Privacy at CBTtherapist.com
We do not share personally identifiable information about site visitors with any third party; nor do we actively collect any personally identifiable information from any user of CBTtherapist.com.
CBTtherapist.com safeguards the privacy of site visitors, plain and simple. CBTtherapist.com and the providers of this site will not normally share individual information about site visitors with any third party (but please see the specific exceptions outlined below), and will not contact site visitors without permission. (The relationship between the site and the company which formally provides it is explained on the page About Us.) This commitment to confidentiality will be restricted or suspended only under direct legal requirement, and then only to the extent necessary to comply with the rule of law.
How We Collect and Use Visitor Information
With the exception of mental health professionals providing personally identifiable information for the purposes of publication within the directory, our site is designed not to collect personally identifiable visitor information of any kind. Therefore, under normal circumstances, we do not have any individual information about you to share.
Our server does automatically log all resource requests, which we use to analyse technical usage data such as visitor numbers and activity across the site. Additional information recorded in standard server logs may include, but is not limited to, device type and web browser, a device’s network connections and a device’s IP address. In addition, we may now or at any time in the future use third-party analytics services which enable us to analyse visitor activity in aggregate; we specifically configure third-party analytics services such as Google Analytics to discard information such as IP addresses.
CBTtherapist.com visitors choosing to provide personal details to this website by writing to us with feedback, suggestions, questions or comments are taken to have given their permission to be contacted in connection with their communication to us. (Note that we may operate automatic reply systems — such as out-of-office notifiers, anti-spam verification systems, and the like — which result in replies automatically being sent in response to certain email messages.) Except in the unlikely event that we are required to do so due to legal requirements, personal details received in this manner will never be shared with any third party without permission.
No personal details will knowingly be accepted from individuals under the age of 13. If you are under the age of 13, please do not write to this site.
We retain personal data in an identifiable format for the least amount of time necessary to fulfill our legal or regulatory obligations and for our business purposes. We may retain personal data for longer periods than required by law if it is in our legitimate business interests and not prohibited by law.
How We Collect and Use Information About Practitioners Who Register With the Site
On the lawful basis of legitimate interest in providing an independent directory of benefit to practitioners, to members of the public, and to ourselves, practitioners who register with the site will be asked to provide details such as their name and practice contact information in order to establish an account. This information will be used in the following ways:
- to publish one or more entries on our site publicising the practitioner’s services,
- to manage and authenticate access to the practitioner’s account,
- to communicate with the practitioner about the account,
- to maintain the connection between the practitioner’s account and the PayPal third-party payment platform,
- to manage and maintain our service, including protecting it from fraud,
- to comply with our obligations and to enforce the terms of our site and services, including to comply with all applicable laws and regulations,
- and for our other legitimate interests, including to enforce the terms of our site and services, and to manage our everyday business needs, including monitoring and analysing activity on our site.
Practitioner PayPal Transactions
How We Collect and Use Information About Practitioners Not Registered With the Site
For our legitimate interests, basic information about practitioners who have not registered with the site may be collated by machine from other publicly available sites which we believe to be authoritative, and published on this site. This will include only information which has already been placed into the public domain and made available to members of the public visiting other sites; it will be deleted upon request from the practitioner.
Sharing With Third Parties
We may share personal information with other parties for our business purposes or as permitted or required by law, including:
- if we need to do so to comply with a law, legal process or regulations;
- if we believe, in our sole discretion, that the disclosure of personal data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity;
- to protect the vital interests of a person;
- with credit agencies and data processors for credit reference checks and anti-fraud and compliance purposes;
- to investigate violations of or enforce a user agreement or other legal terms applicable to our service;
- to protect our property, services and legal rights;
- to facilitate a purchase or sale of all or part of our business;
- to credit reporting and collection agencies;
- to the PayPal payment platform;
- to companies that we plan to merge with or be acquired by; and
- to support our audit, compliance, and corporate governance functions.
In addition, we may provide aggregated statistical data to third parties, including other businesses and members of the public, about how, when, and why users visit our site and use our services. This data will not personally identify individuals or their activity. We do not share personal information with third parties for their marketing purposes.
Our operations are supported by individual servers, cloud-based servers, and other infrastructure and information technology operated by us and by third parties. Where those third parties — including but not limited to Google, which provides our email services — are established in jurisdictions outside the EU, we have reviewed the published data handling policies of those third parties and believe that they offer suitable protection of personal data commensurate with EU law. In particular, Google is certified under the EU-U.S. Privacy Shield framework, which is a legal mechanism to enable the transfer of personal data from the EEA to the US, where certified organisations guarantee to provide a level of protection in line with EU data protection law.
Most web browsers will accept cookies by default, but they can be set to reject cookies, either from all websites or from specific sites. Users can also manually delete cookies directly via the web browser. These options are generally configured through a ‘Privacy’ setting in the browser.
Privacy Choices and Rights
Practitioners are under no obligation whatsoever to provide personal information of any kind to this site, but an account and associated public listing may not be available without the information marked as required on the account registration and/or profile form.
Subject to limitations set out in EU data protection laws, visitors have certain rights in respect of personal data, including a right of access, rectification, restriction, opposition, erasure and data portability. Please contact us if you would like to exercise these rights.
Practitioners with an account can review and edit their information by logging in and updating the information directly. Practitioners with an old machine-collated entry can contact us at any time to have their listing deleted.
Protection of Personal Data
We maintain technical, physical, and administrative security measures designed to provide reasonable protection for personal data against loss, misuse, unauthorised access, disclosure, and alteration. While we are dedicated to securing our systems and services, practitioners are responsible for securing and maintaining the privacy of their password(s) and account/profile registration information and verifying that the personal data we maintain about them is accurate and current.
Data Protection Act
The provider of this site (Mulhauser Consulting, Ltd.) is registered in the United Kingdom as a Data Controller under the Data Protection Act 1998 and is committed to meeting the requirements of the GDPR.
If you are not satisfied by the way in which we address your concerns, you have the right to lodge a complaint with the relevant supervisory authority for data protection in your country.
This article was originally published by Site Editor on .on and last reviewed or updated by