Your privacy is respected and I will take special care in keeping your personal information safe and secure. I am a registered Data Controller with the Information Commissioners Office (ICO), my registration number is A8737305. I comply with the General Data Protection Regulation (GDPR) and for this reason will inform you about what I intend to do with the personal information I collect from you from initial point of contact through to when therapy has ended.
Why do I collect your data?
Article 6 of the GDPR requires that I must have lawful bases to collect and process personal data.
Consent: You have given clear consent for me to process your personal data for a specific purpose.
Contract: The processing is necessary for the contract I have with you, or because a perspective client has asked me to take specific steps before entering into a contract.
How I use the information you provide
At the initial session I will collect information to help me satisfy your enquiry. This will include: name, age, address, email, phone number, GP details and details of next of kin. I may also ask about any previous medical conditions as well as medication you may be taking and your level of risk in order to find out if you may need to engage with other support networks (such as your GP or psychiatrist). All data will be deleted after 7 years, however, if you wish for this to be sooner please let me know.
When would I need to share your data? – Confidentiality
All information you provide is treated with confidentiality. However, though very unlikely I will have to share information with third parties if one of the following occurs (in which case you will be informed of this):
- If I need to make a medical referral for you
- If I’m required to provide my notes by a court of law
- If you, or anyone else you talk to me about is being harmed or at risk of being harmed
- If you inform me that a child is being or at risk of being abused or harmed
- If you disclose that you will or have committed an act of terrorism
I have regular one-to-one supervision sessions where I discuss material from sessions for best possible practice; however, I only refer to clients by first name or initials (you can let me know what your preference is).
I will never sell your data or use it for any unethical reasons.
How I will store your data
The only paperwork, which is kept in a locked cabinet is our contract, contact information and risk assessment form (all of which will be completed in the first session).
I am a member of the British Association of Counsellors and Psychotherapists (BACP) and am therefore required to take minimal session notes. These are all taken electronically and are encrypted and password protected. Your number and email address may be kept on my business phone and laptop, both of which are password protected.
How long will data be kept and the process of disposal
All data you provide, including your name, contract and session notes will be kept for 7 years. Your contact number and email address will be deleted from my business mobile and laptop one month after our therapeutic work together ends. All text messages and emails will also be deleted within a month after the end of our therapeutic work together.
All sessions carried out online need to be in a quite remote space where sessions are not overheard. Any virtual assistance you have can be switched off before the sessions in order to not have any disruptions.
I try my best to enable you to have as much access to your personal information as you wish. You can ask to see, delete or correct any data I keep of you at any time. These requests can be sent to me via email on email@example.com. The data will be provided free of charge.
Any complaints about how I handle your personal data can be made to ICO via www.ico.org.uk.
If I ever experience data breach I will let you know as soon as possible and notify ICO within 72 hours.
My website is secured with an SSL (Secure Socket Layer) Certificate. This means that the website traffic from my website to you is encrypted. My website is built on WordPress. This logs information and details of visitors in order to find out the number of visitors to the different parts of the site. WordPress does not attempt to identify who visits the website.