Compliance with General Data Protection Regulations (GDPR)
From 25th May 2018, new regulations are in force regarding data protection. As I process personal, identifiable information (data) about you, this privacy policy sets out how and why I collect this information, how I use it and how I keep it secure. I am registered with the Information Commissioner's Office (ICO).
I will keep this privacy policy under review. New regulatory and technological developments or requirements stipulated by my professional associations (UKCP, BACP) may require adjustments to be made.
If you have any further questions or concerns, please do not hesitate to contact me on 07980 751045.
What information is kept and why
I hold you personal information in order to provide psychotherapy and counselling services.
I hold the information according to what is required by law, by the UKCP & BACP, by my professional indemnity insurance company and in order to fulfil my tax obligations.
I collect and hold personal information such your name and contact details. I need these in order to be able to contact you to make arrangements regarding our work and to be able to reach you in case of emergency.
I use your contact details to invoice you, if we agree this together.
I use your contact details to send you email invitations for online sessions, if we agree to work together online.
I keep a record of sessions scheduled, attended and fees paid.
I collect and hold your GP details which I would only use if I had a serious concern regarding your safety or that of someone else (see 'Sharing your information' below).
I keep very brief factual notes about our sessions. I use these as an aide-memoire for me and they might be used as a basis for discussion in Supervision (see 'Sharing your information' below).
How the information is stored
I store your personal information in such a way as to minimise the risk of unauthorised access or breaches of confidentiality.
Your name, contact details, GP details and a sign copy of this document are kept in a locked filing cabinet.
Sessions scheduled are recorder in a paper diary using an anonymising code.
Records of sessions attended, fees paid and clinical notes are kept on bacpac, a secure, cloud-based, electronic system which is GDPR compliant and has been vetted by NHS and Ministry of Defence for hosting confidential, medical information.
When paying by BACS, your account name or reference appears on my bank statements. These statements are only accessible electronically via my bank's secure portal and are stored there.
I explicitly ask for your permission to use email, text and/or WhatsApp, for administrative purposes, on the understanding that these systems are not entirely secure. Levels of security are in line with that given by the relevant service provider. No clinical material is to be included in these and where there is some (e.g. in an initial referral email), the message is deleted as soon as contact has been made. Access to my computer or phone where emails, texts or WhatsApp messages may be viewed is password protected. If you have any concerns about these forms of communication, please let me know so we can make alternate arrangements.
Online sessions are conducted via Zoom which uses end-to-end encryption and is GDPR compliant.
How long the information is stored for
I keep the information for 7 years after we have finished work together in accordance with the recommendation made by my insurance company and to comply with tax obligations.
After this time, paper records are shredded and electronic records are deleted. Your contact details on my phone, emails and texts are deleted as soon as work together ends.
Sharing your information
Our work together is confidential. However, your personal information may be disclosed under the following circumstances:
I will report any breaches to the security of your personal information to the ICO within 72 hours and I will also inform you, as appropriate.
You have the right to
The information in this privacy policy is also available in hard copy and at the point at which we contract to work together, I shall ask for your written consent to your personal information being used in the way described here. If we are already working together, I shall provide you with a copy of this policy and also ask for your written consent.