Summary of Individual Therapy Services
The General Data Protection Regulation PolicyThe General Data Protection Regulation (GDPR) is concerned with the personal information about you that Harris Plus Health Ltd. Collects and stores. This page details the GDPR policy.
Personal Information we will Collect:
• Name, address, telephone number (and your preferred method of contact), and your email address.
• Also, your GP name and Surgery address and contact details, and medical conditions relevant to counselling sessions and medications prescribed.Other details which may be recorded at assessment could include, occupation, relationships, gender (or preferred identity), counselling history and summaries of our sessions.
None of this information is used in research or shared with third parties with the exception of the limits of confidentiality as detailed in the Counselling Agreement.How your information is stored:
Information is all stored via client management software: www.bac-pac.co.uk No hard copies are kept at any time. Those hard copies collected will be destroyed within 48 hours or you will be
invited to take them with you.Any word documents i.e. Home exercises / letters required by clients will be encrypted with individual passwords.I am required by my insurers and supervisor to keep
details of our work for seven years after our work is finished. Your folder will be stored securely via client management software until this time.Your rights:
• To be informed about what information is held.
• To see the information held about you.
• To rectify any inaccurate information and keep it updated.
• To withdraw consent for using your personal information and request your information be erased (although this can be refused whilst the information is needed for lawful and competent practice)
• Web Site Terms and Conditions of Use
By accessing this web site, you are agreeing to be bound by these web site Terms and Conditions of Use, applicable laws and regulations and their compliance. If you disagree with any of the stated terms and conditions, you are prohibited from using or accessing this site. The materials contained in this site are secured by relevant copyright and trade mark law.
2. Use License
1. Permission is allowed to temporarily download one duplicate of the materials (data or programming) on Harris Plus Health's site for individual and non-business use only. This is the just a permit of license and not an exchange of title, and under this permit you may not:
1. modify or copy the materials;
2. use the materials for any commercial use , or for any public presentation (business or non-business);
3. attempt to decompile or rebuild any product or material contained on Harris Plus Health's site;
4. remove any copyright or other restrictive documentations from the materials; or
5. transfer the materials to someone else or even "mirror" the materials on other server.
2. This permit might consequently be terminated if you disregard any of these confinements and may be ended by Harris Plus Health whenever deemed. After permit termination or when your viewing permit is terminated, you must destroy any downloaded materials in your ownership whether in electronic or printed form.
The materials on Harris Plus Health's site are given "as is". Harris Plus Health makes no guarantees, communicated or suggested, and thus renounces and nullifies every single other warranties, including without impediment, inferred guarantees or states of merchantability, fitness for a specific reason, or non-encroachment of licensed property or other infringement of rights. Further, Harris Plus Health does not warrant or make any representations concerning the precision, likely results, or unwavering quality of the utilization of the materials on its Internet site or generally identifying with such materials or on any destinations connected to this website.
In no occasion should Harris Plus Health or its suppliers subject for any harms (counting, without constraint, harms for loss of information or benefit, or because of business interference,) emerging out of the utilization or powerlessness to utilize the materials on Harris Plus Health's Internet webpage, regardless of the possibility that Harris Plus Health or a Harris Plus Health approved agent has been told orally or in written of the likelihood of such harm. Since a few purviews don't permit constraints on inferred guarantees, or impediments of obligation for weighty or coincidental harms, these confinements may not make a difference to you.
5. Amendments and Errata
The materials showing up on Harris Plus Health's site could incorporate typographical, or photographic mistakes. Harris Plus Health does not warrant that any of the materials on its site are exact, finished, or current. Harris Plus Health may roll out improvements to the materials contained on its site whenever without notification. Harris Plus Health does not, then again, make any dedication to update the materials.
Harris Plus Health has not checked on the majority of the websites or links connected to its website and is not in charge of the substance of any such connected webpage. The incorporation of any connection does not infer support by Harris Plus Health of the site. Utilization of any such connected site is at the user's own risk.
Harris Plus Health may update these terms of utilization for its website whenever without notification. By utilizing this site you are consenting to be bound by the then current form of these Terms and Conditions of Use.
8. Governing Law
Any case identifying with Harris Plus Health's site should be administered by the laws of the country of United Kingdom Harris Plus Health State without respect to its contention of law provisions.
Before or at the time of collecting personal information, we will identify the purposes for which information is being collected.
