Privacy Policy

Universities Psychotherapy and Counselling Association (UPCA) respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our website and tell you about your privacy rights and how the law protects you.

Controller

UPCA is the controller and responsible for your personal data (collectively referred to as “UPCA”, “we”, “us” or “our” in this privacy notice). We have appointed a Data Protection Contact (DPC) who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the DPC using the details set out below.

UPCA is registered as a data controller with the Information Commissioner’s Office (ICO) (ICO registered number Z6434624).

This version was last updated on 9th April 2021. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

DPC Contact Details

Full name of legal entity: Universities Psychotherapy and Counselling Association

Name of Data Protection Contact: Data Protection Manager

Email address: dataprivacyupca@gmail.com

Telephone number: 07928 603663

How we use your information

When someone visits our site, we may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Identity Data includes first name and last name.
Contact Data includes email address, telephone number (home and mobile) and postal address.
Technical Data includes internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Usage Data includes information about how you use our website.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

When we receive a call or email from or about a UPCA member, we may record the details of the call or content of the email in the secure member’s database record, to allow us to accurately provide and renew your membership. Your emails will be stored in accordance with the UPCA data retention policy.

We send messages by post, telephone, text, email or other digital methods for the purposes of:

Managing your membership (renewal/application/lapsed/queries).
Meeting our obligations such as UKCP audits.
Keeping you up to date with the features and benefits of UPCA membership.

So we are able to process member applications and renewals we ask for the following information which is used to create a record on our database:

Full Name
Home address (this is kept confidential and is for internal use only)
Work address (Used for the ‘Find a Therapist’ tool – Applies to full clinical members only)
Telephone number
Email address
Membership number (For renewals only)
Course details (For Student Members and Clinical Applications only)
Declaration of any complaints made against the member
Indemnity Insurance information

As part of the membership process we send out annual membership renewal notices via email.

We may also be contacted by UKCP to confirm whether you are still a member of UPCA and if the contact details we have for you are still correct.

From time-to-time UKCP may require UPCA as an Organisational Member to audit members to ensure we are meeting the agreed standards. In this instance we are required to provide the following information to UKCP:

Samples of applications for UPCA membership and renewals of membership
Samples of members Annual CPD audit submissions

We will keep records of members qualifications and copies of their application/renewal forms and any complaints against members for the duration of your UPCA membership. Lapsed members’ records will be kept for xxx years in case ex-members wish to re-join.

We will not pass on your information to a third party to use in their own direct marketing without your consent.

Should also be done if data is no longer being relevant to original purposes for processing.

Right to data portability

Right for data to be used by another organisation at the data subject’s request.
We must provide the personal data in a structured, commonly used and machine-readable format.

Right to object

We will inform individuals of their right to object “at the point of first communication” and present it separately from other information on rights clearly laid out in your privacy information.
Individuals have the right to object to any processing (including profiling) undertaken for the purposes of direct marketing.

How is your personal data collected?

We use different methods to collect data from and about you including through:

Direct interactions. You may give us your Identity and Contact Data by filling in our Application/Renewal Forms or details completed in Members Area.
Automated technologies or interactions. As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. Please see below on how we use our cookies.
Third parties or publicly available sources. We may receive Technical Data about you from third parties as set out below:
Analytics providers [such as Google Analytics based outside the EU].

We use WordPress as the content management system for our website – find out about WordPress and data protection.

We use Mailchimp as the email marketing platform for member renewal notices and updates on events or announcements – find out about Mailchimp and data protection. You can ask us to stop sending non-service emails to you (i.e. those that are about events and announcements) by emailing contactupca@gmail.com You can also unsubscribe from receiving these types of email by clicking on the unsubscribe option at the bottom of these emails.

UPCA offers the following services to its members and the public, including:

Find a therapist function – search via the website
Members area of the website
Member surveys
Event booking

Most of the services we provide are hosted by UPCA. However on some occasions surveys or bookings may be hosted with third parties such as EventBrite or Survey Monkey.

What the information is used for

We collect this information to provide our services and to ensure to continue to meet our members’ needs.

We will not pass on your information to a third party to use in their own direct marketing without your consent.

Use of cookies by UPCA

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual.

Like many sites, we use cookies to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, this may prevent you from taking full advantage of the website.

Personal data audit

UPCA will audit and endeavour to regularly re-audit to ensure that:

Only personal data needed is recorded and held.
Personal data held is accurate and not held for longer than required.
Personal data is stored, moved and accessed securely with access limited to authorised staff.
We have consent for data collection, storage and processing.

Legal basis for processing personal data

The lawful basis for our processing of data is consent “the individual has given clear consent for you to process their personal data for a specific purpose”.

Consent requires us to:

Keep consent requests prominent and separate from other terms and conditions.
Use clear, plain language that is easy to understand.
Specify why we want the data and what we’re going to do with it.
We give separate distinct (‘granular’) options to consent separately to different
purposes and types of processing.
Specify UPCA and any specific third-party organisations who will rely on this consent.
Keep records of what an individual has consented to, including what you told them, and when and how they consented.
Tell individuals they can withdraw consent at any time and how to do this.
Avoid making consent a precondition of a service.
Note data cannot be transferred outside the EU without explicit consent.

Recognising rights and subsequent requests

Right to be informed

Individuals have the right to be informed about the collection and use of their personal data.

Right to Access

Data subjects can seek confirmation on whether or not personal data concerning them is being processed, where and for what purpose.
On request a copy of the personal data, free of charge, in an electronic format.

Right to rectification

Members can ask for inaccuracies to be corrected and they can object to how their personal data is being handled.

Right to erasure

Members can request we erase their personal data, which includes ceasing further dissemination of the data.
Should also be done if data is no longer being relevant to original purposes for processing.

Right to data portability

Right for data to be used by another organisation at the data subject’s request.
We must provide the personal data in a structured, commonly used and machine-readable format.

Right to object

We will inform individuals of their right to object “at the point of first communication” and present it separately from other information on rights clearly laid out in your privacy information.
Individuals have the right to object to any processing (including profiling) undertaken for the purposes of direct marketing.