Therapy is strictly confidential and I am bound by the Code of Ethics of British Association for Counselling & Psychotherapy (BACP).
The purpose of this page on my website is to explain how I currently collect and use personal data in line with the General Data Protection Regulation (GDPR) brought into effect on 25th May 2018. I will continue to revise this policy shown below in line with continuing advice and guidance I receive from both the Information Commissioner’s Office (ICO) and the British Association for Counselling & Psychotherapy. If you have any concerns or queries about how I keep your data safe please feel free to discuss them with me. Your rights under GDPR can be found on the website for the Information Commissioner’s Office.
The reason I keep data on individuals is for good practice and administration:
I do not use personal data for marketing purposes.
What information do I collect? How do I collect it?
Data from enquiries
This can be from various sources e.g. my website, various professional directories and websites, any advertising I undertake and phone calls, emails and online consultations. If you make an enquiry I keep your contact details that you have given me (e.g. name, email, phone number) and the nature of your enquiry on my laptop, mobile phone or as a handwritten note. If your enquiry does not result in you making an appointment the data will be destroyed as appropriate.
If we have agreed to work together I keep a record of the agreement, contact details you have given me, dates of sessions, brief anonymised notes of sessions, copies of invoices and communications. If we agree to have online consultations, please note I do not record these sessions and request you also do not record sessions.
How long will personal data be kept?
I currently plan to keep the data for 6 years from the end of therapy, excluding contact details This is to cover the obligations of the BACP who allow you up to three years (after the end of your therapy) should you wish to lodge a complaint and the HMRC for my accounting and tax purposes. All personal contact details will be deleted at the end of the therapy, unless you request otherwise.
How do I keep this data secure?
Data is kept on a laptop computer for my business which is security protected with a password. Paper records are kept in a locked filing cabinet dedicated to my business in my consulting room. Any notes concerning client work are anonymised. I have a dedicated mobile phone which is password protected where I keep contact details for my business. My email address [email protected] has been set up especially for client communication and is password protected. Clients should be mindful of the possible lack of security of communication by email and also to check the privacy policies of any online software for consultations such as Zoom or Skype.
Who will the data be shared with?
Therapy is strictly confidential to allow you to speak freely about yourself and your situation. The only exceptions where confidentiality may be broken are:
a)If I have concerns about your safety or the safety of others I may decide to break confidentiality for you to gain emergency help.
b)If ordered to meet legal requirements
In all cases I will try to reach an agreement with you of the course of action to take. Any approaches by a third party for information about you (e.g. your GP, Insurance Companies) will require your agreement.
As part of my professional practice I discuss my overall clinical work with a senior colleague who acts as my supervisor. Your identity is anonymised in these circumstances. The only time personal details would be passed to another professional colleague would be if I was unexpectedly unable to practice ( e.g. through serious illness or hospitalisation), this is to allow them to contact you to inform you about my situation.