In line with EU General Data Protection Regulations, this privacy statement informs you how I will collect and store your personal data.
For the purposes of the General Data Protection Regulations (GDPR) 2018, I am registered as a data controller with the Information Commissioners’ Office (ICO). My ICO reference number is A1102369.
The lawful basis for the collection and processing of your personal data is ‘contract’.
Information I collect about you and the purpose for this
When you contact me initially for a free consultation, I will retain your name and contact details only for the purposes of arranging the free consultation. If you decide not to proceed with therapy, I will delete your contact details immediately.
The following applies if you engage in therapy with me:
Your personal details – name, postal/email address and phone number. I collect these details in order to contact you regarding arranging sessions and to send you information in advance of our sessions for you to read in your own time (e.g. the therapy working agreement).
Details of your General Practitioner – this is in case I need to contact them because I am concerned for your safety or wellbeing (see therapy working agreement).
Emergency contact – this is a number of someone I may need to contact on your behalf if you become unwell during a session.
Therapy session notes – In accordance with the requirements of my professional body (the British Association of Counselling and Psychotherapy - BACP) and my insurance company, I will keep brief notes of our sessions. These will be anonymised. You will be allocated a client number at the start of therapy and this number only will be used to identify your notes. No personal identifying details will be included on your session notes.
How I store your information
Your personal details (name, postal and/or email address, phone number, GP details and emergency contact) will be stored securely in a locked facility.
Therapy notes will be anonymised and identifiable only by a code number which you will be given at the start of therapy. These will be stored electronically online using a secure, encrypted platform.
Texts, emails and voicemail messages for the purposes of communicating with you regarding session appointments will be stored on a password-protected mobile phone or encrypted laptop. Your phone number may also be stored on this phone.
A paper diary with your first name or initials only will be used to record session appointments.
How long will I store your data?
In accordance with the requirements of my insurance company and my professional body the British Association of Counselling and Psychotherapy, I will keep your personal details, your unique code and therapy notes for a period of 3 years, after which they will be confidentiality shredded.
My diary will be shredded at the end of each calendar year and your phone number and email address will be deleted from my phone three months after therapy ends.
Your right to be forgotten
You have the right to ask for your data to be erased in some circumstances, this includes when I no longer need your data to fulfil my contractual obligations to you (although please refer to insurance and BACP requirements to keep therapy notes for 3 years). An exception is if I have a legal requirement to retain your data.
Your right to access your data
Under the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA, 2018), you are entitled to see any information kept about you. This must be requested in writing. You also have the right to ask me to amend any incorrect information held about you.
Sharing your information
Your data will be kept confidential, except where I have a legal obligation to disclose it (for example in the event you disclose information relating to terrorism, treason, money laundering or drug dealing) or if I have concerns about your safety or the safety of others. In this event, I will need to contact the relevant authorities which may include your GP and the police. I will try to talk to you about this beforehand if possible.
I also have an ethical requirement to discuss my therapy work with my clinical supervisor, but this will not involve revealing your personal information.
The Information Commissioners Office can be contacted on 0303 123 1113 for any concerns or queries regarding how I have handled your data.
Disclaimer
In providing you with therapy, I use third party service providers (Proton mail and Zoom) which are GDPR compliant. Although it is highly unlikely that any data-breaches will occur, I am unable to guarantee the complete absence of any data breaches through the use of these providers. In addition, if you request to use a service provider other than those listed above, this may be possible, but it will be at your own risk as I may be unable to ensure they are GDPR compliant.