York St John Communities Centre
All personal information gathered and held by York St John University Communities Centre is treated with the care and confidentiality required by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This privacy notice sets out the ways in which York St John University collects, uses, stores and shares your data and details the rights you retain in relation to your personal information.
This policy includes:
- Who are we?
- What information do we collect?
- How do we use your personal information?
- What legal basis do we have for processing your personal data?
- When do we share your personal data?
- Where do we store and process your personal data?
- How do we secure your personal data?
- How long do we keep your personal data?
- What are your rights in relation to your personal data?
- Any questions or concerns?
Who are we?
For the purposes of processing your personal information in this instance, the data controller is York St John University, Lord Mayor’s Walk, York, YO31 7EX.
The university's Data Protection Officer is:
York St John University
Lord Mayor’s Walk
Telephone: 01904 876 764
What information do we collect?
We retain brief information regarding your personal details as provided by you upon referral and throughout your time with us. The Communities Centre is a training and placement provider, offering clinical placements to selected trainee counsellors and therapists.
As a part of their training, trainees are required to record their counselling work, in order to review their practice and inform ongoing
development of their professional skills. Recordings are held on secure password protected devices and counsellors work to clear guidelines provided by the Centre.
We retain and log information regarding clinical measures and any other forms we ask you to fill out. We only gather and record the information that we need and you have the right to withhold or withdraw your consent to the Centre to process your personal
data without any detriment to your right to access a service provided to you by the Centre.
You can make a request through the Centre office to view information we hold about you and you can ask us to correct any errors in your record. You can also request to have your record deleted.
How do we use your personal information?
Your personal details are used so we can contact you when necessary and to obtain demographic information of the clients who are using our service.
Counselling recordings are used by students and supervisors to evaluate performance.
The clinical measures are used for research purposes, and to track your wellbeing throughout counselling and ensure that we are not increasing any possible risk.
In the event that we are concerned that you are a risk to yourself or others, we will discuss this with you and seek your consent to contact a relevant authority. For example, GP, NHS crisis team.
If you have given your written consent for further research your information may be used to contact you for further information through for example an interview or research meeting.
What legal basis do we have for processing your personal data?
The UK GDPR requires us to establish a legal basis for processing your information.
For the purpose of this privacy notice the processing is covered under:
- UK GDPR Article 6 (1)(a) where processing is based on consent and the controller shall be able to demonstrate that the data subject has consented to processing of their personal data. You have the right to withdraw your consent at any time and can do so by emailing the university at firstname.lastname@example.org
As we are also collecting special category data, we are required to establish an additional condition for processing the information. For the purpose of this privacy notice the processing is covered under:
- UK GDPR Article 6 (1)(a) where processing is based on consent and the controller shall be able to demonstrate that the data subject has consented to processing of their personal data. You have the right to withdraw your consent at any time and can do so by emailing the University at email@example.com
As we will be collecting special category data, in the form of personal details, all such data will be stored in our secure data storage system (for digital data) or in locked files within a Centre administration office, and accessible only by approved users. See the following sections for further details.
When do we share your personal data?
Within the Centre your personal details, clinical forms, and recordings will be accessed by your counsellor, and by Centre admin staff.
Your clinical forms and personal details may also be accessed by other Centre members and external researchers; however, this information will be completely anonymised and will not include your name, address, or contact details.
In such cases when you have agreed to extra research, your personal details may be shared with external researchers to contact you regarding further information. Anonymised client data may be presented at research conferences, within training and publication contexts, or by trainees and supervisors as case material.
Where do we store and process your personal data?
Your personal data will be stored on a secure database that is externally owned and operated by us. Access is controlled and kept to a minimum and relevant security measures have been taken to ensure this. Paper copies are kept to a minimum and destroyed as soon as the information has been copied into the database if necessary.
How do we secure your personal data?
York St John University takes the security of your personal information very seriously.
In order to ensure that the safety and security of such data is maintained, the university will:
- Protect data against accidental loss
- Prevent unauthorised access to, use of, destruction of or disclosure of the data
- Ensure business continuity and disaster recovery
- Restrict access to personal information
- Conduct Privacy Impact Assessments in accordance with the law and university policies
- Train staff and contractors on data security
- Manage third party risks, through use of contracts and security reviews
How long do we keep your personal data?
Paper copies of information are kept to a minimum, and in such cases these will be held in a locked cabinet until the information can be transferred to a computer and then they will be shredded.
Database information is held within our secure system for a maximum of 7 years.
What are your rights in relation to your personal data?
Under the GDPR, you have a right to:
- Be kept informed as to how we use your data
- Request a copy of the data we hold about you via a Subject Access Request
- Update, amend or rectify the data we hold about you
- Change your communication preferences
- Ask us to remove your data from our records
- Object to or restrict the processing of your information
- Raise a concern or complaint about the way in which your information is being used.
Any questions or concerns?
If you have any questions or concerns about the way we are collecting and using your personal data we request that you contact the University by emailing: firstname.lastname@example.org
You also have the right to complain to the Information Commissioner's Office (ICO) about the way in which we process your personal data. Details can be found at: https://ico.org.uk
Last updated on: 5 August 2021