top of page

Insight Youth privacy statement...

Introduction

Your privacy is very important to us, and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose for which it was given to us. We adhere to current data protection legislation, including the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003.

This privacy notice explains what we will do with your personal information from initial point of contact through to after any potential therapy has ended, including:

  • why we are able to process your information and the purposes for which we process it

  • whether you have to provide it to us

  • how long we store it for

  • whether there are other recipients of your personal information

  • whether we intend to transfer it to another country

  • whether we carry out automated decision-making or profiling

  • your data protection rights

We are happy to discuss any questions you might have about this privacy notice or our data protection procedures. You can contact us at enquiries@insightyouth.org.

The term data controller describes the person or organisation that collects, stores, and is responsible for people’s personal data. In this instance, the data controller is Cheviot Youth. We are registered with the Information Commissioner’s Office under registration number ZB607756.

Insight Youth is a division of the Scottish charity Cheviot Youth, charity number SC034865. Our registered postal address is:

Cheviot Youth
Abbotseat Road
Kelso
TD5 7SL

Our lawful basis for holding and using your personal information

Under the UK GDPR, we must have a lawful basis for processing your personal data. The lawful basis we rely on depends on the stage at which we are processing your information.

If you are currently having therapy, or if you are in contact with us to consider therapy, we will process your personal data where it is necessary for the performance of a contract.

If you have previously had therapy with us and that work has ended, we will usually rely on legitimate interests as our lawful basis for holding and using your personal information.

The UK GDPR also provides additional protection for sensitive personal information, known as special category personal data. Where we process special category personal data, our basis for doing so is that it is necessary for the provision of health or social care or treatment, including counselling and therapy, and for the performance of our contract with you.

How we use your information

Initial contact

When you contact us with an enquiry about our counselling and therapy services, or to make a referral, we will collect information to help us respond appropriately. This may include information you submit through forms on our website, the content of email correspondence, and information provided at registration stage if you progress further.

In some cases, your GP or another health professional may send us your details when making a referral. A parent or trusted individual may also contact us on your behalf.

If you decide not to proceed, we will securely delete your personal data within 6 months. If you would like us to delete this information sooner, please let us know.

While you are accessing counselling

Everything you discuss with us is treated confidentially. Confidentiality will only be broken in the following circumstances:

  • where you give consent

  • where we are required to do so by a court of law

  • where we believe there is a risk to you or to another person and we judge it appropriate to involve other professionals, such as your GP or other relevant services

  • where we are required by law to inform the relevant authorities, including but not limited to matters involving terrorism, money laundering, drug trafficking, or the harm or neglect of children or vulnerable adults

Where possible, we will always aim to discuss this with you first, unless there are safeguarding reasons that prevent us from doing so.

We keep a record of your personal details to help our counselling and therapy services run safely and effectively. These details are stored on a secure firewalled server and are not shared with third parties except where necessary and lawful.

Your therapist may also keep session notes. These are likewise stored on a secure firewalled server.

For security reasons, we do not retain text messages for more than four weeks. If a text message contains information relevant to your care, that information may be transferred to our secure records system.

Likewise, email correspondence that is not important will usually be deleted after 3 months. If an email contains information relevant to your care or our work with you, it may be stored on our secure records system.

After counselling or therapy has ended

Once counselling or therapy has ended, your records will be retained for seven years from the end of your contact with us and will then be securely destroyed.

If you request deletion sooner than this, we will consider that request carefully. However, there may be circumstances in which we are required to retain records for the full retention period, for example for legal, regulatory, safeguarding, or insurance purposes.

Third-party recipients of personal data

We sometimes share personal data with third parties where we have contracted with a supplier to carry out specific tasks on our behalf.

In such cases, we take care to work only with appropriate providers and to ensure there is a written agreement in place setting out what they are permitted to do with the data we share. We require that they only use your information for the specific task for which they have been contracted.

Your rights

Under data protection law, you have rights in relation to your personal information. These include the right to:

  • request access to the personal information we hold about you

  • request correction of inaccurate or incomplete information

  • request deletion of your personal information in certain circumstances

  • request that we restrict or limit how we use your personal information

  • object to our processing of your personal information in certain circumstances

You can read more about your rights on the Information Commissioner’s Office website at ico.org.uk/your-data-matters.

If we do hold information about you, we will:

  • give you a description of it and where it came from

  • tell you why we are holding it, how long we will store it, and how that decision was made

  • tell you who it may be disclosed to

  • provide you with a copy of the information in an intelligible form

You can also ask us at any time to correct any mistakes in the personal information we hold about you.

To make a request relating to your personal information, please contact us in writing at enquiries@insightyouth.org.

If you have concerns about how we handle your personal data, please get in touch using the contact details above. We welcome feedback and would always try to resolve concerns directly where possible.

You also have the right to make a complaint to the Information Commissioner’s Office (ICO), which is the UK regulator for data protection. Further information is available at ico.org.uk/make-a-complaint.

Data security

We take the security of the data we hold about you very seriously and make every effort to ensure it is kept secure.

Further details of how we protect personal information are set out in our Data Protection Policy. To request a copy of this policy, please contact enquiries@insightyouth.org.

Visitors to our website

When someone visits our website, we use a third-party service, Wix, to collect standard internet log information and details of visitor behaviour patterns. We do this to understand things such as the number of visitors to different parts of the site.

This information is processed in a way that does not identify individual visitors. We do not make, and do not permit Wix to make, any attempt to identify those visiting our website.

We rely on legitimate interests as our lawful basis for using personal information in this way, as it helps us monitor and improve our website and services.

You can read Wix’s privacy notice here:


https://www.wix.com/about/privacy

We use Wix as the content management system for our website. You can read more about Wix and data protection here:


https://support.wix.com/en/article/general-data-protection-regulation-gdpr

Like most websites, we use cookies to help the site work effectively. You can read more about cookies used on Wix websites here:


https://support.wix.com/en/article/cookies-and-your-wix-site

No user-specific data is collected by us for general website analytics. If you complete a form on our website, the information you enter may be temporarily stored by the web host before being sent to us.

Donations made through our website

Insight Youth is hosted on the Wix.com platform. Wix.com provides the online platform that allows us to collect donations from you. Your data may be stored through Wix.com’s data storage, databases, and general Wix.com applications. They store your data on secure servers behind a firewall.

All direct payment gateways offered by Wix.com and used by Insight Youth adhere to the standards set by PCI-DSS, as managed by the PCI Security Standards Council. These standards help ensure the secure handling of payment card information by our organisation and its service providers.

Updates to this notice

We reserve the right to amend this privacy notice at any time, so please review it periodically. Changes and clarifications will take effect immediately upon being published on our website.

If we make material changes to this notice, we will make that clear on our website so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use or disclose it.

bottom of page