This policy clarifies how and why I collect, store or share/process your personal data including and also details your rights under GDPR
Your Personal Data:
When we meet for your first session I will take your details including your name, contact number, email, home address, date of birth, emergency contact, and your GP’s details.
In addition I also keep a hard copy of a counselling contract signed by us both.
This information is stored as confidential data in locked storage.
If we begin counselling appointments together, I will make session notes in order to monitor and reflect upon the work we do together, and in line with the requirements of my professional indemnity insurance and the BACP ethical framework. This information is anonymous, using initials and date of contact as identifiers, so that no other person would be able to identify you. These notes are kept in locked storage/ password protected computer document which is kept separately from hard copy contact details.
Sharing of Data
I use your data only in my service to you as my client and I don’t sell your data or use it for marketing purposes. I may share details of our work together in my clinical supervision, in order to help me provide you with the best service that I can. Supervision is a requirement of my BACP membership- my supervisor is also a member of the BACP and as such is bound to the same ethical framework including confidentiality as I am.
There are limited reasons why I may be required to process/share your data:
1. ‘Legitimate interest’ reasons may require me to break confidentiality due to safeguarding issues, or risk of harm to self or others.
2. Legal Reasons – I may also be obligated to share information in your notes if I were issued with a court order. These obligations are consistent with current UK law on confidentiality.
3.You may give me your consent to share your data, for example, with your GP, other medical professionals, legal representative or occupational health department.
For how long is data retained?
I keep data for 7 years after your final session in line with the requirements of my professional insurance. Where clients are under 18, data is retained for 7 years after the age of 18 is reached.
Further Data Sources.
Email: if we communicate by email this gives me access to an ‘e signature’ in the form of an IP address, which is kept according to the retention period information detailed previously. Please be aware that sending information by email doesn’t always ensure complete security, as not all email systems are encrypted.
Website contact form: information from the contact form is not stored by the website and I retain the information provided in line with the confidentiality protocols identified above. If we do not enter into a working contract together, the information you submitted will be deleted.
Data may also be received from online directories such as the Counselling Directory and is retained by me in line with the protocols detailed previously.
Your rights under GDPR
Right to be informed about the collection, storage and use of your personal data, as contained in the above privacy information. The latter must be provided to you at the same time as I collect your personal data.
If your data comes to me via referral I must provide you with privacy information no later than one month from referral. That information must be transparent, clear and easily accessible.
Right to access: you can request to see information I hold about you.
Right of rectification if your data is incorrect or incomplete.
Right to erasure, or ‘the right to be forgotten’ Not applicable where lawful reason/legal obligation/legitimate interest takes precedence
Right to restrict processing. Not applicable where lawful reason/legal obligation/legitimate interest takes precedence ·
Right to data portability. To obtain and reuse your personal data for your own purposes across different services. This rule exists mainly for data held by big service providers, e.g. utility providers. In the event of you wishing to take a copy of your case notes to another therapist/mental health provider/practitioner these may be provided as an encrypted and password protected document.
Right to object to data processing (such as direct marketing or for purposes of scientific research) Not applicable where lawful reason/legal obligation/legitimate interest exists.
- No categories