1. Legal and Privacy Statements

1.1 Anna Sternberg Introduction

Privacy matters. Data should only be used when absolutely necessary. This statement includes sections on legislation and law, how data is handled or stored, and who to contact.

1.2 This statement covers the relevant laws relating to data

Please refer to the following portal for GDPR Europe:

https://gdpr-info.eu/

1.3 What data do I collect?

I collect your data by positive opt-in via contact form(s). This can include your name, email and phone number and other details including address if included.

1.4 How do I use personal information?

Information is only used through the course of usual business so I can contact you to provide a service. Your personal information is not used for any other purpose.  I dislike spam as much as anyone, and will never send you inappropriate communications. You may ask me to delete your personal information at any time.

1.5 What legal basis do I have for processing your personal data?

I require your positive consent to receive and process your personal information. I only collect the minimum information to provide the service required and nothing else. You can withdraw and manage your consent for use of your personal information at any time by using the contact information at the bottom of this statement.

1.6 When do I share personal data?

I do not share your personal information with any other company or individual.

1.7 How do I secure personal data?

My computer systems are compliant with all the relevant legislation. I use a reputable UK based hosting company with the appropriate security measures in place. I also have backups of any data stored securely. Access to data is also secure. The website uses encryption through a security certificate (SSL) so no data is transmitted without encryption.

1.8 How long do I keep your data for?

I only keep personal information for the duration of my service to you. I will annually review my policy on keeping your information and delete it if it is no longer relevant.

1.9 Your rights in relation to personal data

You have many rights under GDPR EU law. At any time you can ask us what data I hold, request correction or deletion, or request restrictions on its use. Please use the contact information at the bottom of this statement.

2. Cookies and other Data

2.1 Use of cookies and other technologies

All websites use cookies. These are small pieces of information that pose no security risk. Our website may be connected to Google Analytics which uses cookies to analyse how visitors to our site use it. I include the EU cookies directive (pop up) on my site.

2.2 Using our blog/news section if activated

If the blog/news section of this site is active, then you may be able to comment on posts. This may/may not require you to create an account on the website. To that end, I may collect your basic personal information (name/email/password) so you can participate in discussions. The use of your personal data is restricted to the blog and the website database which is secured at our hosting company. At the present time, this functionality is not switched on.

2.3 Pseudonymisation

At this time GDPR requires pseudonymisation.  Put simply, this means that an identifier (code) is added to sections of personal information which link this information together. The pieces of information are then separated. Without the code, your personal information and identity cannot be linked together.  As stated, I do not at this time collect or store any of your personal information through my websites. Almost all web applications using a Content Management System (CMS), e.g. WordPress (this site), Joomla, Drupal, Wix, Weebly etc do not yet comply with this part of the legislation. For example, as of 2018, there are nearly 500 million WordPress sites on the web and none of them yet meet this requirement. It will take some time for this change to be developed by the application developers. As soon as it is available, then I shall implement it on all my websites.

2.4 Our hosting company is as secure as it can be

For all our websites I use a reputable UK hosting company. The hosting company industry is largely unregulated and many of the largest companies do not use sufficient levels of diligence to prevent hacking or other data breaches. The company I use complies with the Data Protection Act 1998 and has numerous measures to prevent the compromise of websites and data.  My sites are secured in a ‘container’ that includes round the clock protection from hackers using their customised WAF (Web Application Firewall). They also maintain up to date software and have closed the main routes often used by hackers. All traffic to/from my sites use encryption via https: (SSL – security certification).  No website is 100% secure, but at annasternberg.co.uk I endeavour to ensure that everything I do online is as secure as it can be.

2.5 Issue with Data (Breaches)

I will report any data breach relating to this website and any of the associated storage. I will report this breach to the appropriate authorities within 72 hours as is the requirement under the GDPR legislation.

2.6 Contact Information

If you have any questions or concerns with regard to data or this policy, then please contact:

Anna Sternberg
BACP accredited/registered Person-Centred Counsellor & Psychotherapist
t: +44(0)7866 047887
e: anna@annasternberg.co.uk