Confidentiality and privacy are essential for counselling. This notice explains what personal information I keep, why I keep it and what I will do with it.
The lawful basis that I use for storing and processing your personal data is Contract. This is because I am providing you with a service and I require some information to be able to provide you with that service.
What information do I keep and why do I keep it?
Name, date of birth, address, phone number and email address – These are kept so that I can contact you and to ensure that your records are not confused with any other person. They may also be used as identifiers if I need to pass any information to your GP or other healthcare professional. Except for the exception below, I will only do this with your informed consent.
Email address – this is used if we hold any sessions online.
GP details – these are kept for if I need to pass any information to your GP. Except for the exception below, I will only do this with your informed consent.
Any information that you provide during sessions, including sensitive information (e.g. sexual orientation), may be recorded within my session notes.
When may your data be shared?
There are occasions when I may share your information with other professionals. These are:
- Your first name and age will be shared with my clinical supervisor.
- If I receive a subpoena from a court of law.
- If you disclose information that raises safeguarding concerns including serious risk of harm to yourself or others; or abuse or neglect of a child or vulnerable adult, I have a duty of care to disclose that information to the appropriate authorities.
- If you disclose information that indicates that you are at substantial risk of suicide, I will release that information to your GP. If there is an immediate risk I will contact the emergency services.
- If you disclose any information regarding terrorism, or laundering of money gained through drug trafficking, I am legally required to inform the police and it is a criminal offence for me to inform you that I have done so.
- In the event of my death or incapacitation, there is a Plan B for all clients to be contacted. If Plan B needs to be used, a designated colleague will access my records in order to contact you.
- If you pay for your sessions via bank transfer, your name may appear on my bank statements. This information may be shared with an accountant and HMRC.
If I do share information about you, I will always aim to discuss it with you first unless the situation requires an immediate response. If I am required to release information before discussing it with you, I will inform you at the earliest opportunity except in the case of information relating to terrorism, drug trafficking or money laundering.
I will never share your data for any reason other than the reasons stated above.
How is your data stored?
All of my records are held securely online on a client information management system.
Your name and phone number will be stored in my work phone which only I can access.
How long is your data stored and how is it disposed of?
All clinical information will be kept for 5 years from the date of our last session. This is the timeframe requested by my insurance company.
Your phone number will be deleted from my phone 7 days after your final session.
If you email or text me between sessions for any reason, these will be deleted as soon as the messages are no longer relevant. For example, if you text me to rearrange an appointment, I will delete those text messages as soon as that appointment has taken place. If you email or text me information that is relevant to our work together, I will store that information with the rest of your notes. The email or texts will then be deleted.
Bank statements are kept for 5 years from the end of the tax year in which you were seen. This is the timeframe requested by HMRC.
What are your rights?
Under the General Data Protection Regulation, you have the right to say what happens to the data that I keep.
- The right to be informed – which is the purpose of this privacy information notice.
- The right of access – you have the right to see the information that I keep.
- The right to rectification – you have the right to request that I amend any personal data which is factually incorrect, misleading or incomplete.
- The right of erasure – under certain circumstances, you have the right to request that I destroy the data that I keep.
- The right to restrict processing – under certain circumstances, you have the right to request that I no longer process the data that I keep.
- The right to data portability – under certain circumstances, you have the right to request that I transfer the data that I hold to another organisation or individual.
- The right to object – because the lawful basis that I use to process your data is Contract, you do not have the right to object to me processing your information.
If you would like to exercise any of your rights at any time, you can request it verbally or in writing. I will respond to your request within 30 days.
If you believe that I have processed your information incorrectly or without your permission, you have the right to complain to the ICO. Details of how to do this can be found at www.ico.org.uk