Universities Psychotherapy and Counselling Association (UPCA) respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our website and tell you about your privacy rights and how the law protects you.
Controller
UPCA is the controller and responsible for your personal data (collectively referred to as “UPCA”, “we”, “us” or “our” in this privacy notice). We have appointed a Data Protection Contact (DPC) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPC using the details set out below.
UPCA is registered as a data controller with the Information Commissioner’s Office (ICO) (ICO registered number Z6434624).
This version was last updated on 9th April 2021. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
DPC Contact Details
Full name of legal entity: Universities Psychotherapy and Counselling Association
Name of Data Protection Contact: Data Protection Manager
Email address: dataprivacyupca@gmail.com
Telephone number: 07928 603663
How we use your information
When someone visits our site, we may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name and last name.
- Contact Data includes email address, telephone number (home and mobile) and postal address.
- Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Usage Data includes information about how you use our website.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
- Managing your membership (renewal/application/lapsed/queries).
- Meeting our obligations such as UKCP audits.
- Keeping you up to date with the features and benefits of UPCA membership.
So we are able to process member applications and renewals we ask for the following information which is used to create a record on our database:
- Full Name
- Home address (this is kept confidential and is for internal use only)
- Work address (Used for the ‘Find a Therapist’ tool – Applies to full clinical members only)
- Telephone number
- Email address
- Membership number (For renewals only)
- Course details (For Student Members and Clinical Applications only)
- Declaration of any complaints made against the member
- Indemnity Insurance information
- Samples of applications for UPCA membership and renewals of membership
- Samples of members Annual CPD audit submissions
We will keep records of members qualifications and copies of their application/renewal forms and any complaints against members for the duration of your UPCA membership. Lapsed members’ records will be kept for xxx years in case ex-members wish to re-join.
We will not pass on your information to a third party to use in their own direct marketing without your consent.
- Should also be done if data is no longer being relevant to original purposes for processing.
Right to data portability
- Right for data to be used by another organisation at the data subject’s request.
- We must provide the personal data in a structured, commonly used and machine-readable format.
Right to object
- We will inform individuals of their right to object “at the point of first communication” and present it separately from other information on rights clearly laid out in your privacy information.
- Individuals have the right to object to any processing (including profiling) undertaken for the purposes of direct marketing.
How is your personal data collected?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity and Contact Data by filling in our Application/Renewal Forms or details completed in Members Area.
- Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see below on how we use our cookies.
- Third parties or publicly available sources. We may receive Technical Data about you from third parties as set out below:
- Analytics providers [such as Google Analytics based outside the EU].
We use WordPress as the content management system for our website – find out about WordPress and data protection.
We use Mailchimp as the email marketing platform for member renewal notices and updates on events or announcements – find out about Mailchimp and data protection. You can ask us to stop sending non-service emails to you (i.e. those that are about events and announcements) by emailing contactupca@gmail.com You can also unsubscribe from receiving these types of email by clicking on the unsubscribe option at the bottom of these emails.
UPCA offers the following services to its members and the public, including:
- Find a therapist function – search via the website
- Members area of the website
- Member surveys
- Event booking
Most of the services we provide are hosted by UPCA. However on some occasions surveys or bookings may be hosted with third parties such as EventBrite or Survey Monkey.
What the information is used for
We collect this information to provide our services and to ensure to continue to meet our members’ needs.
We will not pass on your information to a third party to use in their own direct marketing without your consent.
Use of cookies by UPCA
Personal data audit
UPCA will audit and endeavour to regularly re-audit to ensure that:
- Only personal data needed is recorded and held.
- Personal data held is accurate and not held for longer than required.
- Personal data is stored, moved and accessed securely with access limited to authorised staff.
- We have consent for data collection, storage and processing.
Legal basis for processing personal data
The lawful basis for our processing of data is consent “the individual has given clear consent for you to process their personal data for a specific purpose”.
Consent requires us to:
- Keep consent requests prominent and separate from other terms and conditions.
- Use clear, plain language that is easy to understand.
- Specify why we want the data and what we’re going to do with it.
- We give separate distinct (‘granular’) options to consent separately to different
- purposes and types of processing.
- Specify UPCA and any specific third-party organisations who will rely on this consent.
- Keep records of what an individual has consented to, including what you told them, and when and how they consented.
- Tell individuals they can withdraw consent at any time and how to do this.
- Avoid making consent a precondition of a service.
- Note data cannot be transferred outside the EU without explicit consent.
Recognising rights and subsequent requests
Right to be informed
- Individuals have the right to be informed about the collection and use of their personal data.
Right to Access
- Data subjects can seek confirmation on whether or not personal data concerning them is being processed, where and for what purpose.
- On request a copy of the personal data, free of charge, in an electronic format.
Right to rectification
- Members can ask for inaccuracies to be corrected and they can object to how their personal data is being handled.
Right to erasure
- Members can request we erase their personal data, which includes ceasing further dissemination of the data.
- Should also be done if data is no longer being relevant to original purposes for processing.
Right to data portability
- Right for data to be used by another organisation at the data subject’s request.
- We must provide the personal data in a structured, commonly used and machine-readable format.
Right to object
- We will inform individuals of their right to object “at the point of first communication” and present it separately from other information on rights clearly laid out in your privacy information.
- Individuals have the right to object to any processing (including profiling) undertaken for the purposes of direct marketing.