PRIVACY POLICY
Introduction
Welcome to Leva Counselling. We are committed to safeguarding your privacy and ensuring that your personal data is handled responsibly. This policy outlines the types of personal information we collect, how it is used, and the measures we take to protect your data.
​
Who We Are
Leva Counselling operates from Baldersgate 11B, Norway. For any privacy-related inquiries, you can contact us via:
-
Email: info@levacounselling.com or malin@levacounselling.com
-
Telephone: +47 92 27 77 53
Personal Data We Collect and Why We Collect It
We collect the following types of personal information to provide our services:
​
-
Names and Contact Details: For communication and service updates.
-
Addresses: For invoicing and service provision.
-
Date of Birth: For identification and service eligibility.
-
Purchase or Account History: To manage client accounts and services.
-
Payment Details (including card or bank information for transfers and direct debits): To process payments.
-
Health and Safety Information: To ensure the safety of clients and practitioners.
-
Account Information: To provide access to relevant tools and services.
-
Website User Information (including user journeys and cookie tracking): To improve user experience and support marketing efforts.
-
Records of Meetings and Decisions: To document therapeutic progress and agreements.
-
Information Relating to Compliments or Complaints: For resolving disputes and handling feedback.
-
Health Information: Including dietary requirements, allergies, and therapy-related information to deliver appropriate services.
-
Special Category Data: Such as racial or ethnic origin, political opinions, religious or philosophical beliefs, sex life, sexual orientation, genetic information, and trade union membership (where relevant to therapy).
​
In specific therapy scenarios, video recordings or survey information may also be collected with client consent (e.g., for exposure therapy as part of achieving therapy goals).
​
How We Use Your Data
Your information is used to:
-
Provide counselling and therapeutic services.
-
Ensure the safety of clients and others (as required by law and ethical obligations).
-
Send service updates and marketing communications (with consent).
-
Fulfil legal obligations, including safeguarding and reporting.
-
Maintain records for research or archiving purposes.
-
Manage customer accounts and guarantee services.
Lawful Bases for Processing
We process your personal data based on:
​
-
Consent: You have given clear permission for us to process your personal data for specific purposes, such as marketing or video recordings for therapy.
-
Contract: Processing is necessary to fulfil the terms of a service provider contract signed before commencing therapy.
-
Legal Obligation: We are required to process your data to comply with laws, such as safeguarding obligations.
Data Security
We are committed to ensuring that your personal data is secure. To achieve this, we have implemented a range of robust security measures to protect your information from unauthorised access, alteration, disclosure, or destruction.
These include:
-
Multi-Factor Authentication (MFA): Access to systems and data is protected by MFA, ensuring that only authorised personnel can log in.
-
Encryption: All sensitive data is encrypted both in transit and at rest to safeguard it from interception or unauthorised access.
-
Strict Access Controls: Access to personal data is granted on a need-to-know basis and is restricted to authorised personnel only. This ensures that your information is handled only by individuals who require it for legitimate purposes.
-
Secure Cloud Platforms: Personal data stored on cloud platforms is protected by strong security measures, including password protection, data redundancy, and secure backup procedures.
-
Regular Monitoring and Updates: We regularly monitor our systems for vulnerabilities and apply security updates to ensure our protections remain effective.
​
These measures are in place to maintain the confidentiality, integrity, and availability of your personal data.
Sources of Personal Data
We collect personal data from:
-
Individuals directly (e.g., through consent forms, online forms, and therapy sessions).
-
Health care providers (with client consent).
-
Video recordings (if part of the therapy and with explicit consent).
Sub-Processors and Third Parties
We use the following systems to manage personal data:
-
Wix Inbox: For managing online contact enquiries.
-
Zoom: For conducting therapy sessions (not recorded).
-
Mailchimp: For managing monthly newsletters.
-
Fiken: For accountancy and financial management.
-
Stripe and Deel: For processing payments.
-
Compass: A confidential database with two-factor password protection.
-
Google: For Gmail and calendar services.
-
OneDrive: For storing word processing files and worksheets.
​
We may share personal data with:
-
Health Care Providers: When necessary for client wellbeing and with consent.
-
Insurance Companies
-
Regulatory Authorities
-
Professional or Legal Advisors
-
Organisations for Safeguarding Reasons
-
Emergency Services: In cases where necessary
​
Data Retention
We will retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including to comply with legal, ethical, and reporting requirements. Once the data is no longer required for these purposes, it will be securely deleted or anonymised.
International Data Transfers
Leva Counselling is based in Norway, and some personal data may be stored or processed on cloud platforms with servers located outside of Norway or the European Economic Area (EEA). To ensure that your personal data remains secure and protected, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission. These clauses provide safeguards for international data transfers and ensure that your data is handled in compliance with GDPR requirements.
We regularly assess the data protection measures of our service providers to confirm they meet the necessary legal standards. If you have any questions about how your personal data is transferred internationally, please contact us at info@levacounselling.com.
​
Your Rights
Under GDPR, you have the right to access, correct, delete, or restrict the processing of your personal data. If you wish to exercise these rights, please contact us at info@levacounselling.com.
How to Complain to the Data Protection Authority
If you have concerns about our data handling practices, you have the right to complain to the Norwegian Data Protection Authority (Datatilsynet). You can contact them online at www.datatilsynet.no.
We encourage you to contact us first to address your concerns directly.
Contacting Us
If you have any questions about this privacy policy or our treatment of your personal data, please contact us at info@levacounselling.com.
Changes to This Policy
We may update this privacy policy from time to time. Any significant changes will be communicated via email or by posting the updated policy on our website.
Effective Date
This privacy policy is effective as of November 2024.