Privacy

Student Counselling Privacy Statements

The client-counsellor relationship is confidential. This means that what you say to your counsellor is not disclosed to anyone outside the Counselling Service’s team of counsellors (the “Clinical Team”). There are exceptions to this, including:  

  1. If the counsellor is concerned about the risk of harm to you or a third party. In these circumstances your counsellor will make every effort to discuss this with you and involve you in the disclosure process.   
  1. The SCS staff are mandated reporters under The Children First Act 2015.  Information regarding past or current abuse of children (aged under 18) given to the SCS must be reported to the Irish Child and Family Agency (TUSLA) if there is a reasonable suspicion that there is a child (aged under 18) at risk at the time of reporting. 
  1. Case notes may be subpoenaed by court order.  

If you do not want your confidential information to be accessible to a particular member of the clinical team (e.g., if you know them personally), please let a staff member know so that we can restrict this access. 

Introduction

This is a statement of the practices of the Trinity College Dublin Student Counselling Service (“the Service”) in connection with the processing of personal data for the purposes of the Service and the steps taken by Trinity College Dublin (“Trinity College” / “the University”) as a data controller to safeguard individuals’ rights under data protection legislation, specifically the EU General Data Protection Regulation (“GDPR”) and Data Protection Acts 1988-2018.

Trinity College fully respects your right to privacy and actively seeks to preserve the privacy rights of data subjects who share personal data with the University. Any personal information which you volunteer to the Service will be treated with the highest standards of security and confidentiality, in accordance with data protection legislation.

    This privacy statement explains the following
  • How the Service processes your personal data.
  • The purpose and legal basis for processing your personal data.
  • How we store and secure personal data.
  • Details of third parties with whom we share personal data.
  • Your rights under data protection legislation.

Definitions

Personal data

Any information relating to an identified or identifiable natural person (‘data subject’).

Special Categories of Personal Data (Sensitive personal data)

  • Data concerning health
  • Personal data revealing racial origin, ethnic origin, political opinions, religious beliefs, philosophical beliefs, trade-union membership
  • The processing of genetic data for the purpose of uniquely identifying a natural person
  • The processing of biometric data for the purpose of uniquely identifying a natural person
  • Data concerning a natural person's sex life or sexual orientation

Processing

Any operation or set of operations performed on personal data. Processing includes storing, collecting, retrieving, using, combining, erasing and destroying personal data, and can involve automated or manual operations.

Data subject

Someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data controller

An organisation, such as Trinity College, which determines the purposes and means of the processing of personal data.

Data processor

A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, traditionally under contract. This does not include Service staff who are processing personal data on behalf of the University as part of their employment duties.

How We Process Your Personal Data

The personal data we collect from you will only be processed by the Service for the specific and lawful purposes as outlined in this privacy statement.

Personal data is processed in the following way:

Electronic data

  • When you contact the Service to schedule an appointment we access your personal data from the SITS student administration system (“SITS”).
  • For email communication and general administration we use Microsoft Office 365.
  • To keep records of counselling sessions we use Titanium Schedule software.
  • For videoconferencing we use Microsoft Teams, Zoom, Google Meet and BB Collaborate Ultra .
  • For client feedback and group intakes we use Survey Monkey.
  • For volunteer applications S2S uses Google Forms.
  • For volunteer reimbursement and reference requests, S2S uses Wrike.

Paper-based data

  • Legacy counsellor notes and client case files. These are retained for a defined period of time after you have concluded your sessions with the Service.
  • Workshop feedback forms until input to Survey Monkey
  • Copies of hand-written references are retained for a defined period of time after the initial request was made.
  • Notes taken at S2S volunteer interviews are retained for a defined period in order to respond effectively to requests for feedback.

Purpose and legal basis for processing personal data

Counselling records are maintained for the purposes of aiding in the monitoring of a client's progress. Records are especially important when there are significant periods of time between counselling contacts or when the client seeks services from another professional or service. Appropriate records can also help to protect both client and counsellor(s). Precise record keeping can help provide clarity in the event of legal or ethical proceedings. For the purposes stated above confidential electronic and paper-based notes of counselling sessions and consultations with clients will be recorded.

Any personal data you provide when engaging with the Service will be processed fairly and lawfully in accordance with data protection legislation.

  • Under Article 6 GDPR your personal data will be processed on the legal basis of consent.
  • Under Article 9 GDPR your sensitive personal data will be processed on the exemption of explicit consent provided.

