Counselling is a confidential safe space just for you, there are some legal and ethical limitations to confidentiality which we will talk about when we meet.
Any contact information that you provide when reaching out for therapy (including details provided on the contact form of this website) is not used for any marketing purposes or provided to any third party for use for marketing purposes. It is solely used for administrative purposes such as to make appointments, arrange payments, client registration and any other follow up communication.
Please contact me if you have any concerns about how I use your personal information.
To comply with the General Data Protection Regulations, I am required to tell you what data I hold on clients and potential clients and how that data is secured. I am also bound by the British Association for Counselling and Psychotherapy Ethical Framework. Your data will never be sold to any other individual, company or organisation for any purpose. I am also required to gain your explicit consent to hold certain data about you.
I keep client data that you provide (both in your initial contact and during any counselling sessions) to ensure that I can work safely and professionally as outlined in the British Association for Counselling and Psychotherapy Ethical Framework for Counselling Professions. Under GDPR you have the right to know what data I collect, why and for how long I hold it. The data I hold on new and existing clients may include:
You also have the right to view this information and to request that changes are made if it is incorrect. When sensitive information is to be destroyed it will be securely shredded or deleted using secure file deletion software.
If I discover that there has been a breach of your personal data, I will let you know. I keep an electronic backup of contact details on an encrypted USB drive, which is stored in a locked cabinet. I also hold contact details on my PC and mobile phone. These devices are secured with passwords
I maintain brief and anonymised session notes to enable me to work effectively. These notes are electronically stored, secured by encryption and accessed only for the purposes of my work with a client. I hold any information relating to you for 3 months after our last contact or ending of any sessions. At this time, any data relating to you will be securely deleted.
Your phone number and email address will be held on a secured PC. Your phone number is held for the specific purpose of arranging or rescheduling appointments, to carry out counselling sessions where telephone counselling has been agreed. Your email address may also be used for arranging or rescheduling sessions. If secure video calling is agreed as the way your sessions will be completed, then invitation links to these sessions will be sent to your email address. Counselling may also take place by email with prior discussion and agreement.
Emergency Contact Data
Because of the nature of working online, I will ask for an emergency contact for you when we begin counselling. This is stored under your name electronically on an encrypted USB drive. It is very unlikely that I will ever use this information, but I ask for it so that if I become concerned for your welfare and cannot contact you directly, I can ask that person to check on your wellbeing.
Your GP Contact Data
This data is collected at the start of counselling and is stored electronically along with your name and contact details. It is unlikely that this information will ever be used, but any contact made by me to your GP will be with your explicit agreement and will be done to ensure your welfare, possible reasons for contact may include to discuss any diagnosis or treatment as well as any safety plans that may be required.
Any relevant medical information will be collected at the start of and during counselling sessions. This information is stored electronically and encrypted. It may be relevant to share medical information with me in some situations:
Session notes are not detailed and will not contain your name. Each client is allocated a reference number and this reference number will be used to store your notes. The reference number is stored alongside your name and other contact details in a separately secured file. These session notes are maintained solely for the purpose of delivering an effective service to you. I am required for insurance purposes, to keep these notes for three years. At that point they will be securely deleted using secure file deletion software.
I am required by law to keep certain financial information, primarily for tax purposes. This information, as advised by HMRC is kept for seven years. Any income I receive will be recorded on a spreadsheet showing the date of the session and your unique client reference number. This client reference number is stored alongside your name and other contact information in a separate secured file.
Payments by credit/debit card and BACS are processed by my bank. Any printed statements are kept in a secure cabinet. If these are required to be submitted for tax purposes, any potentially identifiable information will be redacted.
When payments are made by BACS your account name (or the name of the person who is making the payment) and any reference number used, may show up on online or paper-based bank statements. Banking transactions maybe viewed by employees of the bank, my accountant and/or financial advisor and HMRC tax officers all of whom will have their own GDPR policies.
Emails/Text Messages and Third-Party Applications
My mobile phone is password protected and is used solely for the purpose of my counselling work, no one else has any access to this device. My email account is secured using Microsoft business standard security. I may delete certain emails once I have noted their content, for example a session rearrangement. Any emails I feel are appropriate to keep are securely stored. I cannot, however, be held responsible for any email, text, WhatsApp call or message, Skype call or message that you may choose to send me where a third party may have responsibility or access to that data.
If you have any other questions about how your data might be used or stored. Please contact me as the Data Controller: email@example.com