Your privacy is very important to me and you can be confident that your personal information will be kept securely and will only be used for the purpose it was given to me. I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. I am happy to discuss any questions you might have about my data protection policy and you can contact me on 07768 878351 or via email at: email@example.com
‘Data controller’ is the term used to describe the person/organisation that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is me.
I am registered with the Information Commissioner’s Office (number: ZA547426 )
The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data:
If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your information.
If you are currently having therapy or you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract.
The GDPR also makes sure that I look after any personal information you may disclose to me appropriately. This type of information is called ‘special category personal information’. The lawful basis for me processing any categories of personal information is that it is for provision of health treatment (in this case counselling and psychotherapy) and necessary for a contract with a health professional (in this case a contract between me and you).
How I use your information
When you contact me with an enquiry about my counselling services, I will collect information to help me satisfy your enquiry. This will include your name, contact/address details and your reason for seeking therapy. Alternatively, a trusted individual may give me your details when making an enquiry on your behalf. If you decide not to proceed, I will ensure that all your personal data is deleted within one month. If you would like me to delete this information sooner, just let me know.
While you are accessing counselling
Rest assured that everything you discuss with me is confidential. That confidentiality will only be broken if I consider you to be a risk to yourself or others or if I am required to do so by a court of law. I will always try to speak to you about this first, unless there are safeguarding issues that prevent this.
I will keep a record of your personal details to help the counselling service run smoothly. These details are held securely along with your contract in a locked filing cabinet in paper format and will not be shared with any third party - apart from in the event of my sudden death, in which case a colleague will use them to inform you.
I will keep brief, handwritten notes of each session in paper format but these will be anonymised and kept in a locked filing system separate from your contact details so that no cross-referencing is possible.
For security reasons, I do not retain text messages for more than two months. If there is relevant information contained in a text message, I will attach it to your notes in paper format. Likewise, any email correspondence will be deleted after two months if it is not important.
After counselling has ended
Once counselling has ended your records will be kept for three years from the end of our contract with each other and are then securely destroyed.
Third party recipients of personal data
I may sometimes be required by law to share limited personal data with third parties (for example HMRC who may inspect my tax records). However, I take great care to ensure that client details are as minimal or as anonymised as they possibly can be and such bodies also have restrictions upon their use of this type of information.
It is a requirement of ethical practice for me to discuss my work with my supervisor who is a senior accredited member of BACP and therefore bound by the same ethical framework as I am. My supervisor has no access to client contact information/addresses etc and clients are discussed on first name only basis so are effectively anonymous.
You have the right to ask me to delete your personal information, limit how I use it or stop processing it. You also have the right to ask for a copy of any information that I hold about you. To make a request for any personal information I may hold about you, please put the request in writing addressing it to: firstname.lastname@example.org. If you have any complaint about how I handle your personal data, please do not hesitate to email me as above. I welcome any ideas for improving my data protection procedures. Should you wish to make a formal complaint about the way your data has been processed, more information is available at: ico.org.uk/make-a-complaint.
I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept secure. I use encrypted devices for digitally held data and locked filing cabinets for handwritten data.
Visitors to my website