Privacy Statement

Any personal data provided by you to The Harbour through any means (verbal, written, in electronic form, or by your use of our website) will be held and processed in accordance with the data protection principles set out in the Data Protection Act 2018 and the General Data Protection Regulation for the purposes for which you have given consent, to provide the services you have requested from us, and to meet the legitimate interests of the charity.  

Introduction 

The Harbour (the ‘data controller,’ referred to below as “us” or “we”) is committed to protecting your privacy. Please read the following in order to learn more about our privacy policy and our information collection and use practices. 

This policy only applies to data collected by our staff, and via our own forms and website. Third party agents, and websites which are linked to ours, are not covered by this policy. If you have any queries concerning your personal information or any questions on our use of the information, please contact the Chief Executive Office via info@the-harbour.org.uk. 

When you request counselling with The Harbour, or become an employee, volunteer, or trainee therapist with The Harbour, or otherwise provide your personal details to us, you will be asked to consent to our processing of your data under the terms of this policy. 

What information do we collect? 

Requests for counselling services (“self-referrals”)  

Requesting access to our services can be done online, on paper or in person over the telephone. As part of this process, you must provide us with your name, address, telephone numbers, email address, date of birth, and name of your GP and GP surgery. We will also request information on your availability, your reasons for requesting our services, and other details which we deem relevant to processing your request. 

Assessment Appointments  

Before your assessment we will ask you to complete a Client Information Form, which gathers more information about you (e.g. Emergency contacts, your state of mind and what you hope to get out of counselling at The Harbour). We also ask you to complete an Equalities Monitoring Form to help us understand more about who accesses our service. At the assessment appointment we ask about your current personal, social, and medical circumstances.  We may also ask about your background and family history, as well as the issues which are affecting you now. We require this information so that we can decide about our offer of counselling to you, to assign you to a counsellor, and to manage the service we provide to you. 

Donors 

The information you give us when making a donation may include your name, postal address, email address, phone number, amount donated, Gift Aid status, and messages. 

Web Systems 

We collect anonymous data relating to how people use our website and ‘web traffic’ statistics using ‘cookies.’ These are used to enhance your browsing experience, gather anonymous data on website usage, and improve our services. Cookies are small text files stored on your device when you visit our website. Some cookies are essential for the website to function, while others (non-essential cookies) help us analyse how visitors use our site. In accordance with the UK’s Privacy and Electronic Communications Regulations (PECR), we will only use non-essential cookies if you provide your consent. You can manage or withdraw your cookie preferences at any time by adjusting your browser settings or using the cookie consent tool available on our website. 

We use an online service called Mailchimp to send our newsletter. It handles all data. Mailchimp is part of the EU-US data privacy shield agreement and is fully compliant with the General Data Protection Regulation. 

You can subscribe to the newsletter using the subscription form on our site, and we will transfer email addresses from consenting users from other services. By completing the subscription form (and ticking the privacy policy option), we assume that you are consenting to receive email newsletters from us. 

You can unsubscribe from the newsletter at any time and remove your data completely by following the unsubscribe link in every newsletter or contact us and we will do it for you. 

Other Forms 

The information you give us on our forms (including all enquiry and application forms) may include your name, postal address, email address, phone number and other messages to us. 

What do we use your information for? 

We use information held about you in the following ways: 

  • To provide clients with the professional counselling service requested from us. 
  • To offer suitable counselling appointments, and to allocate clients and counsellors for counselling. 
  • To notify you about changes to your appointments and other changes to our services. 
  • To seek feedback from you on your experience of counselling with us. 
  • To improve our service to ensure that it is provided in the most effective manner for you and for us. 
  • To administer our service, including the arrangement of appointments, the handling of donations, and for financial control, data analysis, research, statistical and survey purposes. 
  • To share information about how you can support us – this may be via post or email. We operate our email marketing on an opt-in basis and you can opt out any time. We use legitimate interest for our postal mailings – if you would like to remove yourself from postal mailings then please let us know by emailing info@the-harbour.org.uk. 
  • To keep in touch with those who consent to this, for the purposes of organisational, service, and professional development. 

What information do we share? 

We will not share any information about you with other organisations or people, except in the following situations: 

  • Consent – We may share your information with professional carers, support workers or others whom you have requested or agreed we should contact. 
  • Serious harm – We may share your information with the relevant authorities if we have reason to believe that this may prevent serious harm being caused to you or another person. When possible, we will discuss this with you first before we do this. 
  • Compliance with law – We may share your information where we are required to by law or by the regulations and other rules to which we are subject. 
  • As part of the backups of encrypted data processed and held by professional IT security companies. 
  • Anonymised feedback you give our service. 

How do we keep your information safe? 

All information you provide to us is stored as securely as possible. All paper forms and correspondence are kept in locked filing cabinets on our premises. All electronic records are stored on our own CiviCRM database, all access to which requires password-protected authentication, or by reputable service providers using secure internet ‘cloud’ technology. 

Unfortunately, the transmission of information via the internet is never completely secure. Although we will do our best to protect your information using industry-standard protocols and encryption, we cannot guarantee the security of your data transmitted to us via email, including forms completed on our website which are transmitted by email; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. 

In the highly unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of the breach, as required by law. If the breach is likely to result in significant harm to you, such as financial loss, identity theft, or a breach of confidentiality, we will also inform you directly without undue delay. The notification will provide clear information on the nature of the breach, the data involved, the potential consequences, and the steps we have taken or will take to address it. We will also provide guidance on any actions you may need to take to protect yourself.  

Retention of records 

Client notes and other documentation relating to clinical work are destroyed 7 years after the end of counselling sessions.  

Gift Aid declarations are destroyed/deleted after 7 years. 

These retention periods are subject to review and could change based on legal, regulatory, or operational requirements. 

Your rights 

You have the right to ask us to provide a copy of the information held by us in our records. You also have the right to require us to correct any inaccuracies in your information. If you would like to do this, please contact the Clinical Lead using the contact details below. 

In the event of a request to view your records, we will invite you to do so at a meeting with the Clinical Lead, or another member of staff from The Harbour.  

Data subject rights under the UK GDPR: 

  • The right to erasure (the right to be forgotten) 
  • The right to data portability 
  • The right to restrict processing 
  • The right to object to processing (particularly for direct marketing) 
  • Rights in relation to automated decision-making and profiling.  

You may withdraw your consent for us to hold and process your data at any time. However, if you do this while actively receiving counselling at The Harbour, your counselling will have to end. You can withdraw your consent by email to info@the-harbour.org.uk, or in writing to: 

The Harbour 

30 Frogmore Street 

Bristol 
BS1 5NA  

Changes to this policy 

We may edit this policy from time to time. If we make any substantial changes, we will notify you by posting a prominent announcement on our website.