Last updated October 2022
Your privacy is very important to me and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me. I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
- Why I am able to process your information and what purpose I am processing it for
- Whether you have to provide it to me
- How long I store it for
- Whether there are other recipients of your personal information
- Your data protection rights.
‘Data controller’ is the term used to describe the person/organisation that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is me (Simon Cook). I am registered with the Information Commissioner’s Office with reference number: ZB397585. Organisation name: Find Clarity Counselling Ltd.
My phone number is: 07553 196429. My email address is: firstname.lastname@example.org
What type of personal information do I collect?
I will keep client data you provide so that I can work safely and professionally following the BACP Ethical Framework. Under GDPR you have the right to know what client data I hold, why I hold it, and for how long. The client data that I hold may include:
- Your name and address
- Date of birth
- Contact information including email address
- An emergency contact’s name and phone number
- Your GP name and contact details
- Relevant medical and health information such as use of medication, how well you are sleeping, any history of mental illness
- Information about any disability or communication difficulty you may have
- Session notes
- Payment information. I keep a note of payments you have made and invoices on a financial spreadsheet for my business. I am required by law to retain certain financial information for tax purposes. I keep financial information for 7 years as advised by HMRC. Payment by BACS or cash will be processed by my bank, transactions may be viewed by employees of the bank and tax HMRC. When payment is made via BACS, your account name or reference (or the name of the person who is paying) may show up on my online or paper bank statements. You have the right to discuss alternative payment options with me.
- Emails, texts, messages to you, and yours to me. I will delete emails / texts after I have noted the contents (for example, emails around scheduling). Electronic correspondence will also be held by the corresponding app (email provider, device SMS, WhatsApp). I may keep emails/texts if I consider them necessary to our work. I will delete emails/texts/messages when our work ends, and only I will see the information.
During our work you will likely disclose ‘special category personal information’ and sensitive personal information to me. I’m legally required to take strong measures to protect your confidentiality with any of the following sensitive information that would be important for me to know in order to help you. These details might include but are not limited to:
- gender, sexuality, relationship status
- religious or other cultural beliefs
- physical or mental health information
- offences (including alleged offences)
- financial information
- family, lifestyle
When you visit the website www.findclaritycounselling.co.uk, I will collect the following information about your visit: I.P. address, location, search engine, date, time, web pages visited, operating system, and device.
My website is hosted by Superhost, who adhere to the requirements of GDPR. None of your personal information is stored on my website, other than to momentarily collect and send it to my email account for the purposes of our initial contact
What is the lawful basis for me processing your data?
In order to provide you with counselling I will need information from and about you.
I only use information about you in ways that are core or legally essential for me to fulfil my role as an effective, safe, ethical and responsive counsellor to you.
The lawful basis for me processing any special categories of personal information is that it is for provision of health treatment (in this case counselling sessions) and necessary for a contract with a health professional (in this case, a contract between me and you).
How do I obtain your personal data?
I will collect your personal information in the following ways: via my website, over the telephone, via email, over a messaging service and in person during our sessions.
Why do I need your personal information and what am I doing with it?
Your personal information helps guide my assessment process, and my clinical decision-making during counselling. I will also use the information that I collect about you in order to develop a more user-friendly website.
How I use your information?
I will never use your personal data for any purposes other than the administration of the counselling service that I am providing to you i.e. to arrange, cancel and rearrange appointments. In line with guidance from the Information Commissioner’s Office, I will only retain your personal information for as long as is necessary.
Do I share your information with anybody?
I am required to have regular supervision with another professional counsellor as part of my ongoing membership with the British Association for Counselling and Psychotherapy (BACP). I never disclose any personally identifying information about my clients within supervision.
In exceptional circumstances I may be required by law and my ethical responsibilities to break confidentiality with you. I would discuss this with you first wherever possible but if you do not give consent I may still have to disclose information. This relates to situations where you may be at serious risk of harm, causing serious harm to others, the safeguarding of children and adults at risk, offences under the Prevention of Terrorism Act 2000, serious crime under the Serious Crime Act 2007, drug trafficking or money laundering and road traffic accidents under the Road Traffic Act 1991 where I am under legal obligations.
If it’s essential to protect your health and if I obtain your consent, I may share your contact information and relevant medical information with an emergency healthcare service (e.g. GP / ambulance).
Some of your personal information such as website visits, telephone call data, or payment information, is shared with the website provider, mobile phone operator, bank or card payment provider respectively. These providers operate under their own privacy policies and these can be provided upon request.
A limited amount of personal details will be shared with third parties to fulfil legal obligations in respect of tax and accounting purposes. For example, my accountant is permitted access to my invoices.
If your appointments are paid for or arranged via a third party, for example, your employer the only information shared with the third party is the dates of attendance and non-attendance for invoicing and payment purposes. Details about what is discussed in your appointments will remain confidential and can only be shared if you give me your written consent to do so.
In the event of my own serious illness or death I have appointed a trusted colleague to have confidential access to your contact details for the purpose of notifying you and making arrangements for your further care.
I will never pass on your contact details to any third party organisations for the purposes of sales, marketing or research.
How long do I hold information?
I will destroy your contact information when we stop working together and any outstanding fees have been paid. Please note that I need to keep a record of your name, date of birth and your client reference number for seven years after therapy ends. Your client reference number corresponds with a client reference number on your therapy notes and therefore enables me to identify your therapy notes if necessary.
I will retain my brief working notes (therapy notes) in either a locked device (such as a filing cabinet) or a password-protected computer for 7 years and confidentially destroy them after that time. This time frame adheres with current industry guidelines. Should you be under the age of 18, all data will be kept for 7 years following your 18th birthday.
After I have deleted your Data, it may persist on backup or archival media for legal, tax or regulatory purposes.
What are your rights? Who would you complain to if you have concerns?
You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop processing your personal information. You also have a right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances. In more detail you have the following rights
- To be informed what personal information I hold (i.e. this document).
- To see the personal information I hold about you. (Subject Access Request). This will be produced within 30 days in electronic format.
- To rectify any inaccurate or incomplete personal information.
- To withdraw consent to me using your personal information.
- To request your personal information be erased. (Right to Erasure) Though I can decline if the information is needed for me to practice lawfully and competently for example in order to defend myself in a claim situation or to comply with my insurance terms and conditions.
- To receive the personal information which you previously provided and the right to transfer that information to another party.
It is important that the data we hold about you is accurate and current. Please keep us informed if your data changes during the period for which we hold it.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive or refuse to comply with your request in these circumstances.
If you have questions, any complaints or you’d like to make a request as outlined above, please put it in writing and email: email@example.com I will get back to you within 30 days.
You can read more about your rights at ico.org.uk/your-data-matters
If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint
I should be grateful if you would contact me first if you do have a complaint so that I can try to resolve it for you.
How do I store your data?
I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept secure. Electronic records are kept on password-protected devices and any paper records or notes are kept securely in a lockable device
Links to other websites
Change of business ownership and control