Privacy Policy 

This privacy policy is subject to change without notice and was last updated on 5th November 2020. If you have any questions feel free to contact us directly here: hello@houseofself.co.u

Who are we? 

1.1 House of Self is a counselling, psychotherapy and coaching company registered in England and Wales with the Company Registration Number: 12127426. Our registered company address is 293a Ewell Road, Surbiton, Surrey, England, KT6 7AB.

1.2 We are registered with the UK’s Information Commissioners Office and our registration number is: [Pending Application]

1.3 During the 2019-2020 pandemic, we have temporarily ceased to provide “in-person services” at our therapy rooms in Surrey and London, and until the pandemic is over will be providing our services to you online through our website, and web-application services.

1.4 Our Data Protection Officer is Emma Williams if you have any problems or would like to exercise your rights according to GDPR 2016, or the UK’s Data Protection Act 2018, please contact us hello@houseofself.co.uk

1.5 We are committed to safeguarding the privacy of our website visitors and service users; in this policy, we explain how we will handle your personal data.

1.6 We will ask you to consent to our use of cookies in accordance with the terms of this policy when you first visit our website.

1.7 We are committed to collecting the absolute minimum data necessary to provide you with our product and services – this includes when you sign-up to our mailing lists.

How we use your personal data

2.1 In Section 2 we have set out:

2.1.1 the general categories of personal data that we may process;

2.1.2 in the case of personal data that we did not obtain directly from you, the source and specific categories of that data;

2.1.3 the purposes for which we may process personal data; and

2.1.4 the legal bases of the processing.

2.2 WEBSITE USAGE DATA
We may process data about your use of our website and services. The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your use of our website and online services.

The source of the usage data is Google Analytics.

The purpose of processing this data is to analyse the use of the website and services and make ongoing improvements to our website and our services. All data collected through Google Analytics is anonymised to protect your privacy.
More information https://policies.google.com/privacy?hl=en-US

2.3 SERVICE DATA
We may process the personal data that you provided in the course of the use of our services. The service data may include your name, email address, telephone number, home address, the products and/or services you purchase from us.

The source of the service data is you, although in some limited cases it may be that your employer, G.P. or other health and/or welfare service provider such as a Local Authority or NHS professional.

We process this data to enable us to provide you with the best and most relevant client-focused service and to be able to communicate with you; to follow up on your progress as part of our duty of care to you, as well ensuring we maintain high standards in our service provisions.

During the pandemic where we are currently unable to consult and provide services to our clients in person, at House of Self, we have moved our therapeutic services online and offer a HIPAA compliant platform which is very easy to use and which offers end-to-end encryption of your video consultations as well as and broader levels of high security to protect the privacy, confidentiality and integrity of the service you receive from our therapists.

We use Zoom and/or VSee to facilitate video conferencing with our clients for the purpose of providing private and confidential counselling services.

Zoom Privacy Policy: https://zoom.us/privacy/
VSee Privacy Policy: https://vsee.com/privacy
VSee HIPAA Compliance Statement: https://vsee.com/hipaa

2.4 TRAINING ACCOUNT DATA
We may process your training account data. (“account data“).

The account data includes your name and email address, training profile picture, your preferred method of payment, (payment card details are NOT stored on our website) the names of courses you have purchased and your course progress.

The source of the account data is you in terms of your name, email address and preferences – our training system generates a log of your course/training progress which is available to you every time you log in to our learning platform on our website.

The account data may be processed for the purposes of operating our website, providing our training services to you, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you, in the form of training support.

The legal basis for this processing is your consent and our legitimate interests, namely the proper administration of our website, training courses, our training platform and business.

We use LearnDash as a plug-in on our website and you can read LearnDash’s Privacy Policy here: https://www.learndash.com/privacy-policy/

2.5 ENQUIRY DATA
We may process information contained in any enquiry you submit to us via our website using the Contact Form, or when contacting us by email or phone regarding our products and services.

