Privacy notice

This Privacy Notice explains how the service collects, manages, protects, and uses the personal information of visitors to this website. The service is subject to the requirements of the General Data Protection Regulation 2018 (GDPR) and the Irish Data Protection Act 2018. Under the GDPR, personal information or personal data, means any information concerning or relating to a living person who is either identified or identifiable. This includes traditional personal information—like dates of birth, names, addresses, email addresses—and location data, financial information, and more. We are committed to protecting the privacy of all individuals that provide us with personal information.

 

This Privacy Notice relates to personal information collected through the use of this website and related technologies only. When you book an appointment, a copy of our Privacy Statement will be sent to you as part of the Counselling Agreement, relating to how your personal information is collected, used, managed, and protected as a client of the service.

 

Definitions

Personal data/personal information: these terms are used interchangeably in this Privacy Notice and are taken to mean ‘any information concerning or relating to a living person who is either identified or identifiable’. This definition is taken from the website of the Data Protection Commission.

Personally identifiable information: as used in this Privacy Notice, this term is defined as any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means. This definition is taken from from the National Institute of Standards and Technology, the US Federal Department of Commerce.

For explanations of other privacy terminology underlined in this Privacy Notice, please refer to https://www.dataprotection.ie/en/individuals/data-protection-basics/definition-key-terms

 

Legal Basis

Tim Buckley Counselling is a Data Controller of your information.

The service’s legal basis for collecting and using the personal information described in this Privacy Notice depends on the personal information we collect and the specific context in which we collect the information. It may be we:

Have obtained your consent

Are fulfilling a contractual obligation to you

Are complying with the law

Are protecting vital interests

Are performing a task carried out in the public interest

Are pursuing legitimate interests

 

Your Rights

Under GDPR you have certain rights regarding your personal data. These include:

You have the right to request a copy of the information the service holds about you

You have the right to request changes to be made to your personal information where data is factually incorrect

You have the right to restrict or object to the personal information that is processed

You have a right to request that some or all of your data be deleted

Please make any requests in writing to tim@timbuckleycounselling.com. All or part of your request may be refused if there are reasonable grounds to do so; for example, if fulfilling your request would impact on the privacy of others, had the potential to cause harm to you or another person, or where information has been provided by others in confidence. All requests related to your personal information will be actioned within 30 days.

You may withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide a service to you, or in relation to the website and related technologies, to withdraw your consent may we require you to leave the website - to withdraw your consent for necessary cookies and local storage for example.

 

Children’s Data

Tim Buckley Counselling does not knowingly collect any personally identifiable information from children or young people under the age of 16. If you think that your child provided this kind of information on our website, we encourage you to contact us and we will do our best to promptly remove such information from our records. The service does not see children under 16 years for therapy unless it is part of family counselling, in which case where practical, all child’s parents or legal guardians will be required to provide consent. Where a person between 16–18 wishes to engage in individual therapy, this will be considered on a case-by-case basis. If deemed appropriate, the consent of a parent or legal guardian will be required to proceed.

 

What personal information we collect and why

The general purpose of all personal information collected is to provide visitors to the website and our clients with a high quality experience and service. The purposes for which we collect personal information and specifics about the type of information we collect for that purpose are listed below:

Site Functioning

This website is hosted by Squarespace. Squarespace collects information when you visit this website, to serve the website to visitors and improve its platform and services. This information includes:

Information about your browser, network and device

Web pages you visited prior to coming to this website

Web pages you view while on this website

Your IP address

 

Site Analytics and Performance

Similar information is also collected and used to power website analytics. This information may also include details about your use of this website, including:

Clicks

Internal links

Pages visited

Scrolling

Searches

Timestamps

We share this information with Squarespace and Google, our website analytics providers. This helps us to understand how the website is used, to learn about site traffic and activity, so that we can make it work better.

 

 Enquiries (Web Form)

When you submit an enquiry to this website via web form, we collect the data provided in the web form in order to track and respond to your submissions. We store this information with Squarespace, our web hosting provider. The information is also sent to Protonmail, our secure email service provider, where it is also stored, and from where we respond to your enquiry.

 

Online Booking

When you schedule an appointment by booking on this website, we collect personal information from you to complete the booking. We may collect information like your name, date of birth, email address, phone number, and marketing preferences.

This information is collected and stored by our secure third party client management system operated by Cliniko. Cliniko’s system will then send you an automated booking confirmation email, with links to online forms which we ask you to complete before your first appointment. These forms collect important information from you to assess if Tim Buckley Counselling is a suitable service for your needs, and in order to provide that service to you. This information can include your name, gender, date of birth, country of birth, addresses, telephone numbers, email addresses, race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, information about your health, family, legal and criminal issues, and emergency contacts, some of which is special category data under GDPR. The information you record in these forms are encrypted both in transit and when stored.

