I am committed to adhering to the General Data Protection Regulation (2018) and to the responsible and secure use of your personal data that you provide to me. I have a legitimate interest in processing personal data in order to respond to your enquiries about counselling with me and to provide counselling to clients. The purpose of this policy is to inform you about what personal information I collect, the data purpose, how data is stored, confidentiality and limitations, and your rights under the GDPR.
Data Controller Information
Data Controller: Jan Lewis
Contact details: email: firstname.lastname@example.org mobile: 07399427089
I am registered with the Information Commissioner Office (ICO), which is renewed each year.
Lawful Basis for holding and using Client Information
As a registered member of British Association for Counselling and Psychotherapy (BACP), I work within the BACP Ethical Framework for the Counselling Professions. The lawful basis under which I hold and use your information is my legitimate interests; my requirement to retain the information in order to help me in my work with you; to provide you with counselling that meets the BACP Ethical Framework for the Counselling Professions; to meet the requirements of my insurers; if information is sought through a legal processes.
I use the information held about you for the following reasons:
Information collected and retention
I collect personal information from you via Email, telephone calls and texts for initial enquiries and, if applicable, to arrange or change appointments. Also, I collect personal information from you in the initial session and subsequent counselling sessions, if you continue counselling with me.
Email, texts messages and phone calls for initial enquires and initial session appointment
I may collect personal information from you when you enquire about counselling with me and in order to set up an initial appointment. This information includes contact details, your availability and other relevant personal information you share. I recommend you do not include personal sensitive information via email or text, especially since as this is subject to limits of confidentiality from the email or phone company providers.
Initial session record
At the initial session, I ask about your current personal, social, family and medical circumstances, about any previous counselling experiences, as well as the issues that have brought you to consider counselling and, if you know, your hopes for counselling. Also, I ask for a brief personal background and family history. I require this information, so we can decide together if the counselling I provide is right for you. I keep a brief hand written record that has your initials, DOB, date of initial contact, date of assessment, Occupation, GP name and contact details, medical history, known risks, previous counselling experiences, presenting issues, hopes desired through counselling (if you know) relationship status and brief family background.
The initial session record is securely stored for 4 years from the initial session appointment or last counselling session date to comply with insurer and my professional body obligations.
If you continue to access counselling with me, the additional information below is collected, securely stored and retained for 4 years (unless different length of time stated) from the last counselling appointment date.
A counselling agreement (storage is for 6 years, as a contractual agreement)
This mutual agreement covers session time and venue, absences and cancellations, fees, contact boundaries during our therapeutic relationships, confidentiality and limitations, endings, professional ethics and a declaration of consent.
I keep brief hand-written annonymised notes on sessions to help me in my work with you.
If you continue to access counselling with me, the additional information below is collected, securely stored until 7 days after the date of your last counselling session.
A contact details index card
This records your name, date of birth, address, phone number and email address to enable me to contact you regarding changes in appointments or to follow up outstanding fees.
A GP consent form
This consent form is to enable me to make contact with your GP, if applicable, either by letter or phone, to discuss your care. Other than in emergency situations, if identified contacting your GP is needed, I will have discussed with you beforehand the exact purpose of contacting your doctor and the information to be exchanged.
Email, texts messages and phone calls
To maintain our therapeutic relationship the only contact outside of the counselling sessions is for cancellations or if you wish to inform me you are running late. Within 5 working days these will be deleted, when I have handwritten the content of the Emails, text or voicemail into your case notes.
How information is stored
As the GP consent form, contact card and counselling agreement identify you, these are securely stored, separately from initial meeting notes and case notes, in a safe that only I have access to.
The initial meeting record has your initials, DOB and a unique reference code and case notes are anonymized with this code. These are kept separately from the GP consent form, contact card and counselling agreement and are securely stored in a locked cabinet that only I have access to.
If fees are via bank transfers
Please be aware that if paying by banks transfers your name may appear on my bank statements, which I only view unless required for financial purposes (i.e. HMRC audit)
Confidentiality and limitations
The personal data that you provide me are strictly confidential and I will not share to third parties any information that you provide me, except in the following cases:
When I have a legal duty to report to the appropriate authorities:
Protecting Your Personal Data
I am committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, I have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information I collect from you. I do not hold records electronically.
Your rights under the General Data Protection Regulation (2018)
The right to be informed
This policy informs you about what personal information I collect, the data purpose, how data is stored, retained and confidentiality and limitations.
The right of access
If you wish to read information that I hold, I require 28 days notification from you (verbally or in writing). If you are in counselling with me, to promote a therapeutic approach to your right of access, I recommend we discuss in the counselling session what personal information you would like to access and how you would like access.
The right to rectification
You have a right to request any information that you believe is inaccurate, incomplete or out of date to be corrected within 28 days. If I believe the information is accurate, I will discuss with you and record you concerns next to the data you have challenged.
The right to erasure (also called “the right to be forgotten”)
You may withdraw your consent for me to hold and process your data at any time, by completing a Consent To Withdrawal form, available from me upon request. However, please note that:
a) If you do this while actively receiving counselling with me this will need to end. This is because the information you give me helps me in my work with you.
b) I will consult with my professional body and my insurers to inform my decision as to whether I shred all records, since I may need to retain initial session record, counselling agreement and case notes. If I refuse to comply to your right for erasure, I will inform you in writing as to the reasons why and this will include details of how to make a complaint to the ICO
The right to restrict processing of personal data
You have the right to request limits on how I use your personal information.
The right to data portability
You have the right to request copies of information I hold that you have shared with me and we will agree how this is to be done; please note I do not keep electronic records.
The right to object
You have the right to inform me that you no longer wish for your data or parts of your data to be processed.
I use Google Analytics on my website to generate statistical and other information by means of cookies. A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic and lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. You are not identified in this statistical information.
I use traffic log cookies to identify which pages are being used. This helps me analyse data about webpage traffic to improve my website in order to tailor it to customer needs. I only use this information for statistical analysis purposes to monitor which pages are visited. A cookie in no way gives me access to your computer or any information about you. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website. To find out more about cookies, including how to see what cookies have been set and how to block and delete cookies, please visit http://www.aboutcookies.org/
To ensure best practice, I will next review this policy in April 2023 or sooner, if further additional relevant and significant information on the GDPR becomes available.