We will gather and utilization of individual data singularly with the target of satisfying those reasons indicated by us and for other good purposes, unless we get the assent of the individual concerned or as required by law.
We will just hold individual data the length of essential for the satisfaction of those preasons.
We will gather individual data by legal and reasonable means and, where fitting, with the information or assent of the individual concerned.
Personal information ought to be important to the reasons for which it is to be utilized, and, to the degree essential for those reasons, ought to be exact, finished, and updated.
We will protect individual data by security shields against misfortune or burglary, and also unapproved access, divulgence, duplicating, use or alteration.
We will promptly provide customers with access to our policies and procedures for the administration of individual data.
We are focused on leading our business as per these standards with a specific end goal to guarantee that the privacy of individual data is secure and maintained.
1.1 We are committed to safeguarding the privacy of our website visitors and service users.
1.2 This policy applies where we are acting as a data controller with respect to the personal data of our website visitors and service users; in other words, where we determine the purposes and means of the processing of that personal data.
1.4 In this policy, "we", "us" and "our" refer to Harris Plus Health.[ For more information about us, see Section 13.]
2.1 This document was created using a template from SEQ Legal (https://seqlegal.com).
How we use your personal data
3.1 In this Section 3 we have set out:
(a) the general categories of personal data that we may process;
(b) [in the case of personal data that we did not obtain directly from you, the source and specific categories of that data];
(c) the purposes for which we may process personal data; and
(d) the legal bases of the processing.
3.2 We may process [data about your use of our website and services] ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is google analytics. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services].
3.3 We may process your account data ("account data").The account data may include your name and email address. The source of the account data is you or your employer. The account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
3.4 We may process information contained in any enquiry you submit to us regarding goods and/or services ("enquiry data"). The enquiry data may be processed [for the purposes of offering, marketing and selling relevant goods and/or services to you]. The legal basis for this processing is consent.
3.5 We may process information relating to our customer relationships, including customer contact information ("customer relationship data").The customer relationship data may include your name, your employer, your job title or role, your contact details, and information contained in communications between us and you or your employer. The source of the customer relationship data is you or your employer. The customer relationship data may be processed for the purposes of managing our relationships with customers, communicating with customers, keeping records of those communications and promoting our products and services to customers. The legal basis for this processing is our legitimate interests, namely the proper management of our customer relationships.
3.6 We may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website ("transaction data"). The transaction data may include your contact details, your card details and the transaction details. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely the proper administration of our website and business.
3.7 We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters ("notification data"). The notification data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.
3.8 We may process information contained in or relating to any communication that you send to us ("correspondence data"). The correspondence data may include the communication content and metadata associated with the communication.[Our website will generate the metadata associated with communications made using the website contact forms. The correspondence data may be processed for the purposes of communicating with you and record-keeping. The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business and communications with users.
3.9 We may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
3.10 We may process any of your personal data identified in this policy where necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, or obtaining professional advice. The legal basis for this processing is our legitimate interests, namely the proper protection of our business against risks.
3.11 In addition to the specific purposes for which we may process your personal data set out in this Section 3, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
3.12 Please do not supply any other person's personal data to us, unless we prompt you to do so.
Providing your personal data to others
4.1 We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
4.2 Financial transactions relating to our website and services are handled by our payment services providers, PayPal. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers' privacy policies and practices at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full .
4.3 In addition to the specific disclosures of personal data set out in this Section 4, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
International transfers of your personal data
5.1 In this Section 5, we provide information about the circumstances in which your personal data may be transferred to [countries outside the European Economic Area (EEA)]
5.2 You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
Retaining and deleting personal data
6.1 This Section 6 sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.
6.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6.3 Notwithstanding the other provisions of this Section 6, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
7.1 We may update this policy from time to time by publishing a new version on our website.
7.2 You should check this page occasionally to ensure you are happy with any changes to this policy.
7.3 We [may] notify you of significant changes to this policy by email.
8.1 In this Section 8, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
8.2 Your principal rights under data protection law are:
(a) the right to access;
(b) the right to rectification;
(c) the right to erasure;
(d) the right to restrict processing;
(e) the right to object to processing;
(f) the right to data portability;
(g) the right to complain to a supervisory authority; and
(h) the right to withdraw consent.
8.3 You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. The information will be made available within one calendar month of the request date.