The source of the enquiry data is you.

The enquiry data is processed so that we can respond to you efficiently, answer any questions you may have asked and enable us to address the specific contents of your communication with us.

2.6 TRANSACTIONAL DATA
We may process information relating to transactions, including purchases of products and services, that you enter into with us via a service agreement and/or when you purchase products or services through our website.

The Transaction data is processed on our behalf by our payment process service provider which are: PayPal, Stripe, ApplePay, GooglePay. It is your choice which of the payment providers you use when purchasing products from our Online Shop or Online services from us.

The transaction data will normally include, your name, address and preferred payment card and or payment service, a description of what was purchased and the value of the purchase.

You are given the option to use a payment provider which you
already have an account with.
b. sign up for an account with one of the service providers offered.
c. pay as a guest using one-time-only payment.

The transaction data is processed so that we can supply you with the products and or services which you have purchased and keeping proper records of those transactions.

The legal basis for this processing is the performance of a service agreement between you and us and/or taking steps, at your request, to enter into such an agreement.

PayPal Privacy Policy: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full
Stripe Privacy Policy: https://stripe.com/gb/privacy
ApplePay: https://www.apple.com/uk/privacy/
GooglePay: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en

2.7 NOTIFICATION DATA
We may process information that you provide to us when you subscribe to our mailing list to receive email notifications, such as our Newsletters, Marketing materials which may include offers and Surveys. (“notification data”)

The source of the notification data is you and will include your name and email address

The notification data may be processed for the purposes of sending you the relevant notifications to which you have subscribed.

The legal basis for this processing is your consent. Every email notification includes an unsubscribe link in the footer of the email and you are free to unsubscribe at any time. If you choose to unsubscribe from our email subscription services, your data (name and email address) will be permanently and irretrievably deleted from our mailing system.

We use MailChimp to process our mailing list – you can read MailChimp’s Privacy Policy Here: https://mailchimp.com/legal/privacy/

We use TypeForm to manage our Surveys, you can read TypeForm’s Privacy Policy here:https://admin.typeform.com/to/dwk6gt (Legal Jargon)
TypeForm Privacy Policy (Plain English) https://admin.typeform.com/to/dwk6gt

2.8 CORRESPONDANCE DATA
We may process information contained in or relating to any communication that you send to us. (“correspondence data“).

The correspondence data may include the communication content, the metadata associated with the communication, your name, email address when you correspond with us by using the contact form on our website. Our website will generate the metadata associated with communications made using the website contact forms. If your correspondence is a traditional email, the data will include the contents of your email, your name and your email address. If you correspond with us by post, the data will include any data you have shared with us in letter format, and will usually include your name, the contents of your letter and a return address.

The source of the service data is you, although in some limited cases it may be that your employer, G.P. or other health and/or welfare service provider such as a Local Authority or NHS professional.

The correspondence data may be processed for the purposes of responding to any correspondence you have sent to us, enabling us to communicate with you and record-keeping.

The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with service users.

2.9 CATEGORY OF DATA
In addition to the type of data we have already described in the sections above, we may process what we consider to be special category data – this data may relate to an issue or condition you might be seeking treatment for from us. For example, you might disclose that you suffer from depression or anxiety or other health conditions.

The source of the service data is you, although in some limited cases it may be that your employer, G.P. or other health and/or welfare service provider such as a Local Authority or NHS professional.

This data may be processed to ensure you get the best available therapeutic treatment.

The legal basis for this processing is your consent and the performance of a service agreement between you and us and/or taking steps, at your request, to enter into such an agreement.

2.10 In addition to the specific purposes for which we may process your personal data set out in this Section 2, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

2.11 Please do not supply any other person’s personal data to us, unless you have their written consent and we prompt you to do so.

3. Sharing your personal data to others

3.1. We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal and/or financial disputes.

3.2. We may disclose your name and email address to our suppliers or subcontractors insofar as reasonably necessary for example managing our Mailing List.