 

Phone bookings and enquiries

The service uses a UK-based reception services company called Best Reception to manage phone bookings and enquiries on the number shown on the website. Best Reception is subject to GDPR; any affiliated third parties (e.g. IT, other support services) are also subject to GDPR. Best Reception uses Cliniko to manage appointments with your counsellor when you call. Best Reception staff only have access to part of your information on Cliniko, as needed to manage appointments (i.e., your name, DOB, contact details, appointment information) and any details you choose to share with them in order to relay to your counsellor when you call. Best Reception staff do not have access to the clinical information you provide in registration forms,, assessment forms, or recorded in treatment notes.

 

Payment

We request your payment details if you opt to ‘Pay now by card’ when booking an online appointment. The website uses Stripe payment processing services through our third party client management and online booking system operated by Cliniko. All transactions are fully encrypted directly between the website and Stripe. Cliniko or Squarespace never receive any client payment information.

 

Virtual appointments

If you book a virtual or online appointment, this takes place through Cliniko's secure videocall platform. While the Cliniko videocall platform is 'peer to peer encrypted', the highest standards of security available for videocalls, it is important to be aware there are always security risks when using technology and the internet. If for any reason you would like to record sessions, please ask your counsellor first. Recording sessions without consent or knowledge would represent a breach of the counsellor-client relationship.

 

Sharing of information

In certain circumstances, to support service delivery or protect the legitimate interests of the service, it may be required to share your personal information with other professional parties (e.g., clinical supervisor, accountant, solicitor). Information shared in these circumstances is considered confidential and would be required to abide by the standards outlined by the respective professional bodies of each profession.

Other than the information that is shared with third parties to support service delivery, the service may share information you provide, without your consent, in specific situations. Where possible, unless there are compelling reasons not to, the service will discuss with you first. These situations are:

Any information received that leads to knowledge, belief, or reasonable suspicion of harm or risk of harm to a child

Any situation in which you may harm yourself, or are causing serious harm, or intend to cause serious harm to others

Where your file is subpoenaed by a court of law

While it can be beneficial for your counsellor to discuss and coordinate treatment with your other healthcare providers, supports and other stakeholders, please know that apart from the circumstances described above, the service will only share information with another party if you as the client give clear written consent to do so.

 

Data transferred outside of the EU

As already outlined, to provide a high quality experience and service to site visitors and clients, Tim Buckley Counselling uses third party service providers. Under GDPR these third parties are considered Data Processors of your personal information. GDPR requires certain conditions to be met and safeguards to be in place when your personal information is being transferred outside of the EEA/UK/Switzerland. Following is a list of third party Data Processors based outside of the EU, with information about where they store your personal information and how they keep it secure. All third parties used are in compliance with GDPR and are committed to handling personal data in a secure and privacy-first way. All have appropriate safeguards and mechanisms in place for transferring personal data to ‘third countries’ outside of EEA, UK and Switzerland, in ways that satisfy Articles 45-50 of GDPR. Where practical, the service uses 2-factor authentication when accessing information on third party applications:

Best Reception (reception service) is a UK company. Best Reception stores a log of communications it has with the service, including callers’ personal data, on a password-protected, encrypted database in the UK. Best Reception sends messages to the service by email with TLS encryption.

Cliniko (client management system & online booking system) is an Australian company. Its servers where client personal data is securely stored and encrypted are located in Australia. All data sent by Cliniko is encrypted using HTTPS (end-to-end encryption). Cliniko uses a 2048-bit SSL certification for encryption in transit. All data is also encrypted at rest and backed up daily, using the industry-standard AES-256 encryption algorithm.

Google Analytics (analytics service provider) operates data centres globally, including in the United States. Before data is transferred to any servers in the United States, it is collected in local servers, where users’ IP addresses are anonymized. Google Analytics does not log or store individual IP addresses, and does not collect personally identifiable information such as names, email addresses, physical addresses etc.

Protonmail (email service) stores personal information collected in servers in Switzerland. All data held by Protonmail is encrypted at rest and when in transit.

Squarespace (website host stores collected personal information it receives on servers in the Unites States. Squarespace uses TLS data encryption to encrypt data in-transit between website end users and customer domains. Squarespace offers HSTS (HTTP Strict Transport Security) which only allows Squarespace customer websites to be accessed via HTTPS.

Stripe (payment processor), may transfer your personal data to countries other than your own country, including to the United States, depending on where you do business, where Stripe’s service providers do business, or the countries where your international payment method or financial partner service operates. Stripe relies on a number of data transfer mechanisms to legalise the transfer of personal data around the globe, including in and out of the EEA. By default, Stripe encrypts data at rest and data in transit.

