feedback on our services and to notify you if there are any important changes or developments to our website or our services, including letting you know that our services are operating in a new area, where you have asked us to do so;
Where we are under a legal obligation to do so we may use your information to create a record of your interactions with CMB; comply with any legal obligation or regulatory requirement to which we are subject.
Retention of your information
We will not retain your information for any longer than we think is necessary.
Information that we collect will be retained for as long as needed to fulfil the purposes outlined in the ‘Use of your information’ section above, in line with our legitimate interest or for a period specifically required by applicable regulations or laws, such as retaining the information for regulatory reporting purposes.
When determining the relevant retention periods, we will take into account factors including:
- our contractual obligations and rights in relation to the information involved;
- legal obligation(s) under applicable law to retain data for a certain period of time;
- statute of limitations under applicable law(s);
- our legitimate interests (potential) disputes; and guidelines issued by relevant data protection authorities.
Otherwise, we securely erase your information where we no longer require your information for the purposes collected.
Disclosure of your information
The information we collect about you will be transferred to and stored on our servers. We are very careful and transparent about who else your information is shared with.
Sharing your information internally
We share your information internally only where necessary for the purposes set out in section 4.
Sharing your information with third parties
We share your information with third party service providers only where necessary for the purposes set out in section 4. The types of third party service providers whom we share your information with includes:
Qualified Social Work colleagues, Ofsted inspected adoption support agencies, LA Social Work departments.
Commissioners (including local authorities, schools, health services and statutory authorities) for the purposes of contract compliance; progress reporting on services being provided on behalf of commissioners; duty of care; safeguarding regulations; legal compliance, research and evaluation.
CMB will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy statement when it is transferred to third parties.
We may also share your information:
if we are under a duty to disclose or share your information in order to comply with (and/or where we believe we are under a duty to comply with) any legal obligation or regulatory requirement.
This includes exchanging information with other companies and other organisations for the purposes of fraud protection and prevention.
Security and Confidentiality
We adopt robust technologies and policies to ensure the personal information we hold about you is suitably protected.
We take steps to protect your information from unauthorised access and against unlawful processing, accidental loss, destruction and damage.
CMB is committed to providing a confidential service to its users.
For the purpose of this policy, confidentiality relates to the transmission of personal, sensitive, or identifiable information about individuals or organisations (confidential information), which comes into the possession of CMB through its work.
CMB holds personal data about its users which will only be used for the purposes for which it was gathered and will not be disclosed to anyone outside of the organisation without prior permission.
All personal data will be dealt with sensitively and in the strictest confidence internally and externally.
All personal paper-based and electronic data must be stored in accordance with the Data Protection Act 2018 and must be secured against unauthorised access, accidental disclosure, loss, or destruction.
All personal paper-based and electronic data must only be accessible to those individuals authorised to have access.
CMB is committed to effective statistical recording of the use of its services to monitor usage and performance.
All statistical records given to third parties, shall be produced in anonymous form, so individuals cannot be recognised.
All records are kept in locked filing cabinets. All information relating to service users will be left in locked drawers. This includes notebooks, copies of correspondence and any other sources of information.
All computer records are password protected and can only be accessed by the Registered Manager.
Clients may request access to information held about them in line with the Freedom of Information Act. Clients should request the information in writing and copies of all records will be provided within 14 days. Third party information will be removed.
Breaches of Confidentiality
CMB recognises that occasions may arise where individual workers feel they need to breach confidentiality. Confidential or sensitive information relating to an individual may be divulged where there is risk of danger to the individual, a volunteer or employee, or the public at large, or where it is against the law to withhold it. In these circumstances, information may be divulged to external agencies e.g. police or social services on a need to know basis. Please see the Safeguarding policy for more information.
Under data protection law, you may have a number of rights concerning the data we hold about you. If you wish to exercise any of these rights, please contact our Data Protection Officer using the contact details set out above. For additional information on your rights please contact your data protection authority and see below.
The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this statement.
The right of access. You have the right to obtain access to your information (if we’re processing it). This will enable you, for example, to check that we’re using your information in accordance with data protection law. If you wish to access the information we hold about you in this way, please get in touch.
The right to rectification. You are entitled to have your information corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by contacting us.
The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of certain of the information that we hold about you by contacting us.
The right to restrict processing. You have rights to ‘block’ or ‘suppress’ further use of your information. When processing is restricted, we can still store your information, but will not use it further.
The right to data portability. You have the right to obtain your personal information in an accessible and transferrable format so that you can re-use it for your own purposes across different service providers. This is not a general right however and there are exceptions. To learn more please get in touch.
The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your information with the national data protection authority, for the UK this is the Information Commissioners Office (ICO).
The right to withdraw consent. If you have given your consent to anything we do with your information (i.e. we rely on consent as a legal basis for processing your information), you have the right to withdraw that consent at any time. You can do this by contacting us (see Contact Details). Withdrawing consent will not however make unlawful our use of your information while consent had been apparent.
The right to object to processing. You have the right to object to certain types of processing, including processing for direct marketing and profiling.
Changes to CMB’s Privacy Statement
Any changes to our privacy statement will be posted on our website.
This privacy statement was last updated: 16/11/2021
If you’re not satisfied with our response to any complaint or believe our processing of your information does not comply with data protection law, you can make a complaint to the Information Commissioner’s Office (ICO) using the following details:
Postal Address: 6 Regent Square, London WC1H 8HZ, United Kingdom
Telephone: 01329 600164
Carolynne Bull is Director of CMB Counselling Services.
19 Frog Lane, Titchfield, PO14 4DU.
CMB Counselling Services ICO registration number: ZB073745