8.4 You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.
8.5 In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
8.6 In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
8.7 You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
8.8 You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
8.9 You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
8.10 To the extent that the legal basis for our processing of your personal data is:
(a) consent; or
(b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,
and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.
8.11 If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
8.12 To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
8.13 You may exercise any of your rights in relation to your personal data [by written notice to us, in addition to the other methods specified in this Section 8.
9.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.
9.2 Cookies may be either "persistent" cookies or "session" cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
9.3 Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Cookies that we use
Cookies used by our service providers
12.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:
(a) https://support.google.com/chrome/answer/95647?hl=en (Chrome);
(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);
(c) http://www.opera.com/help/tutorials/security/cookies/ (Opera);
(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);
(e) https://support.apple.com/kb/PH21411 (Safari); and
(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).
12.2 Blocking all cookies will have a negative impact upon the usability of many websites.
12.3 If you block cookies, you will not be able to use all the features on our website.
13.1 This website is owned and operated by Harris Plus Health.
13.2 We are registered in [England and Wales] as a Ltd. Company. Registered office address: International House, 142 Cromwell Road, London, United Kingdom, SW7 4EF
13.3 Our principal areas of business is Chippenham.
13.4 You can contact us:
(a) by post, to the postal address given above;
(b) using our website contact form;
(c) by telephone, on the contact number published on our website from time to time; or
(d) by email, using the email address published on our website from time to time.
Social Media and Third Party Provider Privacy Policies
14.1 We use a number of third party providers to supply us with vital services. This includes social media websites such as Facebook and Meetup that hold details of events and courses we run, as well as sites like Instagram and Pinterest where we host photos and context. We use Mailchimp for our mailing lists and Paypal for payments through our website. For donations we use Local Giving and Charity Checkout. In the course of following us, you may be using one of these services and this will be abundantly clear when you do so. In most cases you will have your own account with them in order to use their service and we have provided links to their privacy policies for your convenience.
Dropbox We use Dropbox and Google Drive (&gMail etc) for the secure storage & backup of email, documents, and media. You can find their policies linked below. Where sensitive data is collected as a result of a therapeutic relationship this information is not stored on these servers but on bac-pac.co.uk - A SECURE therapist client management server:
Local Giving and Charity Checkout. These are services that help us collect Gift Aid for donations, as well as manage monthly donations. You can read the Local Giving policy here : https://localgiving.org/privacy-policy and the Charity checkout policy here : https://www.charitycheckout.co.uk/privacy/
Please note, we do not run the sites these links go to and it is possible that they will update their policies to a new page at some point. In the event a link breaks, you will still be able to find it on their site but please let us know so we can amend our link to it as well.
Data Protection Policy May 2018 Introduction
Harris Plus Health (Harris Plus Health) (including its directors, employees, volunteers, advisors and self-employed contractors) will to the best of its ability adhere to the data protection principles of the Data Protection Act (DPA) which comes into force on 25 May 2018, which are:
1. Personal data shall be processed fairly and lawfully.
2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4. Personal data shall be accurate and, where necessary, kept up to date.
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Use of personal data
The records we use that contain personal data are hosted by the following DPA compliant software providers:
Email Mailing List provider ‘Mailchimp’;
Email communications provider ‘Google – Gmail’;
Document storage provider ‘DropBox’, ‘Google Drive’;
Merchant account provider ‘Paypal’;
Bank account provider ‘The Co-operative Bank plc’.
These records are used solely for the purposes of administering course attendance and supporting continued engagement by individuals with the work of Harris Plus Health. The personal data typically includes name, address, email address, payment card details (not accessible to Harris Plus Health employees or volunteers), emails sent to individuals via Mailchimp or Gmail, courses attended and other engagement with the work of Harris Plus Health (eg. being a member of the centre, on the Mailchimp email list, on a contact list for an ongoing course etc.) for the purposes of administering attendance on Harris Plus Health courses and supporting continued engagement with the work of the Harris Plus Health.
Individual emails to and from the @Harris Plus Healthales.org email addresses are hosted by our DPA compliant email provider Gmail, for the purposes of administering attendance on Harris Plus Health courses and supporting continued engagement with the work of the Harris Plus Health, and will be reviewed and if no longer needed for these purposes will be deleted after a period of 3 years.
Personal data will be shared only with Harris Plus Health employees and self-employed Harris Plus Health tutors (also subject to the DPA) delivering the courses participated in and only to the extent necessary for administering the attendance of individuals on Harris Plus Health courses and supporting engagement with the work of the Harris Plus Health.
