DATA PROTECTION POLICY
I understand how important your privacy is and I take care to maintain your confidentiality in accordance with current data protection laws (GDPR, 2018) and the ethical guidelines of the British Association for Counselling and Psychotherapy (BACP). These guidelines have been set up to protect your confidential material and ensure that I your therapist always conducts themselves with professionalism and integrity.
I hold the following data on you:
Personal contact details
Emergency contact details
Records of your therapy sessions in the form of clinical therapy notes
Digital recording of therapy sessions.
Below I state how this information will be held and used.
Your personal information
I require your personal details, such as your name, address, email address and telephone number as well as details of the issues you are looking for help with.
I store this information securely on a paper-based system and can only be accessed by me.
During the initial assessment I will ask you for your contact information, date of birth and contact information for your GP and elected Emergency Contact.
This information is stored in a locked cabinet and will only be accessed by me and will be held for the duration of your therapy after which it will be confidentially destroyed.
Please note that I will need to keep a record of your name and client reference number for seven years after the end of your therapy, so that I can respond effectively to any potential requests regarding your clinical notes and treatment.
I will never pass on your contact details to any third-party organisations for the purposes of sales, marketing or research.
Your payment details
All payments made through bank transfer will only be shared with my accountant on an anonymised basis at the end of the financial year. The HMRC requires that we retain this information for 6 years after the end of the financial year. All documents will be stored securely and only be accessed by me.
Your therapy sessions
Everything that you discuss with me is confidential and will only be broken if there is concern about your safety or the safety of someone else or we are instructed to do so by a Court of Law. I will always endeavour to speak to you about this first.
So that I can work safely and professionally with you and in keeping within the guidelines of my professional bodies I will speak to a supervisor about your therapy sessions. These sessions are bound by confidentiality and you will only be referred to by a pseudonym.
I also keep notes of each session. These are anonymised and are stored in a locked filing cabinet. These notes are for my use only and help me to keep track of everything that is being discussed. In line with industry guidelines, these notes must be kept securely for seven years after your therapy comes to an end. After this time, they will be shredded.
If your sessions are paid for or arranged via a third party, (e.g. your employer, a friend, or a family member), other than payment requests, invoices or receipts your counselling information will not be shared. Any other information can only be shared with your written permission.
Your communications with us
As emails are not secure I ask that you do not send personal information via email. Any that are sent will be auto deleted.
I do not store clients telephone numbers on my mobile phone, but for extra security my phone is password protected in case of any calls or texts. This is only accessed by me.
Your email address and telephone number will only be used by me to contact you about your appointments or send you pre-discussed information.
You have the right to know what data I hold on you, why I am holding it - for how long and the right to access this information if you so wish.
The right to be forgotten -You can request that I delete and confidentially destroy the information that I hold about you and your sessions at any time- unless I am compelled to keep it by a court of law.
Breaches of data protection
In the event of any breach of our data protection policies, I will notify you and the Information Commissioner’s Office (ICO) within 72 hours and will seek to rectify this immediately.
Should you have any concerns about my data protection practices, you can raise these directly with me. You can also notify the Information Commissioner’s Office.