From 25th May 2018, under the General Data Protection Regulations (GDPR), I am required by law to inform you about how I process and keep your personal data safe.
What data do I collect and keep and why do I need it?
I may collect some of the following:
Name & Age – This is basic information that helps me get to know you.
Address, email address & phone number – I use this as a way of contacting you regarding your sessions.
Your GP details – If I were worried that you were at risk I may need to contact your doctor (or other agencies). I will always tell you in advance if I am going to do this.
Relevant medical information that may impact on or direct our work, such as a medical history or diagnosis that informs a treatment plan, or a health condition may impact on our sessions, in order to maintain your safety.
Session notes: I sometimes keep very brief anonymous notes of our sessions but these are stored separately from the contract.
Payment information: Banking transactions may be viewed by the employees of the bank, my accountant and tax officers (HMRC) and you account name may show up on online or paper bank statements if a BACS payment is made. You have the right to discuss alternative payment options with me.
Emails between us.
Invoices and receipts.
You have a right to request to see, have amended or have destroyed any data I may keep about you, and I will respond to any such request made within 1 month. However, there may be certain situations that require specific information to be retained, and I may need to seek legal advice in this case.
Will I share your data and if I do with whom and for what purpose?
It is very unlikely that I will share your data, apart from the examples stated above. I will not sell it on or use it for any unethical reason. I may have to share it if I am subpoenaed by court. If you or anyone you tell me about is at harm or risk of harm I may have to pass this information on. I also have regular supervision where I talk about my work, but this is anonymous.
How will I store your data?
Data is mainly stored in paper format, in a locked cabinet, and inaccessible to others. Your phone number may be kept on my business mobile phone, which is password protected. Any information collected via the contact form on my website will be held for 1 month whilst in correspondence to arrange a counselling session. Please note it is recommended that email is use only for booking and confirming appointments, rather than including personal information, unless encryption is used.
How long will I store your data for and how will it be disposed of?
I will keep any notes and your name for 7 years as required by my Indemnity Insurance Policy.
This document and the contract/terms and conditions form with your personal details will be destroyed 1 month after our work finishes. All emails from you will be deleted as soon as they are no longer needed, and at least within 1 month of our work finishing. I will delete your phone number from my mobile 1 month after our work finishes.
When sensitive data is to be destroyed, this will be shredded. If I discover there has been a data breach of your personal information that could put you at risk, I will undertake to tell you as soon as possible, and follow the guidance provide by the ICO, with whom I am registered.
If you do not consent to me using your data in this way, please discuss this with me to look at how we can agree to work together.
Do you consent to me using your data in this way?
Please write yes or no: ………………………………….