Your privacy is extremely important to me, and you can be confident that I am fully committed to protecting your privacy. This notice explains what I will do with your personal information from our first point of contact until after our therapy has finished.
Under the General Data Protection Regulation (GDPR) and the UK Data Protection Act, I am required to follow specific guidance relating to the collection, processing and disposal of your personal information. Under GDPR regulations, I am what is called the ‘data controller’. This means I am responsible for determining the purpose of processing your personal information and also how it is processed. As a member of the BACP (British Association of Counselling and Psychotherapy), I am also committed to protecting client confidentiality and privacy.
My business is registered with the Information Commissioner’s Office www.ico.org.uk, the authority responsible for upholding data protection in the UK. I handle all personal information in line with their requirements.
What information I collect and why
I will not ask for more information than is necessary. I will collect 2 types of data about you:
1) Personal data - Information that identifies you. This will include your name, address, contact number, email address and date of birth. I will also ask for an emergency contact number and your GP’s contact details. I also process BACS transfer information if you pay via BACS. I will collect some of this information when you first contact me via email, phone or my website’s contact form, and the rest in our first session together. The purpose of collecting this information is to respond to messages, book appointments and to deliver safe and effective therapy.
2) Special category data - Information about your health. This includes session notes. The purpose of collecting this information is to uphold professional standards by keeping ‘accurate and appropriate records’ in line with the BACP’s Ethical Framework, and to deliver safe and effective therapy. I will obtain your explicit written consent to hold special category data when we contract at the start of therapy.
Under GDPR I am required to have a lawful basis for processing your data. My lawful basis for processing your personal data is for the performance of our contract. My lawful basis for processing your special category data is explicit consent.
How I collect your information
I collect information from you in a number of ways, including over the phone, via email, through my website’s contact form and via sessions. I will only obtain information from third parties, such as your GP, a parent or a trusted adult, with your knowledge and consent, and for the purpose of providing effective healthcare.
How I may use your information
I may use your information to:
● respond to your messages and provide you with information about my services.
● book an appointment with you.
● provide you with therapy
I will not sell or rent your information to any third parties.
How your information is secured
I endeavour to take all reasonable steps to protect your personal information.
Client records are stored securely in line with current data protection regulations to protect client identity. Client data is pseudonymised. This means your contact details and counselling records are kept separately and linked with a reference number. This protects your identity if any information is lost or stolen. Session notes and contact details are securely stored in locked filing cabinets. If paying via bank transfer, only your initials will appear on my bank statement and my statements are password protected.
The laptop and mobile phone I use are password protected, and my email is encrypted and password protected.
To conduct online therapy sessions I use Zoom, which is a secure platform. Please visit https://zoom.us/trust for more information on how Zoom meetings are secured.
How your information may be shared and why
As a member of the BACP, I am required to undertake supervision. I may discuss our work with my supervisor, but I will not use your name, or disclose any information that identifies you.
I will not share your personal information with any third party unless:
● You have explicitly asked me to for the purpose of accessing healthcare support.
● I believe that you, or someone else is at immediate risk of serious harm.
● To provide law enforcement agencies with relevant information to assist in criminal proceedings.
In the event of serious illness or my death, my professional executor would be given your details and will contact you to inform you of this.
Under GDPR you have certain rights; including the right to:
● Request a copy of the information I hold about you.
● Have any inaccuracies on the information I hold about you corrected.
● Ask me to erase information I hold on you. This may be limited by my obligation as a therapist, to comply with regulatory or statutory requirements for retaining information in my area of work.
You can make requests for the above by emailing a written request to me at firstname.lastname@example.org. There is a procedure for this, which I will inform you of when you make a request. You will need to allow 28 days for a copy of your information, or for any inaccuracies to be corrected.
For more information on your rights visit www.ico.org.uk.
How long I hold your information for and when it is destroyed
I will not keep information about you longer than is necessary. The length of time is determined by statutory or regulatory requirements. When you first make contact either by phone or email, any personal information you provide will be securely stored, only for as long as is necessary. I may use your information to respond to your messages, provide you with information about my services, or book an appointment with you. I will only keep information you provide on first contact if I have the capacity to work with you, otherwise, I will delete this data within 28 days.
If you have therapy sessions with me, I will retain your records for a period of 5 years after the end of counselling, and for under 18s, 5 years after turning 18. After this period, I will securely delete or destroy your personal information, unless records have been legally required, for example by a court order.
If you have a complaint about the way I have handled your personal information, please don’t hesitate to get in touch by email at email@example.com . If you would like to make a formal complaint, you can contact the Information commissioner’s Office (ICO); this is the statutory body that oversees data protection law in the UK. For more information, go to https://ico.org.uk/make-a-complaint/.
If you have any questions about my data privacy notice, please contact me on 07942 676 971, or email me at firstname.lastname@example.org.
What are cookies?
Cookies are small text files that are stored in your browser by websites that you visit. Cookies provide a way for the website to recognize you and keep track of your preferences.
What are cookies used for?
Cookies on this site allow me to track how visitors are using my website. No personal Information is tracked. Information tracked may include:
Your Internet Protocol address (IP)
Your browser version or computer operating system
Name of your internet service provider
Date and time of visit
State or country from which you accessed the site
Web page you came from when visiting the site
Pages viewed on the site
Number of links clicked on within the site
How to decline or disable cookies
On entering this website, a pop up will appear, giving you the option to accept or decline cookies. Declining cookies will not affect access to the website, and no information will be tracked.
You can also delete cookies in your browser, although this may affect the functionality of websites that you visit. For instructions on how to delete cookies look at How do I delete cookies?