3.3. Financial transactions relating to our website and services handled by our payment services providers, who have been listed in the above section Transaction Data. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers’ privacy policies and practices at
PayPal Privacy Policy: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full
Stripe Privacy Policy: https://stripe.com/gb/privacy
ApplePay: https://www.apple.com/uk/privacy/
GooglePay: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=en

3.4. We use a Customer Relationship Management System (CRM) to organise our client files – this service is provided to us by HubSpot. HubSpot is an Irish Company with data centres in Ireland and is fully compliant with both GDPR and the UK’s Data Protection Act 2018 (DPA 2018). The only data which we store in our CRM are:

3.4.1. Your basic contact details,

3.4.2. The copy of your service agreement

3.4.3. The name of the therapist assigned to you

3.4.4. GDPR / DPA 2018 consent

3.4.5. Any data which you share with your therapist is kept in hard-copy format and in locked filing cabinets which only your named therapist has access to. Your case files are not digitised without your consent.

3.4.6. https://legal.hubspot.com/privacy-policy

3.5. In addition to the specific disclosures of personal data set out in this Section 3, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

4. International transfers of your personal data

4.1. In This Section, we provide information about the circumstances in which your personal data may be transferred to countries outside the European Economic Area (EEA).

4.2. We have offices and facilities in the UK, however, our payment processors, Mailing List processor are American owned companies with their headquarters in the USA as well as European Operations Centres.

From time to time and when performing system security reviews and systems back-ups, random samples of data from the EU Operations Centres is transferred to the USA via an encrypted connection. We have no control over these security reviews and no-way of being able to identify if any of your data was contained in the random data samples.

The European Commission has made an “adequacy decision” with respect to the data protection laws of the USA, and transfers of data to the USA will be protected by appropriate safeguards, namely data encryption as well as encrypted connections.

In signing up to these services which allows them to process your data they are obligated to protect your data through the use of binding corporate rules, and maintaining mandated regulatory standards, such as ISO 27001, PCI DSS, SOC I, SOC II and be independently audited by their regulatory body annually to ensure compliance.

PayPal Security – https://www.paypal.com/us/webapps/mpp/security/security-protections

Stripe Security – https://stripe.com/docs/security/stripe

Apple Pay Security – https://support.apple.com/en-us/HT203027

Google Pay Security – https://safety.google/pay/

MailChimp Security – https://mailchimp.com/about/security/

4.3. The hosting facilities for our website are situated in the USA, The European Commission has made an “adequacy decision” with respect to the data protection laws of the USA, and transfers of data to the USA will be protected by appropriate safeguards, namely data encryption as well as encrypted connections.
HostGator Security https://www.hostgator.com/help/article/what-security-measures-are-used-to-protect-my-server
In addition to what HostGator do to protect their servers and hosting infrastructure, we have additional layers of security in the form of Secure Socket Lock (SSL)
Site Lock Services which scans, protects and prevents our site from common website vulnerabilities such as SQL injections, Brute Force Attack and Malware.

4.4. You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

5. Retaining and deleting personal data

5.1. Section 5 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

5.2. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

5.3. We will retain and delete your personal data as follows:

5.3.1. Transaction Data – will be minimised to the minimum allowed by the UK and retained for 7-years in line with UK Taxation and Company Law. This data is held in our accounting system QuickBooks
QuickBooks Security – https://quickbooks.intuit.com/global/security/
QuickBooks Privacy https://www.intuit.com/privacy/protect-your-privacy/

5.3.2. Training Account Data
You are welcome to cancel your Training account at any time – to do this, visit our website and login to your training account, from where you will be able to cancel your account.

Before you cancel your account we advise you that you download records of the courses you have completed and certificates of accomplishment because once you cancel your account all your data will be irretrievably be deleted from our system.

You are in full control of this data!

