I am a registered member of the British Association of Counselling and Psychotherapy (BACP) and am bound by their Ethical Framework for the Counselling Professions. I take the privacy of clients and potential clients seriously. I adhere to current UK data protection legislation, including the Data Protection Act 2018 and the UK General Data Protection Regulation (GDPR). Under GDPR regulations, I am ‘data controller’. This means I am responsible for determining the purpose of processing your personal information and also how it is processed. This document explains what I do with your personal information. I am happy to discuss any questions you might have in relation to your data, you can email me at email@example.com.
What information is kept about me and why?
I process the following categories of personal data about you
· Personal data - Information that identifies you. This will include your name, address, contact number, email address and date of birth. I will also ask for an emergency contact number and your GP’s contact details. I also process BACS transfer information if you pay via BACS. I will collect some of this information when you first contact me via email, phone or my website’s contact form, and the rest in our first session together. The purpose of collecting this information is to respond to messages, book appointments and to deliver safe and effective therapy. The legal basis for processing this data is that it is necessary to fulfil our contract with you.
· Information about you. Practical information relating the counselling you seek including referral date, reason for seeking counselling, your partner’s and/or family members name if you are seeking couples or family counselling, the fee, date of the first session and your availability to attend future sessions. The purpose of processing the data is for me to fulfil my contract with you and keep an accurate record. The legal basis for processing this data is that it is necessary to process the data to fulfil our contract with you.
· Special category data - Information about your health. This includes session notes. I will keep written notes of each session together with any relevant and important correspondence, these are kept in a secure and encrypted database, separately from contact information. The purpose of collecting this information is to uphold professional standards by keeping ‘accurate and appropriate records’ in line with the BACP’s Ethical Framework, and to deliver safe and effective therapy. The legal basis for processing this data is your consent. These details are kept in a secure and encrypted database, and are not shared with any third party.
· Transactional information - Used when you pay, including your bank account number and sort code, Credit/Debit card identifiers, The purpose of processing this information is to complete the financial transaction associated with the service provided and keeping proper records of my business transactions as required by law. The legal basis is that it is necessary to process the data to fulfil my contract.
· Accounts information - information I hold and use about the financial transactions including Transaction details - my financial records. The purpose of processing this information is to complete the financial transaction associated with the service provided and keeping proper records of my business transactions as required by law. The legal basis is that it is necessary to process the data to fulfil our contract with you.
How I collect your information
I collect information from you in a number of ways, including over the phone, via email, through my website’s contact form and via sessions. I will only obtain information from third parties, such as your GP, a parent or a trusted adult, with your knowledge and consent, and for the purpose of providing effective healthcare.
How your information may be shared and why?
I will keep everything you discuss with me in sessions confidential and not share it with others, apart from in the following situations. I may break confidentiality if I have reasonable grounds to believe there is a risk of imminent and serious harm to yourself or others, in which case I will discuss this with you first wherever possible before disclosure. Also, I may break confidentiality where I am legally obliged to do so (e.g., disclosure of information relating to acts of terrorism). Or you have explicitly asked me to for the purpose of accessing healthcare support. I may process any of your personal data identified in this policy where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is my legitimate interests, namely the protection and assertion of my legal rights, your legal rights and the legal rights of others.
In the event of serious illness or my death, my professional executor would be given your details and will contact you to inform you of this. Practicing members of the BACP are required to undertake professional supervision, and I may discuss our counselling with my supervisor to ensure or enhance the quality of my work with you. All discussion in supervision is anonymised and your identity is never revealed. My supervisor is also bound by the BACP’s Ethical Framework.
Retaining and deleting data
I will keep written notes of each session together with any relevant and important correspondence, these are kept in a secure and encrypted database, separately from contact information. Once counselling has ended my records of your contact details, session notes and any retained correspondence will be kept for up to 7 years from the date of our last session, and will then be securely destroyed. The reason for keeping these records for up to 7 years is in case you wish to resume counselling within this time period, which may relate to issues discussed in previous counselling. If you want me to delete your information sooner than this, please tell me. I will keep copies of my invoices and financial transactions with you as required by law.
Under GDPR you have the right to request a copy of session records. Where requested by you these will be within 30 days in electronic format. To make a request for any personal information I may hold about you, please put the request in writing addressing it to firstname.lastname@example.org.
Under GDPR you have the right to ask for records to be amended if you feel they are inaccurate, you can also ask me at any time to correct any mistakes there may be in the personal information I hold about you. You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop processing your personal information. To find out more about your right please see links https://ico.org.uk/your-data-matters. If you wish to ask for an amendment or if you raise objection to any data kept by me, such objection will be stored with the original session notes.
If you have any complaint about how I handle your personal data please do not hesitate to get in touch with me by emailing to the contact details given above. I would welcome any suggestions for improving my data protection procedures. If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to https://ico.org.uk/make-a-complaint.
My contact details and ICO registration
I am registered with the UK Information Commissioner’s Office (reference ZA799211) as the data controller in relation to my counselling practice. My email address is: email@example.com and my phone number is 07902194115.