I am registered with the ICO (Information Commissioners Office) and adhere to the General Data Protection Regulation (GDPR) which means I need to tell you what data I am collecting from you and what I intend to do with it.
Collection and usage of your personal data
- I collect personal and sensitive information about clients (including name, address, email address, telephone numbers, GP/emergency details, date of birth, gender, ethnicity, religion, sexual orientation, medical and mental health information).
- I use the information to provide an effective counselling services, to contact clients regarding sessions and to send receipts and/or invoices.
- I keep short factual notes of sessions and a record of attendance.
Sharing of client data
- I might share data if required by law, or if ordered to by a court or if a client tells me about risk of serious harm to themselves or someone else.
- I have clinical supervision where I talk about my work, but I only use a client's first name. Supervision is also confidential.
- All payments are recorded in my accounts using a client's name and might be shared with HMRC if I am audited.
- If an Employee Assistance Programme (EAP) or insurance company has referred you, factual notes and attendance details might be provided to the EAP or insurance company.
Storage and disposal of data
- Most of my records are stored securely using BacPac (bac-pac.co.uk) which is a fully encrypted cloud based online system for counsellors. My financial accounts, email, mobile phone and diary system are all electronic and password protected. Any paper records are stored securely in a locked cabinet.
- My insurer requires me to keep counselling session notes and client personal information for a period of five years. After this time data will be destroyed.
- I will delete any data related to clients from my business mobile phone and email no later than one month after ending the therapy.
Access to or change of client data
- A client can make a subject access request in respect of their personal information held by me by making a request in writing. Once I receive the written request, I will respond within 14 days. If a client were referred by an EAP or insurers, they might need to address the request directly to them.
- If during counselling information is provided by more than one individual (couples counselling) I will only release information if consent has been given by both individuals involved.
- A client may also request that inaccurate personal data is amended.
If a client has any concerns about how I have handled their data, a complaint can be made to the Information Commissioner’s Office (ICO): ico.org.uk/concerns