Please Note:
The Learning Platform does generate reports that we download monthly – these reports provide us with the names and email addresses of course participants, courses purchased and course progress. What this allows us to do is see when you have purchased a course, this is provided to us in Spreadsheet Format which we use to tie in with financial statement provided by our payment processing providers – Once our monthly accounts have been compiled these records are destroyed.

5.3.3. Correspondence & Enquiry data
If you are a customer your correspondence data will be deleted from our systems within 30-days of your service agreement with us coming to an end, unless there is a financial or legal dispute between us.

If there is a dispute, your correspondence data will be deleted 30-days after the dispute has been resolved.

Depending on the nature of your service agreement with us, you always have the opportunity to renew or extend your service agreement with us during the 30-day window at the end of your service agreement.

If you are not a customer of House of Self – your correspondence data will be deleted 30-days from the last communication we received from you.

5.3.4. Case Note & Special Category Data
All therapeutic notes are taken by hand – we do not keep digital records of notes made by our therapists when consulting with clients.

Therapeutic notes will be deleted 30-days after your therapeutic treatment has concluded and your service agreement has come to an end.

In some cases where your notes may form part of a case study, all personally identifying data will be removed from your notes and anonymised – Case Studies are produced as learning and teaching aids.

We will never use your notes in this way without your consent

Finally, there may be times where we may need to share what we consider to be Special Category Data between us. This data may be about your health situation, medically diagnosed condition or other personal situation. Should we ever have to share this information between us we use We Transfer. We use this services because it offers end to end encryption, you do not need to have an account with We Transfer, all documents shared by named parties on this platform are encrypted at rest so that even We Transfer employees cannot access the content of the shared documents and the documents are irretrievable deleted after 7-days.

We Transfer Privacy Policy https://wetransfer.com/legal/privacy

5.3.5. Notification data
As previously stated in the above section 2.5 you have the right to unsubscribe from our mailing list at any time. If you unsubscribe your data will be automatically and irretrievably be removed from our system.

5.4. Notwithstanding the other provisions of this Section 5, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

6. Amendments

6.1. We may update this policy from time to time by publishing a new version on our website.

6.2. You should check this page occasionally to ensure you are happy with any changes to this policy.

6.3. We may notify you of changes to this policy [by email or through the private messaging system on our website].

7. Your rights

7.1. In this Section, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

ICO – https://ico.org.uk/

7.2. Your principal rights under data protection law are:

7.2.1. the right to access; your data.
The only membership area we provide on our website is in the Training Course Ares of our website – in this area, you have full control over what you choose to share with us to access the Training Services – all other data is held on our internal systems and you will need to make a “Subject Data Request” for a clear understanding of what data we hold, where it is kept, how we process it and why we process it.

7.2.2. the right to rectification;
The only membership area we provide on our website is in the Training Course Ares of our website – in this area you have full control over what you choose to share with us to access the Training Services – it is your responsibility to ensure that the data is correct. For any other data corrections, you can write/email or phone us at any time during office hours and provide us with updates to your information or make corrections if you think data we hold might contain errors.

7.2.3. the right to erasure;
You have the right to ask us to erase your data – as our data retention policy in Section 5 explains what data will be erased and the time frames for this erasure. In the main and barring exceptional circumstances, your data will be deleted from our systems 30-days after any service agreement between us has expired. Exceptional circumstances include legal and/or financial disputes and or when a superseding law or legal authority requires us to hold your data for longer than the stated period. As previously stated, you have the ability to erase your data from our systems when you unsubscribe from our mailing list and cancel/delete your account from our learning platform. We would like to remind you that once you have unsubscribed or deleted your learning account the data, we once may have held is irretrievable.

7.2.4. the right to restrict processing;
While it is your right to request that we restrict the processing of your data – we only process your data with your consent to provide you with the goods or services you have requested. Requesting us to limit the processing of your data might lead to a diminished capability to provide you with the requested good and or service.

7.2.5. the right to object to processing;
While it is your right to object to us processing your data – to do so during our active service agreement with us, would prevent us from being able to provide you with the services you have requested. If for any reason you are unhappy with how your data is being processed or need a deeper understanding of our process, please contact us or your therapist to discuss your right.

