Who we are
Cornerstone Counselling Service (CCS) provides Christian based counselling for children, young people, adults, couples and families. We help people with a wide range of issues such as depression, anxiety, anger management difficulties, relationships, abuse, bereavement, low self-esteem etc. Although we are a Christian organisation, we do not impose religious perspectives on clients.
Our website address is: www.ccscounselling.org.uk
We can also be accessed from the following website: http://adventist.org.uk/sec/departments/counselling-service
We collect and use personal data to offer people information and services. This policy will apply in all locations where we operate, to all forms of information and to all systems used to collect, store, process or transfer information.
The purpose of this notice is to make you aware of what information we collect and how we will handle your information.
CCS applies the UK Data Protection Act 2018 privacy standard. We are committed to:
- protecting the confidentiality, integrity and availability of the information it collects, stores, transfers and processes in accordance with UK law and international good practice, and to meeting its legal requirements and contractual obligations
- explaining why it needs personal information, only asking for and collecting personal information it needs and only sharing personal information within CCS and with other organisations where legally necessary.
- allowing people to request access to the personal information it holds on them and to complain if they believe their information has been mishandled
- not keeping personal information for longer than necessary
- ensuring that actual or suspected breaches of information security are reported and investigated
- assessing and reviewing its information security controls annually
- applying these standards to its Third Parties it may use in delivering its services.
We will provide adequate and appropriate resources to implement this policy and will ensure it is communicated and understood.
The Executive Secretary of The South England Conference of Seventh-day Adventist is notified as a Data Controller with the Office of the Information Commissioner under registration number Z7316012 and is the data controller of any personal data that you provide to us.
Contact details: Douglas McCormac, Executive Secretary, South England Conference of Seventh-day Adventists, 25 St Johns Rd, Watford WD17 1PZ.
Any questions relating to this notice and our privacy practices should be sent to Email: email@example.com
Data Protection Officer:
Our Data Protection Officer is: Thembie Mapingire
Contact Details: Thembie Mapingire, Cornerstone Counselling Services Coordinator, C/o South England Seventh-Adventist Church, The Advent Centre, 39 Brendon St,
London W1H 5JE, Email: firstname.lastname@example.org
- How we collect information about you
- Where/How we collect information about you
We collect the information about you from the following contact points:
- On our website when you complete self-referral and enquiries forms
- Over the telephone when you contact to register/book our services
- During counselling consultation sessions we make notes
- Cookies on our websites which you consent to
- Third Party Partners we use to provide service, e.g. Stripe and Web flow
Self-Referral and Contact forms
We collect the following information about you from self-referral and contact forms when you complete them on our website:
- First name, Last name, e-mail address, telephone number.
- Type of service required and preferred day, time and location.
- We take personal information similar to that on our referral or contact form above when you contact us over the phone. In addition we also collect your postal address and next of kin details.
Our counsellors collect information specific to your counselling request and make notes during our sessions as part of our professional practice and to ensure continuity of support from one counselling session to another.
- Notes collected by counsellors are kept in a locked cabinet at the office and those who work on different satellites also keep them in their locked filling cabinets.
- We also collect phone numbers, email address and physical address and next of kin details.
Cookies on our websites
Third Party Partners
The following Third Parties will also collect data from you to support the services they provide as part of our website. The data they collect will be governed by their privacy policies detailed below:
We use Stripe Inc. for take online payments for the services you select from our website. Stripe is a US based company based outside the EU. Stripe collects the following information about you for processing online payments:
- E-mail address, card information, name on card, billing address
Webflow Inc. is a US based company, based outside the EU. In relation to transfers of Personal Information to the U.S., Webflow participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (hereinafter, the “Framework” or “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, disclosure, and retention of Personal Information transferred from the EU, EEA, and Switzerland to the United States. Webflow has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. For details of the Privacy Shield Framework visit https://www.privacyshield.gov/.
We use Zapier to send formatted emails to email@example.com
Zapier does not currently retain any data. Zapier’s GDPR policy can be found here: https://zapier.com/help/gdpr/
We use Google Analytics to collect information about how our website visitors are using our website - what information they look at, how they use a web page, how long they spend on the site, etc.
