Privacy & Cookies Policy

Up to date as of September 2022.

Let me share how I treat data collected, both here on my website and in the normal course of working with you.

In summary, data requested and stored includes your name and contact information, phone number, email address, GP details or sometimes an emergency contact. I request you only provide a phone number and email address they have exclusive access to, to preserve the confidentiality of communications between us.

Information, along with any pre or post-work agreements, questionnaires, materials, documents or emails are securely stored on my personal computer and an ISO certified secure cloud server. I have secure access to stored data via my mobile devices and have put in place appropriate security measures to prevent your personal data from being accidentally lost, accessed, altered, disclosed, or used in an unauthorised way. All data is stored with device, folder and file password protection including 2-factor authorisation for added security. I only use service providers that have achieved ISO standards for data protection, encryption and safe storage of information including ISO27001 and ISO27018.

All sensitive data, notes or records of client work is anonymised for protection of identity and varies depending on the nature of the service.

  • For counselling and large portions or my personal consultancy work I do not take written notes during sessions. For these sessions I record the date, time and general themes discussed for my reference and confirmation purposes only.

  • Some of my Personal Consultancy work, particularly when focused on cognitive or behaviour change, such as with the use of cognitive or solution focused therapy, therapeutic coaching or general coaching work may involve use of other materials or documents.

  • For work with businesses, I may request some additional information for the purposes of establishing a client file and requesting or receiving payment for services.

Please be aware, for the avoidance of doubt, I only accept responsibility for the data I collect and store. It is the client’s responsibility to safely store, delete or destroy any materials provided and held by them, such as emails or any documents in soft or hard copy.

For a more detailed understanding of how I process date, please read my Privacy & Cookies Policy.

Should you have any questions or further explanation, or clarification would be helpful, please email me at ross@rossodaly.com.

Warmest regards,

Ross.

Privacy & Cookies Policy:

Please read this privacy & cookies policy for details of how your personal data is collected and processed by your use of this website, plus any information you may provide via contact forms, questionnaires, email, text, post or in the course of working directly with me. In providing data, you also confirm you are over 18 years of age.

1. General Information

I am the data controller for Ross O’Daly - Personal Consultant, registered with the Information Commissioner’s Office (ICO) under reference ZB086314 and responsible for your personal data.

My contact details for any matter relating to your data are:

If you are not satisfied with any aspect of how you data is collected and processed please contact me directly by email to ross@rossodaly.com, whereby I will endeavour to resolve your concerns. Should these remain unresolved you have the right to contact the ICO directly, information is available at: https://ico.org.uk/global/contact-us/.

I aim to ensure information held about you is accurate and up to date. To this end, please confirm any changes in your details by emailing ross@rossodaly.com.

2. Personal data

This is information that could result in an individual being identified. This does not include anonymised data, as referred to below. The types of personal data I might process include:

  • identity - name, date of birth, gender;

  • contact - email(s), postal address(es), phone number(s);

  • profile - website related username, survey responses or feedback;

  • general communications - your preferences for general communications from me;

  • marketing communications - your preferences for marketing communications from me;

  • financial information - evidence of income (for low-cost validation), including payslip(s) or P60. I do not collect or store any bank account or payment card details.

3. Anonymised and Sensitive data

All sensitive data is anonymised and as such, not considered personal data. This is information that is could not result in an individual being identified. The types of anonymised or sensitive data I might process include:

  • background - a brief history of therapy and presenting issues or challenges a client is seeking to address, which might include details of family structure, occupation, relationship, financial or health status;

  • relevant details around mental or physical health, medical conditions and any prescribed medication(s);

  • client context, such as identity, religious, political, or philosophical views;

  • other technical data - computer coded information about how services are accessed and used.

4. How I collect data

I collect data about you through a variety of different methods including:

  • Direct - registration forms, surveys, subscriber preferences or communications online, via phone, text message, email, post or otherwise directly with me;

  • Automated - this website is hosted by Squarespace and collects data to power site analytics, including information about browsers, networks, and devices, web pages visited prior to coming to this website or IP address, and may include information about use of this website, including clicks, internal links, pages visited, scrolling, searches or timestamps. Squarespace requires this data to run the website, and to protect and improve its platform and services. This data is processed in an anonymised way;

  • Cookies - this website uses cookies and similar technologies, which are small files or pieces of text that download to a device when a visitor accesses a website or app. For information about viewing these cookies, visit the cookies Squarespace uses;

    • These functional and required cookies are always used, which allow Squarespace, the hosting platform, to securely serve this website to you;

    • These analytics and performance cookies are used on this website, only when you acknowledge the cookie banner. This website uses analytics and performance cookies to view site traffic, activity, and other data;

    • You can use browser settings to control where you reject or accept cookies, or to alert you when websites set or access cookies. If you disable or reject cookies some website functions may be inaccessible or not function normally.