 

Privacy Information for Third Party Service Providers

Information on the privacy policies of third party data processors who are mentioned in this Privacy Notice can be found through the links below:

https://www.bestreception.co.uk/privacy-notice/

https://www.cliniko.com/policies/privacy/

https://policies.google.com/privacy

https://policies.google.com/technologies/partner-sites

https://proton.me/mail/privacy-policy

https://www.squarespace.com/privacy

https://www.squarespace.com/data-privacy

https://www.squarespace.com/security

https://www.squarespace.com/measures

https://stripe.com/privacy

 

Use of Cookies

We use cookies to improve your browsing experience on our website and ensure the proper functioning of our website. By using our website, you consent to the use of cookies in accordance with this Privacy Notice. You can however opt out of analytics and performance cookies. A cookie is a small text file that a site saves locally to your web browser. Cookies take virtually no space on or slow down your browser. You can think of cookies and local storage as 'memory' for a website. Websites use cookies and local storage to help do things like recognise if a visitor has visited before, show preferences already established, keep track of progress made completing an activity on a site so the visitor doesn’t need to start from scratch when returning to a site, and keep track of how visitors are using the site, so as to make improvements.

Necessary Cookies: some cookies are necessary for the website to work properly and securely. Required cookies do things like prevent malicious attacks on the website. Functionality cookies are used to remember user preferences so that the website can be customised for them.  For example, they may remember choices you make, such as your username, language, or the region you are in.

Optional Cookies: the website also uses analytics and performance cookies. These cookies gather information about how visitors use the website, such as which pages are visited most often, and unique visitors number count. These cookies don’t collect information that identifies a visitor. All the information that these cookies collect is aggregated and therefore anonymous. You can disable analytics and performance cookies at any time. To opt out of your information being collected and used for analytics you can:

Decline the use of cookies on the cookie banner that pops up when you open the website. This does not disable required cookies necessary for the website to function, but prevents optional analytics cookies from loading

Manually adjust cookie permissions in your browser settings

Go to https://tools.google.com/dlpage/gaoptout and download and install the add-on for your web browser to prevent your data from being used across the web, and on this site, by Google Analytics specifically

A full list of cookies that may be used when you visit the website can be found through our Cookies page. The page also has information about how long data is retained through the use of each cookie.

Targeting or advertising cookies, used to target advertisements to the interests of users, or build profiles of site visitors for marketing purposes, are not used on the website.

 

Data breaches

Despite every effort being made to ensure your information is managed in a confidential and secure manner, when dealing with technology and human error, the risk of a data breach can never be completely removed. Where the service is aware a data breach has led to your information being shared with an unauthorised party, relevant authorities will be advised, you will be informed, and the service will work with you to minimise any possible adverse outcomes as a result of the breach.

Data retention

If you are not a client of the service, we only keep your personal information as long as is reasonable and necessary for the relevant activity for which it was provided. However, client records are kept for longer periods in line with currently health industry standards. Client files will be retained for a period of 8 years after the last date of service delivery. In addition, records for children and young people will be retained until the client is 25 (or 26 if they are 17 when therapy sessions end). Deceased client files will also be held for 8 years after death. Notes related to any litigation or to the death of a client by suicide while engaged with the service will be kept for 10 years. Financial records are kept for a minimum of 6 years.

 

Data destruction

Within a 6-month period of the retention period expiring, files will be disposed of in a secure and confidential manner. For client files only, a register of records destroyed will be maintained as proof that destroyed records no longer exist. This record will have: a client reference number, family name, first name, date of birth, name of the file, former location of file, date of destruction, and who authorised.

 

Questions or complaints

Tim Buckley is the point of contact for questions or complaints about personal information managed by Tim Buckley Counselling. If you have any questions or complaints about this Privacy Notice or the way your personal information is handled, please contact tim@timbuckleycounselling.com.

If you have an issue with how the service is processing your personal data, you have the right to raise this with the Data Protection Commission at any time by contacting them any of the following methods:

Website: https://www.dataprotection.ie/en/contact/how-contact-us

Address: Data Protection Commission, 21 Fitzwilliam Square South, Dublin 2, Ireland.

Telephone: +353 (0)57 8684800 / +353 (0)761 104800

Email: info@dataprotection.ie

 

Privacy Notice Updates

This Privacy Notice may be updated from time to time. The most up-to-date version will always be located here at https://www.timbuckleycounselling.com/privacy. When updated, this will be notified on the website. If you are a visitor to the website, to stay up to date with changes to how we collect and manage your personal information, we encourage you to read any new versions of this Privacy Notice as they appear.