Privacy Policy

1. What information will we use?

The Manor House Centre for Psychotherapy and Counselling (MHCPC) will collect and use any information about you that you provide. This information includes information following any enquiry or registration for either the training programme, counselling service or an event. All personal information provided will be treated as private and confidential.

We promise we will never share your details with anyone else.

2. How will your information be used?

The MHCPC will use the information you provide solely for the purposes of the service being delivered. You may choose not to provide the requested information but this may prevent you from accessing the appropriate service.

3. When we can use your information

We collect and use your information in the following situations:

  • where our use of your information is necessary for us to perform the service being provided to you.
  • where we believe it is necessary to use your information to comply with a legal obligation to which we are subject
  • we will rely on your consent to use your information for marketing to you by email

Where we rely on consent to use your information, you have the right to withdraw that consent at any time. You may do so by contacting the MHCPC directly via email: admin@manorhousecentre.org.uk or by phone: 020 8371 0180.

4. The period for which we will keep your information

We will keep your information for as long as is necessary for us to fulfil the purposes that we describe in this policy. As a general rule, however, we will keep:

  • the information you provide when you register with the MHCPC, together with any updates you make to that information, for the duration of your term of study with the training programme; or for the purposes of the Counselling Referral service,
  • for the duration of 7 years in keeping with the Record Keeping Guidelines detailed in the British Association for Counselling and Psychotherapy (BACP) Ethical Framework for the Counselling Professions

5. Who will we share your information with?

The MHCPC will not sell, rent, trade or give away any users personal information or e-mail lists to third parties. We may share your information when required and only with your original hand-signed consent with:

  • any law enforcement agency, court, regulator, government authority or other third party where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party 

6. Your choices and rights

You have a number of rights in relation to your information, and can make a number of choices about how we collect and use it. For example, you can decide not to receive marketing material from us. Note that some of the choices or changes you make may impact our ability to inform you of significant updates or forthcoming events.

You can contact us using the details below to:

  • request access to your information
  • ask that we update, complete or correct your information
  • ask that we erase or restrict our use of your information
  • request that we provide your information to you in a commonly used electronic format and to have that information transmitted directly to another organisation (this is known as the right to ‘data portabililty’)
  • object to MHCPC using your information

 

If you are concerned about how your information is used, please contact us at

The Manor House Centre for Psychotherapy and Counselling, 80 East End Road London, N3 2SY

020 8371 0180

admin@manorhousecentre.org.uk

Alternatively you have a right to complain about our use of your information to the Information Commissioner’s Office.

7. Who we are

We are The Manor House Centre for Psychotherapy and Counselling (MHCPC), a company registered in England under number 06845305. The MHCPC is a registered charity. Registered charity number: 1131804. Our registered office is at 80 East End Road, London, N3 2SY. We are the Data Controller.

 

Website Privacy Policy

 1. Which forms do we use to collect data on our site?

We use the following forms:

• Contact us

• Initial Assessment

• Checkout form

• Register / login form for Students and Counsellors

2. What data are we collecting in these forms?

• Data collected in Contact us form

• Name (first and last)

• Email

• Enquiry

• Contact by email – Yes / No

• Sign up for mailing list – Yes/No

• Data collected in Initial Assessment Form

• Name

• Email

• Phone number

• Enquiry

• Contact by email – Yes/No

• Data collected in Checkout Form

• Name (first and last)

• Company (optional)

• Address

• Phone

• Email

• Register / login form for students and counsellors

• This form asks the user to provide a username and a password. This is in order that students/counsellors will be able to log in to designated areas of the website.

3. Why are we collecting this data?

• Contact form – Data is collected to be able to reply to customers’ queries.

• Initial assessment – Data is collected to be able to contact clients to discuss their initial assessment.

• Checkout form – Data is collected to be able to verify payment options and to be able to confirm purchased items.

• Register / login form for students and counsellors – Username and password are stored in the site but are not used by MHCPC. They exist only to enable students and counsellors to log into the designated areas. MHCPC has no access to the passwords set for these accounts.

4. Is this data relevant?

Only relevant data is collected.

5. How will we use this data?

The data collected will not be used for marketing purposes.

It will only be used as described in point 3. Why are we collecting this data.

