Your privacy is very important to me, and you can be confident that your personal information will be kept safe and secure. I am registered with the ICO which is the statutory body that oversees data protection law in the UK (ref: ZA747013) and adhere to the current General Data Protection Regulation (GDPR). This statement will tell you what I will do with your personal information.
Using this website:
WordPress collect standard internet log information and details of visitor behaviour patterns in order to find out things such as the number of visitors to the various
parts of the site. This information is only processed in a way that does not identify anyone. I do not make, and do not allow WordPress to make, any attempt to find out the identities of those visiting my website. I use ‘legitimate interests’ as my lawful basis for holding and using your personal information in this way when you visit my website.
Data collected during initial contact:
When you contact me to make an enquiry, I store only the information that is necessary to fulfil my professional role (i.e. your contact details and any important information you discuss with me).
At the start of therapy, I will typically ask for your full name, date of birth, your contact details, and how you found my practice. I will also ask for your GP contact, and ask if you would like to add contact details for a trusted individual to your records. Please see the final section: ‘Your confidentiality’ regarding when I may use these contacts.
I may also ask about your general medical background including any current medications you may be taking in order to ascertain whether we may need to engage other support networks (such as your GP or psychiatrist).
Alternatively, your GP, other health professional or trusted individual may send me your details when making a referral or enquiry on your behalf.
I use ‘legitimate interests’ as my lawful basis for holding and using your personal information in this way. Please see the section ‘Data storage limitations’ for details on how long I store your information for, as well as ‘Your rights’ if you would like this to be altered.
Data collected while you are accessing counselling:
I am a member of the British Association of Counsellors and Psychotherapists (BACP) and abide by their Ethical Framework, which require us to keep appropriate records of our work (i.e. session notes). In order to fulfil this, I keep minimal session notes which are anonymised and kept separately from any identifying data. These are encrypted and password protected, and stored on a cloud-based system so that I am able to minimise the possibility for any data breach (e.g. in the event that my computer is damaged or stolen, I can update the password to ensure your notes are secure). This cloud-based system is GDPR compliant.
The lawful basis for me processing these notes is that it is for provision of health treatment (in this case counselling) and necessary for a ‘contract’ with a health professional (in this case, a contract between me and you).
All electronic files are encrypted and password protected, and I take care to ensure my software and virus protection is always up to date. Any files stored on cloud-based systems are encrypted and password protected, and the system is GDPR compliant. If you have used emails to make contact with me, your address will have been stored on my hard drive, which is password protected. If we communicate via mobile phone your identification is anonymised and the phone is pin protected. All data in paper format is stored securely in a separate locked cabinet.
Data storage limitations:
I use ‘legitimate interest’ as my lawful basis for holding and using your personal data. This will usually be retained for a period of seven years following the end of therapy. However, this period may be varied according to specific circumstances (for example, for children, the data will be kept for a period of seven years following their eighteenth birthday). After this period, all data will be securely destroyed.
If you have contacted me and decided not to proceed with counselling, I will ensure all your personal data is deleted within one year.
I try to be as open as I can be in terms of giving people access to their personal information. You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop processing your personal information. You also have a right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances.
I would welcome any suggestions for improving my data protection procedures and encourage you to contact me to discuss this. If you prefer to make a formal complaint about the way I have processed your personal information, you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint. You can read more about your rights at ico.org.uk/your-data-matters.
Rest assured that everything you discuss with me is confidential. That confidentiality will only be broken:
- Where it is deemed that you, or connected persons, are at serious risk, in which case relevant third parties may be contacted in the interests of safety.
- Where you give explicit permission for private information to be shared with third parties, for instance with your medical practitioner.
- Where I am required to divulge information by a court of law.
I will always try to speak to you about this first, unless there are safeguarding issues that prevent this.