top of page

Insight Youth privacy statement...

Introduction
 

Your privacy is very important to us, and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to us.  We adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.  This privacy notice tells you what we will do with your personal information from initial point of contact through to after any potential therapy has ended, including:

• Why we are able to process your information and what purpose we are processing it for

• Whether you have to provide it to me

• How long we store it for

• Whether there are other recipients of your personal information

• Whether we intend to transfer it to another country,

• Whether we do automated decision-making or profiling, and

• Your data protection rights.

We are happy to chat through any questions you might have about our data protection policy and you can contact us at enquiries@insightyouth.org. ‘Data controller’ is the term used to describe the person/organisation that collects stores and has responsibility for people’s personal data.  In this instance, the data controller is Cheviot Youth.  We are registered with the Information Commissioner’s Office reg. no. ZB607756.  We are a division of Scottish charity Cheviot Youth, charity number SC034865.  Our registered postal address is Cheviot Youth, Abbotseat Road, Kelso. TD5 7SL

 

Our lawful basis for holding and using your personal information

The GDPR states that we must have a lawful basis for processing your personal data.  There are different lawful bases depending on the stage at which we are processing your data.  We have explained these below: If you have had therapy with us and it has now ended, we will use legitimate interest as my lawful basis for holding and using your personal information.  If you are currently having therapy or if you are in contact with us to consider therapy, we will process your personal data where it is necessary for the performance of our contract.  The GDPR also makes sure that we look after any sensitive personal information that you may disclose to us appropriately.  This type of information is called ‘special category personal information’.  The lawful basis for us processing any special categories of personal information is that it is for provision of health treatment (in this case counselling or therapy) and necessary for a contract with a health professional.

 

How we use your information

Initial contact

When you contact us with an enquiry about our counselling and therapy services or to make a referral, we will collect information to help us satisfy your enquiry.  This will include all submitted information you have entered into any information fields on our website, the content of any email correspondence between you and Insight Youth and any information passed to us at registration stage, should you progress to this. 

Alternatively, your GP or other health professional may send me your details when making a referral or a parent or trusted individual may give me your details when making an enquiry on your behalf.  If you decide not to proceed, I will ensure all your personal data is deleted within 6 months.  If you would like us to delete this information sooner, just let us know.

 

While you are accessing counselling

Rest assured that everything you discuss with us is confidential. That confidentiality will only be broken:

1.            Where you give consent for the confidence to be broken

2.            When we are required to do so by a court of law

3.            Where we believe there is a risk to you or to a third party and we feel it appropriate to involve other professionals such as your GP or other relevant professionals.  In such circumstances we will always aim, when possible, to discuss this with you first.

4.            Where statutory law requires us to inform the relevant authorities, which would include, but is not limited to, any knowledge or involvement in, acts of terrorism, money laundering, drug trafficking, harm or neglect of children or vulnerable adults.

 

We will always try to speak to you about this first, unless there are safeguarding issues that prevent this.  We will keep a record of your personal details to help our counselling and therapy services run smoothly.  These details are kept on a secure firewalled server and are not shared with any third party.  Your therapist may keep written notes of each session, these are kept are also kept on a secure firewalled server.  For security reasons, we do not retain text messages for more than four weeks.  If there is relevant information contained in a text message these will also be uploaded to the secure firewalled server.  Likewise, any email correspondence will be deleted after 3 months if it is not important, and if necessary, this will also be kept on a secure firewalled server.  

 

After counselling or therapy has ended

Once counselling or therapy has ended your records will be kept for six months from the end of your contact with us and are then securely destroyed.  If you want us to delete your information sooner than this, please let us know.

 

Third-party recipients of personal data

We sometimes share personal data with third parties, for example, where we have contracted with a supplier to carry out specific tasks.  In such cases, we have carefully selected which partners we work with.  We take great care to ensure that we have a contract with the third party that states what they are allowed to do with the data we share with them.  We ensure that they do not use your information in any way other than the task for which they have been contracted.

 

Your rights

We try to be as open as we can be in terms of giving people access to their personal information. You have a right to ask us to delete your personal information, to limit how we use your personal information, or to stop processing your personal information.  You also have a right to ask for a copy of any information that we hold about you and to object to the use of your personal data in some circumstances.  You can read more about your rights at ico.org.uk/your-data-matters.  If we do hold information about you we will:

  • give you a description of it and where it came from

  • tell you why we are holding it, tell you how long we will store your data and how we made this decision

  • tell you who it could be disclosed to

  • let you have a copy of the information in an intelligible form.

You can also ask us at any time to correct any mistakes there may be in the personal information we hold about you.  To make a request for any personal information we may hold about you, please put the request in writing addressing it to enquiries@insightyouth.org.  If you have any complaints about how we handle your personal data please do not hesitate to get in touch with us by writing or emailing to the contact details given above. We would welcome any suggestions for improving our data protection procedures.  If you want to make a formal complaint about the way we have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint.

 

Data security

We take the security of the data we hold about you very seriously and as such we take every effort to make sure it is kept secure.  Details of how we achieve this are outlined in a Data Protection Policy.  To request a copy of our data protection policy please contact us at enquiries@insightyouth.org.

 

Visitors to our website

When someone visits our website, we use a third party service, Wix to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site.  This information is only processed in a way that does not identify anyone.  We do not make, and do not allow Wix to make, any attempt to find out the identities of those visiting our website. 

We use legitimate interests as our lawful basis for holding and using your personal information in this way when you visit our website.  We use Wix so that we can continually improve our service to you.   You can read Wix privacy notice here https://www.wix.com/about/privacy

 

We use Wix as the content management system for our website - find out about Wix and data protection here https://support.wix.com/en/article/general-data-protection-regulation-gdpr

Like most websites we use cookies to help the site work more efficiently - find out about our use of cookies here https://support.wix.com/en/article/cookies-and-your-wix-site

No user-specific data is collected by us or any third party.  If you fill in a form on our website, that data will be temporarily stored on the web host before being sent to us.

 

Donations made through our website

Insight Youth is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to collect donations from you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall. 

All direct payment gateways offered by Wix.com and used by Insight Youth adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our organisation and its service providers.

 

Updates to this statement

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

bottom of page