  • Third party providers or publicly available sources - where information from analytics or online service providers or social networks is available, which can be based inside or outside the UK and EU.

5. When your data is processed outside the UK

Where any data is processed outside the UK, such as cloud storage, I ensure providers are ISO certified for data protection, encryption and safe storage of data including ISO27001 and ISO27018.

6. How I use and the purpose for processing data

Data gathered is only used for the purposes it was collected, where legally permitted and while legitimate interest continues to exist, such as:

  • for the performance of any agreement to provide service(s);

  • to comply with legal or regulatory obligation(s);

  • to provide marketing communications - where requested and remains opted in;

    • I will not share personal data with any third party for marketing purposes;

    • you can opt out of any marketing communications by using the ‘unsubscribe’ option on any marketing message or email or by email at any time to ross@rossodaly.com;

  • opting out of marketing communications, which will cease marketing content being sent but will not apply to communications necessary for the fulfilment of any agreement to provide service or to retention of data required under law and for the periods set out under relevant legislation(s).

7. Where I may extend confidentiality or disclose your data

All client work and any derived data is treated in the strictest of confidence. I will not share your personal information or data with anyone else, or with any other body, other than where required and with reference to the BACP Ethical Framework for the Counselling Professions or applicable legistaltion. The exceptions and only time I may extend confidentiality or disclose personal data are:

  • clinical upervision - as for all registered counsellors and psychotherapists in the UK, I am required to have monthly clinical supervision to support best practice, during which time some client material is discussed, on an anonymous and confidential basis;

  • risk to safety - I may extend confidentiality or share data with your GP, emergency contact or other emergency services, whereby I perceive a risk to you or others. I will endeavour to discuss this with you in advance, but this may not always be possible, such as in an emergency situation or where someone’s safety is at risk;

  • for the purpose of performance of services - I may share some data with my service providers; IT, legal, financial, accounting, insurance, or regulators, HMRC and other authorities based in the United Kingdom, and other relevant jurisdictions who require reporting of processing activities in certain circumstances;

  • where required by order of a court of law - I will only share client notes, which confirm sessions took place on given dates and broad themes or topics discussed. I do not write notes during counselling sessions or keep detailed records of client sessions. In all such circumstances I will endeavour to discuss this with you in advance and where possible.

  • terrorism, money laundering or risk to children or vulnerable adults - if I become aware of any intent to commit an act of terrorism, money laundering or harm to children or vulnerable adults, the law may require that I inform an authority without seeking your permission or knowledge.

8. Derived Data

This is where anonymised data is altered or combined for analysis, such as for how sections of my website or services are being used or for use in research. This type of use is not considered personal data, as it is not possible to identify individual users. Anonymised is no longer considered personal data and may be retained or used indefinitely and without further notice or reference to you.

9. Retaining your data.

I will only retain personal data for as long as necessary to perform on agreed services or to satisfy any legal, accounting, or reporting requirements, such as retention of basic information including contact, financial and transaction data. This will be for a period of seven years and for insurance and tax purposes, after which time I securely erase all personal data. This retention policy does not conflict with your legal rights.

10. Your legal rights.

Your rights are protected and in certain circumstances you may:

  • request access to, correction or deletion of your personal data;

  • object to or request restriction on processing your personal data;

  • request transfer of your personal data;

  • withdraw your consent around personal data.

All your rights are explained in detail at: https://ico.org.uk/.

For any inquires around your personal data please email ross@rossodaly.com, whereby all requests will be handled in accordance with ICO guidelines.

11. Links to other websites or apps.

By clicking any link or accessing other services via my site, whereby you go to a third party, please note I do not control or accept any responsibility for your data once you leave my site. You accept responsibility when accessing third party sites or services and should read and ensure you approve of the respective terms and conditions, privacy, and cookie policies.