This policy outlines how Navigate Therapy will use any data held about you. The privacy of your personal information is important and as such it will only be used for the purpose for which it was provided. Navigate Therapy adheres to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
For any information you can contact: Navigate Therapy
Telephone: 07752 004677
Registered with the Information Commissioner’s Office.
· the lawful basis for holding information
· how information is processed
· how long data is retained
· sensitive personal information
· your data subject rights
· complaints process
· data security
Lawful basis for holding information and how your information is processed
The GDPR states that Navigate Therapy must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which Navigate Therapy are processing your data. These will be:
Navigate Therapy gathers general information which might include which pages you visit most often, and which services, events or information is of most interest to you. Navigate Therapy may also track which pages you visit when you click on links in emails from Navigate Therapy. Navigate Therapy also use “cookies” to help the site run effectively. Navigate Therapy use this information to make improvements and to ensure Navigate Therapy provides the best service and experience for you. It also assists with tracking activity/analytic. Wherever possible Navigate Therapy uses anonymous information which does not identify individual visitors to the website.
If you are considering counselling sessions, Navigate Therapy will process your personal data where necessary for the performance of our potential contract together. When you initially make contact with an enquiry about counselling services, Navigate Therapy will collect information to help satisfy your enquiry. This will include taking basic personal details such as name, address, date of birth, contact information, information about the nature of your enquiry and your GP’s details. Alternatively, your GP or another health professional may send your details when making a referral or a parent or trusted individual may give your details when making an enquiry on your behalf. If you decide not to proceed with these services, Navigate Therapy will ensure all your personal data is deleted within 1 month. If you would like your information to be removed sooner, please email firstname.lastname@example.org.
If you are undertaking counselling sessions, Navigate Therapy will process your personal data where it is necessary for our contract together. This will include at the start keeping a record of your personal details such as name, address, date of birth, contact information, information about the nature of your therapy and your GP’s details. It may also include sensitive personal information detailed below. Once counselling sessions begin, I will also keep brief anonymised electronic notes of each session. Information will be kept securely and password protected.
Navigate Therapy may communicate via email, text message or telephone to make arrangements for sessions. Messages via email or text will be deleted within 1 month, unless Navigate Therapy agrees a legitimate reason to retain any information. Emails and messages are not a fully secure means of communication. Whilst we endeavour to keep our systems and communications protected against viruses and other intrusions, we cannot bear responsibility for the confidentiality and protection of these methods of communication.
Navigate Therapy may also provide a session via Zoom which provides a secure platform. If Navigate Therapy does this, you will be sent a unique password and passcode for the session and your name will not be show in the invite. As such the session is anonymised and any information held in calendars will be retained electronically but will not hold your details, to protect confidentiality. Although Zoom is an encrypted and secure service provider, there is a possibility, although minimal, that confidentiality could be compromised when using 3rd party platforms such as these and we cannot bear responsibility for the confidentiality and protection of these communication providers.
After counselling ends
Once your sessions have come to an end, Navigate Therapy will use legitimate interest as the lawful basis for holding and using your personal information. Once sessions have ended the following data retention will apply:
Emails – deleted within 1 month
Text messages – deleted within 1 month
Notes – deleted after 5 years from the end of our contract.
Sensitive personal information
The GDPR and data protection laws recognises Sensitive Personal Information. This can include information about a persons’ health, race, ethnicity, sexual orientation, gender and religion. The lawful basis for processing any special categories of personal information is that it is for provision of health treatment (in this case counselling) and necessary for a contract with a health professional (in this case, a contract between you and Navigate Therapy).
Your data subject rights
Under the GDPR you have a number of rights in respect of personal information held about you as follows:
· A right to request a copy of information held about you: to make a request for any personal information held about you, please put the request in writing to
· A right to object: you can object to the processing or restrict the processing of your personal information where Navigate Therapy is relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where Navigate Therapy is processing your personal information for direct marketing purposes. Please contact as noted above, providing details of your objection.
· To know if your information is shared with a 3rd party: counselling sessions are confidential, and your information will not ordinarily be shared with any 3rd parties. The details of when confidentiality may be broken are contained in the counselling contract (separate document). Navigate Therapy will always aim to speak with you first but in the event of a safeguarding matter there may be a requirement to share information with 3rd parties such as the safeguarding board, CAMHS, CMHTs, Emergency services, Multi Agency Safeguarding Hub and or GPs. Your information will never be sold or shared with another organisation so that they contact you for marketing activities. Your information will not be sold regarding web browsing activities.
· A right to access a copy of any automated processing activities: an automated decision-making activity is one when an electronic system uses personal information to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar significant impact on you, unless you have given Navigate Therapy your consent, it is necessary for a contract between you and Navigate Therapy or is otherwise permitted by law. You also have certain rights to challenge decisions made about you. Navigate Therapy does not currently carry out any automated decision-making.
· A right to correct data held: if you feel any information is held incorrectly, you can make contact to amend this.
· A right to have all information erased: if you wish your information to be erased, you can make contact to do this.
· A right to have information transferred to another company or organisation: if you wish for your information to be shared with another organisation, you can make contact to do this.
· A right to request how information is processed and used: this is outlined above, but if you have any further questions please make contact.
If you have any complaint about how your personal data is handled, please do not hesitate to get in touch. Navigate Therapy would welcome any suggestions for improving data protection procedures. If you wish to make a formal complaint about the way your personal information is processed, you can contact the Information Commissioner’s Office (ICO) which is the statutory body that oversees data protection law in the UK. For more information go to www.ico.org.uk/make-a-complaint.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. When you visit the website, it may collect information from you automatically through cookies or similar technology. For further information you can visit www.allaboutcookies.org.
· Keeping you signed in
· Analytics – understanding how you use our website
Cookies used are:
Cookie Name; _ga
Expiration Time; 2 years
Description; Used to distinguish users
Cookie Name; _gid
Expiration Time; 24 hours
Description; Used to distinguish users
Cookie Name; _gat
Expiration Time; 1 minute
Description; Used to throttle request rate. If Google
Analytics is deployed via Google Tag Manager, this cookie will be named _dc_gtm_<property-id>
Cookie Name; AMP_TOKEN
Expiration Time; 30 seconds to 1 year
Description; Contains a token that can be used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
Cookie Name; _gac_<property-id>
Expiration Time; 90 days
Description; Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
Navigate Therapy ensures the security of any personal information held by using secure data storage technologies and precise procedures in how personal information is stored, accessed and managed.
Our methods meet the GDPR compliance requirements.