Any personal data that you provide to me via any means (verbal, written, on the phone or in electronic format) will be held and processed in accordance with principles of the General Data Protection Regulation (GDPR) for the purposes for which you have given consent, in order to establish and maintain a contract between us, or to meet my legitimate interests.
When you request counselling with me or otherwise provide any personal details to me, you are consenting to my processing of your data under the terms of this policy.
This policy only applies to data collected by me, via the channels outlined above. Third party agents and websites, which are linked to me, are not covered by this policy.
What information do I collect?
You can contact me directly by telephone or email. The process of requesting counselling initially involves providing me with your name, telephone number and email address, as well as your preferred method of contact. I might also request information on your availability to allow us to organise a session time. Once we have arranged our first meeting, I will ask you to provide me with additional information, such as your address, date of birth, gender identity, the name of your GP / surgery, and an emergency contact.
I may keep records of significant correspondence, e.g. copies of emails that relate to our work, or notes about consultations with anyone else in the case of referrals or similar.
These are brief notes that provide a factual record of what has been said during our sessions, including session number and a note on attendance.
Where we produce artwork, drawings or other physical material together, I may ask you if I can keep a record, e.g. by taking a picture of what we’ve produced.
My email account is powered by an external provider, and the collection and use of data is subject to their own Privacy Policies. My account is password protected.
What do I use your information for?
To respond to your counselling inquiry, to provide information about my service, to arrange an initial session, and to offer suitable counselling appointments
To contact you in the event of cancellations, e.g. due to illness, planned absences, or a personal emergency
To administer my service, including the arrangement of appointments and the handling of payments
To fulfil my administrative, legal and contractual obligations
To enable the best use of supervision by keeping track of and effectively thinking about the material we discuss
To optimally support the therapy, e.g. by facilitating the use of a therapeutic will and being able to protect you or others from serious harm where necessary (see below)
When and how do I share your data?
I will not share any information about you with other organisations or people, except in the following situations:
With your consent, I may share your information with your GP, professional services, your emergency contact, or others whom you have agreed I should contact.
I may share your information with the relevant authorities if I have reason to believe that this may prevent serious harm being caused to you or another person. Where possible, I would always seek your consent first, but if this is not possible, my duty is to act to prevent harm.
Compliance with law
I may share your information where I am required to by law or by regulations and other rules to which I am subject, eg. I may be required to pass identifiable and non-identifiable client information on to the BACP, the ICO, HMRC or to my insurance company in the event of a complaint, legal action or audit.
In the event of circumstances that prevent me from upholding the contract between us, e.g. if I fall seriously ill or die, a trusted colleague will gain access to your data, in order to inform you of my circumstances and, where desired, support you in making alternate counselling arrangements.
How do I keep your information safe?
All information you provide to me is stored as securely as possible. All paper forms and notes are kept in locked filing systems at my home. All electronic records are stored securely, require password-protected authentication using reputable service providers of industry-standard internet cloud technology.
I use a split system of record keeping where contact details are kept apart from case notes and other detail about you e.g. session material in order to minimise possibility for identification in the event of loss or damage outside of my control.
The transmission of information via the internet is never completely secure. Although I will endeavour to protect your information using industry-standard protocols and encryption, I cannot guarantee the security of your data transmitted to me via email; any transmission is at your own risk. For this reason, I recommend that you do not send me emails containing sensitive information such as medical or health information. If I do receive such an email, I will store the relevant information as outlined above and delete the initial email communication once dealt with. I will never record sessions, in person or online, unless we have specifically agreed for me to do this.
How long will I store your data for and how will it be disposed of?
I will delete any identifiable data such as contact details and any correspondence including identifiers within 5 years of no contact or updates from you.
Anonymised case notes, as well as any anonymised material or correspondence will be deleted when no longer required and in any event after 5 years.
Your rights under GDPR
I may edit this policy from time to time. If I make any substantial changes, I will notify you and, upon request, will provide you with an updated copy of this policy if we are currently working together. Updates will always appear on my website.
You have the right to see the information held by me. You also have the right to require me to correct any inaccuracies in your information.
Please note that I require at least one week’s notice to prepare any copies of information I hold about you, and that I may wish to discuss your request during one of our sessions.
You may withdraw your consent for me to hold and process all or some of your data at any time. Doing so might mean that we will no longer be able to work together.