When registering with the Service you will be asked to complete the following forms and provide your consent to processing:

  • Registration forms to be completed before first appointment and at the start of each academic year.
  • Wellbeing questionnaire as required.

Under GDPR, consent can only be valid if it is a clear, specific, freely given and unambiguous indication of the data subject’s wishes. Unless valid consent is obtained the Service will not be permitted to process your personal data.

Details of third parties with whom we share personal data

The Service will only share your data with third parties (internal and external) where necessary for the purposes of processing outlined in this privacy statement. This will only be done with your express consent.

The following table details the third parties with whom your personal data is shared together with the purposes for the sharing:

Titanium To store client & peer support data, to run statistics & reports, send reminder texts and emails
Microsoft - Office 365 Email correspondence, spreadsheets & reports, mentor & mentee data
Silvercloud Online cbt based therapy programme for students wellbeing
Medical Institutions Recording of counselling sessions when required
Survey Monkey Evaluation of service
Google Volunteer Activity – Quality Assurance, references
Maestro To provide students who attend Marino College, counselling services on TCD campus
Zoom 1:1 Video counselling, group counselling and induction
BB Collaborative Ultra Video Conferencing and 1:1 consultations
Wrike To process reimbursement and reference requests from S2S volunteers efficiently

How we securely store personal data

Any data we collect from you will be stored confidentially and securely as required by the Trinity College Information Systems Security Policy and Data Protection Policy. The University is committed to ensuring that the processing of your data is performed in a secure manner relevant to the processing, in accordance with Article 32 GDPR requirements.

When we store your personal data on our systems the data will be stored either on the University premises or on secure IT platforms within the European Economic Area which are subject to GDPR requirements.

Trinity College will share your personal data with third parties where necessary for purposes of the processing outlined in this privacy statement. When we share your data with third parties the Service will ensure that the data is only processed according to specific instructions and that the same standards of confidentiality and security are maintained. In accordance with Article 28 GDPR, once the processing of the data is complete any third parties with whom data is shared will be required to return the data to the University save where they are required to retain it by law.

How long we retain your data

In keeping with the data protection principle of storage limitation we will only retain your data for as long as is necessary. For the purposes described in this privacy statement we will store your data for the duration of your studies plus seven years in accordance with the Trinity College Records Management Policy.

Your rights under data protection law

You have the following rights over the way we process your personal data. For further information please see the Trinity College Data Subject Rights Requests Procedure.

Right of Access

You have the right to request a copy of the personal data which is processed by the Service, including your counselling notes, and to exercise that right easily and at reasonable intervals.

Consent

You have the right to withdraw your consent to the processing of your personal data. You may withdraw your consent to the Service processing your personal data at any time. To withdraw your consent, we require you to advise the Service in writing.

Rectification

You have the right to have inaccuracies in personal data that we hold about you rectified.

Erasure

You have the right to have your personal data deleted where we no longer have any justification for retaining it, subject to exemptions such as the use of pseudonymised or anonymised data for scientific research purposes.

Object

You have the right to object to processing your personal data if:

  • We have processed your data based on a legitimate interest or for the exercise of the public tasks of the University if you believe the processing to be disproportionate or unfair to you.
  • The personal data was processed for the purposes of direct marketing or profiling related to direct marketing.
  • We have processed the personal data for scientific or historical research purposes or statistical purposes unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Restriction

You have the right to restrict the processing of your personal data if:

  • You are contesting the accuracy of the personal data.
  • The personal data was processed unlawfully.
  • You need to prevent the erasure of the personal data in order to comply with legal obligations.
  • You have objected to the processing of the personal data and wish to restrict the processing until a legal basis for continued processing has been verified.

Portability

Where it is technically feasible you have the right to have a readily accessible machine readable copy of your data transferred or moved to another data controller where we are processing your data based on your consent and if that processing is carried out by automated means.

Further information

If you have any queries relating to the processing of your personal data for the purposes outlined above or you wish to make a request in relation to your rights you can contact the Service at: student-counselling@tcd.ie.

If you wish to make a complaint or escalate an issue relating to your rights you can contact the Trinity College Data Protection Officer at: dataprotection@tcd.ie .

If you are not satisfied with the information we have provided to you in relation to the processing of your personal data or you are dissatisfied with how Trinity College is processing your data you can raise a concern with the Data Protection Commission at: https://forms.dataprotection.ie/contact.

Last updated: 16/08/2022