7.2.6. the right to data portability;
You have the right to data portability – we provide this to you in the Training Course Area of our site, where you have full control over the data you provide in this area. As part of the control, you can change, correct amend, download and delete your account. We have provided information in the Training Course Section of this policy. We provide copies of all data and documents made through a “Subject data Request” as PDF’s these will be transferred to you via an encrypted data transfer service, for example, We Transfer. Please be aware that if you have deleted your Training account or unsubscribed from our mailing list, we will not be able to provide you with this data as this makes your data irretrievable to us.

7.2.7. the right to complain to a supervisory authority;
If while exercising any of your right’s you feel we have not met the standards or have not handled your Subject Data Request in accordance with the legislation and the terms as described in this, our Policy you have the right to complain about us to the Information Commissioners Office – ICO – https://ico.org.uk/

7.2.8 the right to withdraw consent.
You have the right to withdraw your consent at any time – this right is normally associated with the receipt of email notifications which has been described in section 2.5.

7.3. You may exercise any of your rights in relation to your personal data by written notice to us – email will suffice. hello@houseofself.co.uk

8. About cookies

8.1. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

8.2. Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

8.3. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

9. Cookies that we use

9.1. We use cookies for the following purposes:

9.1.1 authentication – we use this cookie to identify you when you visit our website and as you navigate our website. The purpose of this cookie is to ensure that it is really you who is visiting our website. Our Payment Process Service Providers also have authentication cookies which protect your account from fraudulent use, when you purchase products from our online shop or services.

9.1.2. security – we use this cookie as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials and to protect our website and services generally. This cookie is of particular importance when you use our shop and/or make other purchase from our website.

9.1.3. analysis – we use this cookie to help us to analyse the use and performance of our website and services. This cookie is provided to us by Google Analytics and helps us to improve our website, it’s content and your visitor experience.

9.1.4. cookie consent – we use this cookie to store your preferences in relation to the use of cookies more generally. Cookies used for this purpose are used to make sure it is really you who is visiting our website, and to identify you if you have subscribed to our Mailing List – also known as Email Notifications.

10. Cookies used by our service providers

10.1. Our service providers use cookies and those cookies may be stored on your computer when you visit our website.

10.2. We use Google Analytics to analyse the use of our website. Google Analytics gathers information about website use by means of cookies. The information gathered relating to our website is used to create reports about the use of our website. Google’s privacy policy is available athttps://www.google.com/policies/privacy/.

10.3. We publish Google AdSense advertisements on our website. To determine your interests, Google will track your behaviour on our website and on other websites across the web using cookies. This behaviour tracking allows Google to tailor the advertisements you see on other websites to reflect your interests however we do not publish interest-based advertisements on our website.

You can view, delete or add interest categories associated with your browser by visiting: https://adssettings.google.com. You can also opt-out of the AdSense partner network cookie using those settings or using the Network Advertising Initiative’s multi-cookie opt-out mechanism at http://optout.networkadvertising.org. However, these opt-out mechanisms themselves use cookies, and if you clear the cookies from your browser your opt-out will not be maintained. To ensure that an opt-out is maintained in respect of a particular browser, you may wish to consider using the Google browser plug-ins available at https://support.google.com/ads/answer/7395996

11. Managing cookies

11.1. Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can, however, obtain up-to-date information about blocking and deleting cookies via these links:

11.1.1. https://support.google.com/chrome/answer/95647?hl=en (Chrome);

11.1.2. https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);

11.1.3. http://www.opera.com/help/tutorials/security/cookies/ (Opera);

11.1.4. https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);

11.1.5. https://support.apple.com/kb/PH21411 (Safari); and

11.1.6. https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).

11.2. Blocking all cookies will have a negative impact upon the usability of many websites.

11.3. If you block cookies, you may not be able to use all the features on our website