GDPR & Privacy Policy

GDPR POLICY

What is the General Data Protection Regulation (GDPR)?


The General Data Protection Regulation (GDPR0 (Regulation (EU) 2016/679) is a regulation of the European Parliament, the Council of the European Union and the European Commission intended to strengthen and unify data protection for all individuals within the European Union (EU) and became law in the UK on 25th May 2018.

Under the General Data Protection Regulation (GDPR), HearSay Charitable Trust is required to publish information about what data we collect, why we need to store it, and your rights under the GDPR legislation.

In these matters we are subject to the rulings of the Information Commissioner Office (ICO), the UK’s independent authority set up to uphold information rights and data privacy for individuals.

Confidentiality
HearSay Charitable Trust always treat, and continues to treat, all data and referrals we receive as strictly confidential. Please see our security and privacy policy page for details.

GDPR Policy
Basis of and scope of data storage:

• HearSay Charitable Trust stores and processes referrals and client information only as agreed by the client or as required in order to perform the counselling services as requested by the client. We regard all details we do store as confidential.
• HearSay Charitable Trust does not engage in any profiling activities.
• HearSay Charitable Trust never shares your data with third parties (e.g. for advertising, marketing, data analysis or similar activities).

How we obtain data:

• Data held by HearSay Charitable Trust will consist solely of information that the client provides us through referrals (e.g. contact details entered on the online referral form or other correspondence), or is determined through direct interaction with our website (e.g. an individual’s IP address).

Data we hold consists of the following:

Contact information:

• Your name, postal address, email address, telephone number (both STD and mobile if applicable) and the reason why, as a client, you are self-referring or have been referred by another professional to HearSay Charitable Trust. We will also hold an emergency contact name and phone number.
• This information is needed so that the Clinical Lead can contact the client when needed, e.g. for an initial telephone assessment, clinical triage to the counsellor who best serves the client’s needs, appointment bookings and cancellations of arranged sessions.

Payment information:
• HearSay Charitable Trust will never ask you to provide your payee name, billing contact details, card type (e.g. Amex, Visa, Master card), or the last 4 digits of payment card.
• Payment for each session will be recorded by the amount paid, the date and time in order for HearSay Charitable Trust to remunerate the Counsellor for their time.
• Clients will receive a receipt for payments made towards a booked session with a counsellor at the time of payment. The client’s name only should appear on the receipt, along with confirmation of the sum paid to the counsellor.
• These data are kept purely to allow cross-checking in the event of accounting imbalance, client payment enquiries or investigation by tax authorities (i.e. mandatory accounting requirements).

Retention policy:
• HearSay Charitable Trust retains personal data that a client has supplied for as long as they are a client with active sessions with a counsellor, and for as long as the Trust is legally required to do so (e.g. by tax and accounting regulations).
• Where data may exist on back-ups, these data are deleted when the client is no longer actively engaged in the counselling process.
• General referrals via web-form, email or post shall be deleted after a short period of time or once the client ceases to be actively engaged with a counsellor. Hard copies of emails or correspondences shall be deleted after 2 years.

Your Rights
Right of access and rectification:
• If you are a client and have need to check any information HearSay Charitable Trust holds about you, or need to correct inaccurate information, please contact our office in writing.
• For security reasons we will need to ensure that you are the named person (and may ask you to provide proof of your identity) before any information can be released.

Right to erasure:
• If as a client you decide you no longer need the counselling service offered by HearSay Charitable Trust and want the data we hold to be deleted, you may cancel at any time and we will remove your data once we are legally able to do so. (Note: for financial records, there is a minimum retention period of 6 years specified under Paragraph 6, Schedule 11 of VAT Act 1994 and HMRC Notice 700/21 (December 2007), point 2.4.).
• If you are not a client, but have contacted us via email/letter, and want any emails or letters, or form-submission referrals you have made erased, please contact us in writing at our office and we will be happy to arrange that.
• Please note: for security reasons you must contact us from the address you want removed and we may ask you to prove your identity (i.e. you cannot delete someone else’s data without their consent).
• Should you take no action, the data will be deleted automatically in due course as part of our good practice procedure.
Complaints, corrections or objections
• If you as a client of HearSay Charitable Trust have any questions or concerns about information held about you, or if you need to correct inaccurate information, please contact our office in writing at 12 Mill Street, Maidstone, KENT, ME15 6XT.

Martin Knapp
Chair to the Trustees

HearSay Charitable Trust. Registered Charity Number 1102942

Privacy & Cookies Policy

Introduction
1.1 HearSay Charitable Trust is committed to safeguarding the privacy of our website visitors; in this policy we explain how we will treat your personal information.

1.2 We will ask you to consent to our use of cookies in accordance with the terms of this policy when you first visit our website.
Collecting personal information

2.1 HearSay Charitable Trust may collect, store and use the following kinds of personal information:

(a) information about your computer and about your visits to and use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths);
(b) information contained in or relating to any communication that you send to us or send through our website (including the communication content and metadata associated with the communication);
(c) any other personal information that you choose to send to us.

2.2 Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy.
Using personal information

3.1 Personal information submitted to us through our website will be used for the purposes specified in this policy or on the relevant pages of the website.