6. How will this data be stored?

All data gathered through the website will be stored as follows:

• In the website back-end. The website is stored on a shared server at Easyspace. (https://www.easyspace.com)

• All data gathered through the website is backed up on a daily basis using the

SafeNsound service. (www.safensound.ie.) Back-ups are kept on AWS (Amazon Web Services) servers. These servers are located in Dublin (Ireland).

7. Do we have adequate consent to collect, use and store this data?

• The ‘Contact Us form’ and the initial assessment form both have checkboxes asking for explicit consent to use the provided email and phone number for further communication.

• The checkout form only collects the data that is needed to complete the purchase of the items offered. The email and phone number provided will only be used if direct communication about the purchase is required. This is stated on the checkout page.

8. How can a customer change/delete this data?

• Student and counsellor login/registration

On logging in, the student/counsellor can delete their account. This will remove their username and password from the system.

• Data gathered through the contact us, initial assessment and checkout forms. You can contact us using the details below to:

  • request access to your information
  • ask that we update, complete or correct your information
  • ask that we erase or restrict our use of your information
  • request that we provide your information to you in a commonly used electronic format and to have that information transmitted directly to another organisation (this is known as the right to ‘data portabililty’)
  • object to MHCPC using your information

If you are concerned about how your information is used, please contact us at

The Manor House Centre for Psychotherapy and Counselling, 80 East End Road London, N3 2SY

020 8371 0180

admin@manorhousecentre.org.uk

9. In case data needs changing, how long will this take.

• Student and counsellor login/registration

Data is deleted out of the website immediately on pressing the delete button.

Backups are kept 90 days. Therefore the data will be also deleted out of the backups after 91 days.

• Data gathered through other forms will be deleted within 30 days

10. Where is the data stored?

All data gathered through the website will be stored in the website back-end. The website is stored on a shared server at Easyspace. (https://www.easyspace.com)

11. Do we keep backups of data? Where are they stored?

All data gathered through the website is backed up on a daily basis using the SafeNsound service. (www.safensound.ie.) Backups are kept on AWS (Amazon Web Services) servers. These servers are located in Dublin (Ireland).

12. Where else do we store data?

Data is stored on a secure Dropbox account that only MHCPC staff have access to. This data can also be deleted as described in points 8 and 9.

13. Who can access the data in the website?

Any persons that are the administrator of the website can access the data.

14. Who can access the backups?

Backups can be accessed by employees of BeMoore Web Services ltd through the SafeNsound service or by MHCPC employees on request.

15. Can data be erased from the backups?

Data cannot be erased from the backups.

16. How long are backups kept?

Backups are taken twice daily and are kept for 90 days. Therefore any data contained in the backups will be automatically erased after 91 days.

17. How is the website protected from hacking and data breaches?

Security is provided by SafeNsound – www.safensound.ie

• Plugins, themes and files are updated on a daily basis.

• Security patches are applied as soon as they become available

• Strong password enforcement

• Daily scanning for vulnerabilities and security risks

• Comment and spam management

• Secure daily backups

• Secure user management

• Easyspace hosting service also provide security measures.

18. Who has access to the security settings on my site?

Any persons that are an administrator of the website can access the security settings.

19. Does our hosting provider have security measures in place to safeguard our data?

Secure web hosting is a standard feature of all Easyspace hosting packages.

20. Does our backup provider have security measures in place to safeguard our data?

Backups are kept on a secure AWS server. Security is in place.

21. What procedure do we have in place in the event of a data breach?

In the case of a personal data breach, the MHCPC shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

22. Who is most likely to find that data has been breached?

Breaches are most likely to be discovered by the SafeNsound service. Breaches can possibly also be discovered by customers who might be contacted through spam/unsolicited emails.

23. How will this person inform the relevant people in the organisation?

In the event of a breach being discovered by a SafeNsound employee, this employee will notify MHCPC by email within 24 hours. If no reply is received, the SafeNsound employee will contact MHCPC by phone.

Alex Moss / manager@manorhousecentre.org.uk / 020 8371 0180

24. Who will determine if the data breach needs to be reported to the Data Protection Commissioner (DPC)? Who is responsible for doing so?

The MHCPC Board of Management

25. Who is responsible for contacting those who have been affected by the data breach?

The MHCPC Board of Management

26. After a hack or data breach how will we review all security measures and update these where appropriate?

Any revision in security measures will be done by the SafeNsound team and discussed with MHCPC.

`
logo
MENU