Your privacy is a top priority for me. I’m committed to always being a good custodian of my clients’ personal information, handling it in a responsible way, and securing it with administrative, technical and physical safeguards. I’m registered as a data controller with the Information Commissioner’s Office (ICO), ICO registration reference ZA452655, and I am a member of the British Association of Counsellors and Psychotherapists (BACP), registration number 374359. If you have any queries about this privacy notice or about any aspect of my data management, please contact me at firstname.lastname@example.org or on 07787-290434. I’ll update this privacy notice regularly to ensure it continues to comply with the latest regulations and best practice. This privacy notice was published on my website in September 2018.
HOW I PROTECT AND MANAGE INFORMATION
Storage and management of personal information
I keep paper records of my clients’ contact details and signed contracts in a locked cabinet in my home. I separately keep pseudonymised paper records of my clients’ personal details and therapeutic notes in a locked cabinet in my home. I keep a master list of client names/pseudonyms and basic contact details (phone numbers and email addresses) in an excel spreadsheet on my laptop which is password protected and only used by me. If you see me in Exeter I will transport your therapeutic notes with me to Exeter, until the end of the day when they will be returned to the locked cabinet at my home.
Visitors to my website
I do not record or process any data from people who call, text or email me with general enquiries. If a query does require me to take personal data I will explain this at the time. I do not record phone calls.
Clients and former clients
The legal basis I use for processing clients and former clients personal information is a combination of contract and legitimate interest. I carefully safeguard the information I hold about clients and former clients. This information comes from the way clients engage with me and is provided through the completion of contact and personal information forms prior to their initial counselling sessions, during their initial sessions, during ongoing sessions and/or by text, email, Skype and post in between sessions/at the end of therapy. I don’t keep client names or contact details on my contact lists so if you need to send me a message, text or email, please include your name. Once I have dealt with your enquiry I will delete it and add a note/anonymised copy of it to your therapeutic notes. Once your therapy has ended I will keep your data for 4 years. If you decide to return to therapy during this period I will have your data to hand and new data will be added to this. After four consecutive years of no therapy all the data I hold on you will be securely destroyed (paper cross shredded and electronic data deleted). In the unlikely event that I can no longer work with you due to my sudden sickness or death, my next of kin will give all the client data I hold to my Supervisor who will contact you if therapy is ongoing, then securely destroy all data relating to you.
WHAT THE INFORMATION IS USED FOR
As well as contact details I will collect and retain potentially sensitive information about my clients mental and physical health and general circumstances. I will only use this information to provide my clients with the best possible counselling service which aims to improve their wellbeing and to inform the development of my service to continue to meet their needs. I may need to send messages by telephone, text, email or Skype. These messages will be to arrange or rearrange appointments or to confirm suggested material for reading/watching between sessions. I will never pass on your information to a third party to use in their own direct marketing without your consent. In rare cases, I may be required to share your data by a court of law or relevant regulatory authority or to defend myself if a complaint was made against me.
During your contact with me, I will not share your information with any third parties unless: you have consented to this; as part of my duty to protect a child, vulnerable adult, you, or the public; for the prevention and detection of substantial criminal activity; I’m required to do so by a court or law or relevant regulatory authority; to protect my rights, property or safety, or those of any third parties. By being my client and using my services, you grant me permission to process personal data which you have provided to me. When you make a payment to me, either by bank card, credit card or cash, I will keep records of your payments for financial audit reasons for six years. I may share any data about my work with: my clinical supervisor James Banyard; my accountant Paula Menagh Accountancy; HMRC; the Information Commissioner’s Office – ICO; the BACP. Should I discover that any personal data I hold on you has become compromised in any way I will contact you to inform you of what has happened and any steps I am taking to address the cause.
Under the EU General Data Protection Regulation (GDPR) you have rights as an individual data subject which you can exercise in relation to the information I hold about you: the right to be informed; the right of access; the right to rectification; the right to be forgotten; the right to restrict processing of personal data; the right to data portability; the right to object; rights in relation to automated decision-making and profiling; the right to lodge a complaint with the ICO. You can read more about these rights on the ICO’s website (see ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights).
If you don’t agree with my keeping records of information about you and your counselling I will not be able to offer/continue to offer you my counselling service. I keep your records of counselling for a certain period (as described above), which may mean that even if you ask me to erase any details about you, I might have to keep these details until after that period has passed. I may move client records between my IT systems as long as all client data is secure.
I try to meet the highest standards when collecting and using personal information, and I take any complaints about this very seriously. I encourage you to let me know if you think that my collection or use of information is unfair, misleading or inappropriate. I also welcome any suggestions for improving my procedures and I’m happy to provide any additional information or explanation needed. If you want to make a complaint about the way I’ve processed your personal information, you can contact the ICO (the statutory body which oversees data protection law – see ico.org.uk/make-a-complaint).
ACCESS TO YOUR PERSONAL INFORMATION
I try to be as open as I can in terms of giving clients access to their personal information. You can find out if I hold any personal information about you by making a ‘subject access request’ under GDPR. If I do hold information about you I will: give you a description of it, tell you why I’m holding it, tell you who it could be disclosed to, let you have a copy of the information in an intelligible form. To request any personal information I may hold, please put your request in writing to me at the email address in the Introduction above. If you agree, I’ll try to deal with your request informally, for example by providing you with the specific information you need over the telephone. You can also ask me to correct any mistakes in any information I hold.