Personal data will not be shared with third parties.
Collection of data
When an individual’s data is initially collected, e.g. via an online booking, printed booking form or by being inputted manually into our records, the individual will be made aware of the use which will be made of their information, by using the ‘Privacy Notice’ below and of this data protection policy.
The data you provide to Harris Plus Health (Harris Plus Health) will be stored securely and will be used for the purposes of administering your attendance on Harris Plus Health courses or therapeutic services and supporting your continued engagement with the work of Harris Plus Health in accordance with our data protection policy, which can be downloaded from Harris Plus Health’s website and is in accordance with the UK Data Protection Act. To support your engagement with us we will contact you from time to time via email with guidance to support you. This relates to your ongoing Mindfulness practice, including details of upcoming courses, which may be of interest to you. You can opt out of receiving emails from Harris Plus Health, at any time, by clicking the ‘Unsubscribe’ link at the bottom of our emails or by contacting email@example.com. You can also change the types of emails that you receive, using the form at or again, by emailing firstname.lastname@example.org if you need assistance.
Deletion of data
At any time you can request that your records on be deleted by contacting email@example.com
Records we keep will be deleted, where an individual has opted out of email communication and has not done any prerequisite courses with Harris Plus Health.
Paper or electronic copies of documents held by Harris Plus Health and which contain personal information will be destroyed or deleted when a course ends.
Emails to and from Harris Plus Health course participants or other individuals making enquiries to Harris Plus Health will be reviewed after a period of 3 years and if no longer necessary for the purposes will be deleted.
Paper records will be destroyed by shredding on-site or burning.
Right to a copy of information held
On request an individual will be provided with a copy of the information comprising their personal data and held by Harris Plus Health, within 40 days of the request. All such requests should be sent via email to
Personal data (non-therapeuitc) is hosted by the following data processors, who are compliant with the new Data Protection Act:
ﾷ Email Mailing List provider ‘Mailchimp’; (accessible by staff and volunteers)
ﾷ Email communications provider ‘Google – Gmail’; (accessible by staff and volunteers)
ﾷ Document storage providers ‘DropBox’ & ‘Google Drive’; (accessible by staff and volunteers)
ﾷ Merchant account provider ‘Paypal’; (accessible by Byron Harris)
ﾷ Bank Account Holder: Byron Harris
For the purposes of the above, staff and volunteers will include authorised IT contractors performing maintenance, upgrades or repairs.
The data security arrangements of these providers have been reviewed to ensure that they meet the requirements of the Data Protection Act.
The Harris Plus Health Directors and authorised IT support contractors will review information security on an annual basis and review this with all Harris Plus Health employees on or around 25 May each year.
No personal data will be passed to an individual who is not the individual concerned. Personal data passed on to the individual concerned will be sent only to the contact email address provided by them.
On receiving or making a phone call Harris Plus Health employees will establish the identity of the caller before disclosing or amending any of their personal data, asking for their postcode and details of the most recent course they attended.
Most Harris Plus Health employees, volunteers and authorised IT support contractors work from our premises and some will work from home. Whether in our office or at home, all employees, volunteers and IT contractors will ensure that all computers used for processing personal data are password protected, that the password is changed every six months and that home computers are securely stored when not in use. Computers will be screen locked or logged out of when employees are away from their desks. Desks will be cleared at the end of each day and any personal information or other sensitive information securely stored in a locked cabinet. Computer screens should be positioned facing away from windows.
The passwords to the membership site are stored on our WordPress/WooCommerce site and are encrypted and so cannot be seen by those authorised to access WordPress/WooCommerce. In the event of a password issue, the Administrator would reset the password and the user can choose a new one for themselves. Passwords will not be confirmed by email or over the phone, except in the instance we are issuing a new temporary password, which should be immediately changed. When changing their passwords individuals should be aware that while their password is encrypted it is still advisable that they use a unique password, not used for another purpose.
Care will be taken to prevent virus attacks by ensuring computers have virus protection software and undergo regular software updates and care should be taken when opening email attachments and when visiting new websites.
Copyright (c) Harris Plus Health Ltd. 2018
Phone: 01225 374 214 /
Phone 2: 07891 509464
We have put together the most frequently asked questions about our counselling approach for you. Check out our FAQs.