You may opt-out of Google Analytics for Display Advertisers including AdWords and opt-out of customized Google Display Network ads by visiting the Google Ads Preferences Manager. To provide website visitors more choice on how their data is collected by Google Analytics, Google has developed an Opt-out Browser add-on, which is available by visiting Google Analytics Opt-out Browser Add-on, to enable you to opt-out of Google’s programs. To opt out of the collection and use of information for ad targeting please feel free to exercise your rights
How we use information about you
We need your information and will use your information to:
- undertake and perform our obligations and duties to you in accordance with the terms of our contract with you;
- enable us to supply you with the services and information which you have requested;
- analyse the information we collect so that we can administer, support and improve and develop our business and the services we offer;
- to contact you in order to send you details of any changes to our counsellors, suppliers which may affect you; and
- for all other purposes consistent with the proper performance of our operations and business.
- How we protect your information
When you give us information we take steps to make sure that your personal information is kept secure and safe.
- We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
- In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
- We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- Some of the specific measures CCS has put in place include the following:
- Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
- Performing regular checks and scans to ensure security hardware and software is functioning properly.
- Evaluating any third-party services the organisation is considering using to store or process data. For instance, cloud computing services, social media, or other communication platforms.
- Using SSL (Secure Sockets Layer) encryption for our website which ensures that any personal information you submit through our website is not visible to anybody else when in transit between your computer and our server. However, the transmission of information via the internet is not completely secure. We cannot therefore guarantee the security of your data transmitted to our site: any transmission is at your risk.
- Email systems have built-in end-to-end encryption when sending personal information
- We use of codes and/or pseudonyms for our clients
- We use password facilities on phones, computers and (software applications)
- Data is backed up on cloud based servers and on secure local back-up devices for which passwords are required to access the data
- We implement physical security measures to our server rooms
- Keeping your information up to date
The accuracy of your information is important to us. The law requires the CCS to take reasonable steps to ensure data is kept accurate and up to date. It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.
Data should be updated as and when inaccuracies are discovered. Please help us keep our records updated by informing us of any changes to your email address and other contact details.
- How long we retain your information
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
- We keep basic information about our clients (including Contact, Identity, Financial and Transaction Data) for seven (7) years after they cease being customers, for financial audit purposes.
- We keep client notes for three (3) years after finishing with the client.
- If a client does not engage with the service after we have collected their information, we delete the information within six months
We review our data retention periods regularly and will only hold your personal data for as long as is necessary for the relevant activity, or as required by law.
- Your right to access your data
All individuals who are the subject of personal data held by the BUC are entitled to:
- Ask for a copy of the information CCS holds about them and why.
- Ask how to gain access to it.
- Require us to correct any inaccuracies in your information.
- Be informed how the CCS is meeting its data protection obligations.
- Make a request to us to delete it.
When exercising your rights, you must give us a request in writing, by post or by email. If you would like to exercise any of your rights above please contact us Douglas McCormac at firstname.lastname@example.org
Limitations to your rights
In certain circumstances, the GDPR allows personal data to be disclosed to law enforcement agencies without the consent of the data subject. In these circumstances, CCS will ensure the request is legitimate, the organisation's legal advisers where necessary.
What we may need from you
We may need to request specific information from you to help us confirm your identity, proof of your address and ensure your right to access your personal data (or to exercise any of your other rights) or any other information that we reasonably need to locate the information you have requested (for example details of the CCS locations or staff that you have had contact with and when). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We will not start looking for your information until we confirm your identity.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Should you wish to exercise all relevant rights, or to submit queries or complaints about the use of your information, we would ask that you contact us in the first instance at:
Executive Secretary, South England Conference of Seventh-day Adventists, 25 St Johns Rd, Watford WD17 1PZ. Phone: +44 (0) 1923 232 728
You also have the right to complain to the Information Commissioner’s Office in relation to our use of your information. The Information Commissioner’s contact details are noted below:
Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone: 0303 123 1113
Changes to our Privacy and Data Protection Policy
CCS will review this policy statement regularly to reflect new legal and regulatory developments and ensure good practice.