General Data Protection Regulations (GDPR 2018) classify me as a data controller and require me to tell you how I protect your data. In the process of undertaking counselling sessions, some of your personal data will be stored and processed. This document is provided to make as transparent as possible how I use it, where I keep it and what I do with it.
Information Collected & Stored:
- In my role as a counsellor in private practice I complete a ‘Counselling Assessment’ document in the first session, capturing information which could identify you, e.g. your name, phone number, email address, home address and GP details. This is so I have methods of contacting you. This contact information is in paper form and is stored securely in a locked filing cabinet.
- In case of my ill health this information in the ‘Counselling Assessment’ document can be accessed by a nominated professional executor – a colleague who is a Registered Counsellor – who will be able to access your contact details to inform you of my inability to work.
- Your signed ‘Counselling Agreement’ document is stored on paper in a secure locked filing cabinet with your contact information.
- I also keep a record of the date of each counselling session and if required, notes regarding the theme of a session, identified only by your initials. I use this to keep a record of our work as it progresses. This information is stored electronically on my computer, and is password protected. Only I have access to this password.
- Your phone number is stored by first name only on my phone which has a lock-screen and finger-print security.
Data Retention / Deletion:
- I delete ‘administrative’ type texts or emails that you send me once they have been acted upon, e.g. arranging sessions. If I receive a more in-depth email relating to session content, then I will store this electronically and password protect the document.
- As advised by my therapist insurance any counselling records will be kept for 7 years before they are deleted securely.
- As stated in my ‘Counselling Agreement’ document there are limited situations where I may share your information, such as if I believe you or someone else is at risk of significant harm. I would always inform you first that I need to share my concerns with another professional, e.g. GP.
- In rare cases I may be obliged by law to share any content of our sessions – this would be if you disclosed matters relating to terrorism or money laundering. In this unlikely event I would always inform you before doing so.
- In line with my professional registration, I share client information in monthly Clinical Supervision where only the necessary anonymised information will be shared, using only your first name. Supervision, as well as adherence to professional guidelines, ensures that our practice continues to be ethical and competent.
Access to Information:
- You can request access to personal information (Subject Access Request) that I hold on you, except in limited circumstances when I am not permitted to do so for legal reasons. I will provide this information to you within 30 days. If you feel any information, I hold about you is inaccurate, then you are able to ask me to update your information.
- If you want me to delete information, then please do so in writing and I will endeavour to do so unless I need to keep it for legal or internal business purposes.