This is the privacy notice of Lucy Hyde. In this notice, “I”, “me”, “my”, or “mine” refer to Lucy Hyde.
I am registered as the Data Controller for my business, with the Information Commissioner’s Office (ICO), registration number ZA306694.
You can contact me at .
The type of personal information I collect
I currently collect and process the following information:
- Personal identifiers, contacts and characteristics (for example, name and contact details)
- Age, medical and health information
- Other personal information such as sexuality, relationship status, domestic and financial arrangements, where relevant to our therapeutic work
How I get the personal information and why I have it
Most of the personal information I process is provided to me directly by you for one of the following reasons:
- To enable me to contact you for the purposes of providing a service to you, or in the event of an emergency
- In the process of our work together, to facilitate and support the therapeutic process agreed to in our counselling contract
I also receive personal information indirectly, from the following sources in the following scenarios:
- WordPress (my website hosting service) if you access my website; information such as your geographical location, your internet service provider and your IP address, may be recorded and be used in aggregate to assess website performance
- Mailchimp, if you subscribe to the mailing list on my website
I use the information you have given me in order to:
- Ensure, through accurate record-keeping, that my service meets the ethical standards and codes of practice required by my professional registration bodies and by my insurer
- Send out information to you if you have subscribed to the mailing list on my website
- Monitor the effectiveness of my marketing
I may share this information with:
- My professional supervisor: I am required by my professional registration bodies to engage in counselling supervision monthly
- Your emergency contact in the event of an emergency
- Police and/or health professionals, if I believe this is required in the services of your safety, my safety, or the safety of someone else
- Policy and/or legal authorities, if you reveal intent to harm others, reveal information regarding potential or actual terrorism, or reveal information in connection with child protection concerns
- Legal authorities, if required to comply with instructions of a court of law
- My professional registration body and insurers, in the event of your making a complaint against me
- My professional executor, in the event of my death or incapacity
Lawful bases for processing your information
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases I rely on for processing this information are:
1. Your consent. You are able to remove your consent at any time. You can do this by contacting me via email at .
2. I have a contractual obligation.
3. I have a legal obligation.
4. I have a legitimate interest.
Financial payment information
Your debit or credit card number and other payment information is never taken by me or transferred to me either through my website or otherwise.
If you pay me by bank transfer, you may be identifiable by name in my bank account and statements.
How I store your personal information
Your information is securely stored as follows:
- I use third-party software to store client records in the cloud; this is where the majority of information you have provided to me is kept, including contact details, emergency contact, case notes, information from sessions and signed agreements.
- I may keep your email address in video-conferencing / messaging software and in my email account; these are cloud-based.
- I keep your phone number and emergency contact in my mobile phone identified by initials only; my phone data is backed up to the cloud.
I keep client records and information for 5 years. Any financial information I hold may be kept for up to 7 years. I will then dispose of your information by deleting records, or requesting deletion of records by the third-party software provider.
Your data protection rights
Under data protection law, you have rights, including:
Your right of access – You have the right to ask me for copies of your personal information.
Your right to rectification – You have the right to ask me to rectify personal information you think is inaccurate. You also have the right to ask me to complete information you think is incomplete.
Your right to erasure – You have the right to ask me to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask me to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that I transfer the personal information you gave me to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, I have one month to respond to you. Please contact me by email at if you wish to make a request.
How to complain
If you have any concerns about my use of your personal information, you can make a complaint to me by email at .
You can also complain to the ICO if you are unhappy with how I have used your data.
Information Commissioner’s Office
Helpline number: 0303 123 1113