I would like you to feel reassured that your privacy is very important to me, and your personal information will be kept safe and secure and will only be used for the purpose it was given to me. I adhere to the current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
If you have any concerns or queries around what I will do with your personal information from the initial point of contact, hopefully this privacy notice will provide clarity. This should explain, for example, what I am processing information for, whether you have to provide it to me, how long I store your information for and about your data protection rights.
Please feel free to contact me with any questions you may have in relation to my data protection policy, via email (firstname.lastname@example.org) or telephone (07790274349).
‘Data controller’ is the term used to describe the person/organisation that collects, stores and has responsibility for people’s personal data. In this instance, the data controller is me. I am registered with the Information Commissioner’s Office, my registration number being ZB146010.
The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. These are as follows:
If you have had therapy with me and it has now come to an end, I will use legitimate interest as my lawful basis for holding and using your personal information.
If you are currently having therapy or if you are in contact with me considering therapy, I will process your personal data where it is necessary for our contract.
The GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called ‘special category personal information’. The lawful basis for the processing any special categories of personal information is that it is for the provision of health treatment, in this case counselling/psychotherapy, and necessary for a contract with a health professional, between you and me.
On initial contact – when you contact me with an enquiry regarding my therapy services, I will collect what information is needed to respond to your enquiry, including names and ages of the individual(s) considering therapy and contact details, such as phone number and email address. You may also share details related to the reason therapy is being considered. If a referral is received via another professional or trusted individual, such as a GP, I may receive details from them and you would be informed of this.
Following an enquiry, should you choose not proceed, I will ensure all of your personal data is deleted within one month. If you would like this information deleted sooner, feel free to let me know.
While accessing therapy – everything you disclose with me is confidential. This confidentiality will only be broken if there are concerns about someone’s safety and wellbeing, or a risk of harm. I will always try and speak with you first, unless there are safeguarding issues preventing this.
Your personal details are securely stored, in order to allow me to deliver services smoothly. These details are kept as a hard copy, securely and are not shared with any third party. I will keep hand written notes on each session, which are kept anonymised and securely, and separate from your personal data.
For security reasons, I do not retain text messages for more than one month. If there is relevant information contained in a text message, I will keep this securely with notes. Similarly, any email correspondence will be deleted after 1 month if not important. If necessary, I will print and add to confidential notes.
Once counselling has ended – records will be kept for 6 years from the end of our contract with each other and then are securely destroyed. If you would like information to be deleted sooner, please let me know.
I may sometimes share personal data with third parties, for example, where I have contracted with a supplier to carry out specific tasks, such as referrals received via Emotional Skills, Norwich. Any clients referred to me via this third party would be made aware of any shared data. I ensure they do not use your data in any way other than the task for which they have been contracted.
I try to be as open as I can be in terms of giving people access to their personal data. You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop me processing your personal information. You also have a right to ask for a copy of any information that I hold about you, and to object to the use of your personal data in some circumstances. You can read more about your rights at ico.org.uk/your-data-matters
If I do hold information about you I will:
give you a description of it and where it came from.
tell you why I am holding it, how long I will store your data for and how I made this decision.
tell you who it could be disclosed to.
You can also ask me at any time to correct any mistakes there may be in the personal data I hold about you.
To make a request for any personal information I may hold about you, please put this in writing addressing it to email@example.com
If you have any complaint about how I handle your personal data please do not hesitate to get in touch with me in writing by email. I would welcome any suggestions for improving my data protection procedures. If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information, go to ico.org.uk/make-a-complaint
I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept secure; personal data is kept locked away, handwritten notes are kept anonymised, separately and locked away also.
Visitors to my website:
When someone visits my website I use a third party service, Wix, to collect standard internet log information and details of visitor behaviour patterns. This is also the case for those enquiring through the Counselling Directory. This is done to find out things such as the number of visitors to various parts of the site. It is processed in a way that does not identify anyone. I do not make, and do not allow Wix or the Counselling Directory to make, any attempt to find out the identity of those visiting my website.
I use legitimate interests as my lawful basis for holding and using your personal data in this way when you visit my website.
No user-specific data is collected by me or any third party. If you fill in a form on my website, that data will be temporarily stored on the web host before being sent to me.