3.2 HearSay Charitable Trust may use your personal information to:
(a) administer our website and charitable trust;
(b) provide third parties with statistical information about our users (please note these third parties will not be able to identify any individual user from that information);
(c) deal with enquiries and complaints made by or about you relating to our website;
(d) keep our website secure and prevent fraud;
(e) verify compliance with the terms and conditions governing the use of our website.

3.3 If you submit personal information for publication on our website, we will publish and otherwise use that information in accordance with the licence you grant to HearSay Charitable Trust.

3.4 HearSay Charitable Trust will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party’s direct marketing.

Disclosing personal information
4.1 We may disclose your personal information;
(a) to the extent that we are required to do so by law;
(b) in connection with any ongoing or prospective legal proceedings;
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention);
(d) to any person wo we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.

4.2. Except as provided in this policy, we will not provide your personal information to third parties.

4.3. Personal information that you publish on our website or submit for publication on our website may be available, via the internet, around the world. HearSay Charitable Trust cannot prevent the use or misuse of such information by others.

4.4 You expressly agree to the transfers of personal information described in this Section 4.

Retaining personal information
5.1 This section 5 sets out our data retention policies and procedure, which are designed to help ensure that HearSay Charitable Trust complies with our legal obligations in relation to the retention and deletion of personal information.

5.2 Personal information that we process for any purpose or purposes shall not be kept longer than is necessary for that purpose or those purposes.

5.3 Notwithstanding the other provisions of this Section 5, we will retain documents (including electronic documents) containing personal data;
(a) to the extent that we are required to do so by law;
(b) if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention, safeguarding a vulnerable individual or child).

Security of personal information
6.1 HearSay Charitable Trust will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

6.2 HearSay Charitable Trust will store all the personal information you provide on a secure (password- and firewall-protected) server.

6.3 You acknowledge that the transmission of that information over the internet is inherently insecure, and HearSay Charitable trust cannot guarantee the security of data sent over the internet.

Amendments
7.1 HearSay Charitable Trust may update this policy from time to time by publishing a new version on our website.

7.2 Clients, website users, trustees, volunteers and third party agencies that HearSay may have interaction with should check this page occasionally to ensure they are happy with any changes to this policy.

Your Rights
8.1 You may instruct us to provide you with any personal information that HearSay Charitable Trust hold about you; provision of such information will be subject to:
(a) The payment of an administration fee of £10.00; and
(b) The supply of appropriate evidence of your identity (for this purpose, we will usually accept a photocopy of your passport certified by a solicitor or bank plus and original copy of a utility bill showing your current address). The utility bill must not be more than 3 months old.

8.2 HearSay Charitable Trust may withhold personal information that your request to the extent permitted by law.

Updating Information
9.1 Please inform HearSay Charitable Trust if the personal information that we hold about you needs to be corrected or updated.

About Cookies
10.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

10.2 Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

10.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

10.4 Cookies can be used by web servers to identify and track users as they navigate different pages on a website and identify users returning to a website.

Analytics cookies
11.1 HearSay Charitable Trust will use Google Analytics to analyse the use of our website.

11.2 Our analytics service provider generates statistical and other information about website use by means of cookies.

11.3 The analytics cookies used by our website have the following names:
_ga, _gat, _utma, _utmt, _utmb, _utmc, _utmz and utmv.

11.4 The information generated relating to our website is used to create reports generated by Google Analytics about the use of our website.

11.5 Our analytics service provider’s privacy policy is available at: http://www.google.com/policies/privacy/.

Blocking cookies
12.1 Most browsers allow users to refuse to accept cookies; for example:
(a) in Internet Explorer (version 11) you can block cookies using the cookie handling override setting available by clicking “Tools”, “Internet Options”, “Privacy” and then “Advanced”;
(b) in Firefox (version 39) you can block all cookies by clicking “Tools”, “Options”, “Privacy”, selecting “Use custom settings for history” from the drop-down menu, and unticking “Accept cookies from sites”, and
(c) in Chrome (Version 44), you can block all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “Content settings”, and then selecting “Block sites from setting any data” under the “cookies” heading.

12.2 Blocking all cookies will have a negative impact upon the suitability of many websites.

12.3 If you block cookies, you will not be able to use all the feature on our website.

Deleting cookies
13.1 You can delete cookies already stored on your computer; for example:
(a) in Internet Explorer (version 11), you must manually delete cookie files (you can find instructions for doing so at:
http://windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies#ie=ie-11);
(b) in Firefox (version 39), you can delete cookies by clicking “Tools”, “Options” and “Privacy”, then selecting “Use custom settings for history” from the drop-down menu, clicking “Show cookies” and then clicking “Remove all cookies”; and
(c) in Chrome (version 44), you can delete all cookies by accessing the “Customise and control” menu, and clicking “Settings”, “Show advanced settings” and “ Clear browsing data”, and then selecting “Cookies and other site plug-in data” before clicking “Clear browsing data”.

13.2 Deleting cookies will have a negative impact on the usability of many websites.

Our details
14.1 This website is owned and operated by HearSay Charitable Trust.
14.2 HearSay Charitable Trust is a registered charity (number 1102942) and our registered office with the Charity Commission is: 12 Mill Street, Maidstone, Kent, ME15 6XT.
14.3 Our principal place of business is: 12 Mill Street, Maidstone, Kent, ME15 6XT.
14.4 You may contact us by writing to the address given above.

© Copyright HearSay Trust, Charity number 1102942