Your privacy is very important to me, and I will always endeavour to keep your personal information safe and secure. I am registered with the ICO which is the statutory body that oversees data protection law in the UK (ref: ZA747013) and adhere to the current General Data Protection Regulation (GDPR). This statement will tell you what I will do with your personal information.
Data collected from using my website:
WordPress collect standard internet log information and details of visitor behaviour patterns in order to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. I do not make, and do not allow WordPress to make, any attempt to find out the identities of those visiting my website. I use ‘legitimate interests’ as my lawful basis for holding and using your personal information in this way when you visit my website.
Data collected during initial contact:
When you contact me to make an enquiry, I store only the information that is necessary to fulfil my professional role (i.e., your contact details and any important information you discuss with me).
At the start of therapy, I will typically ask for your full name, date of birth and some contact details including your GP. I may also ask about your general medical background including any current medications you may be taking in order to ascertain whether we may need to engage other support networks (such as your GP or psychiatrist).
Alternatively, your GP, other health professional or trusted individual may send me your details when making a referral or enquiry on your behalf.
I use ‘legitimate interests’ as my lawful basis for holding and using your personal information in this way. Please see the section ‘Data storage limitations’ for details on how long I store your information for, as well as ‘Your rights’ if you would like this to be altered.
Data collected while you are having therapy sessions:
I am a member of the British Association of Counsellors and Psychotherapists (BACP) and abide by their Ethical Framework, which require us to keep appropriate records of our work (i.e., session notes). To fulfil this, I keep minimal session notes which are anonymised and kept separately from any identifying data. These are encrypted and password protected and stored on a cloud-based system so that I can minimise the possibility for any data breach (e.g., in the event that my computer is damaged or stolen, I can update the password to ensure your notes are secure).
The lawful basis for me processing these notes is that it is for provision of health treatment (in this case counselling) and necessary for a ‘contract’ with a health professional (in this case, a contract between me and you).
All electronic files are encrypted, and password protected, and I take care to ensure my software and virus protection is always up to date. Any files stored on cloud-based systems are encrypted and password protected, and the system is GDPR compliant. If you have used emails to contact me, your address will have been stored on my hard drive, which is password protected. If we communicate via mobile phone your identification is anonymised and the phone is pin protected.
Whilst every effort is made to ensure maximal security, please be aware that online communication is never guaranteed to be 100% secure (there is always the possibility of hackers, for example) and as such it is your decision as to how much you wish to share of your personal information via these formats.
Data storage limitations:
I use ‘legitimate interest’ as my lawful basis for holding and using your personal data. This will be retained for a period of seven years following the end of therapy. After this period, all data will be securely destroyed.
Your data rights:
I try to be as open as I can be in terms of giving people access to their personal information. You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop processing your personal information. You also have a right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances.
I would welcome any suggestions for improving my data protection procedures and encourage you to contact me to discuss this. If you prefer to make a formal complaint about the way I have processed your personal information, you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint. You can read more about your rights at ico.org.uk/your-data-matters.
Last Reviewed: January 2022