This privacy notice explains what sort of data I will collect and how I will store and handle that data in accordance with the General Data Protection Regulation (GDPR).
When do I collect your personal data?
Personal data will be collected when you submit an enquiry through the website. Enquiries submitted through the contact form on my website are sent directly to me by email and then deleted from the WebHealer systems. My email contact form only captures your name and email address, along with the IP address of the computer used to make the request. The contact form collects your name and email address so that I can make initial contact with you.
What sort of personal data do I collect?
At the beginning of our work together I will ask you to complete a client information form which captures personal data such as name, address, contact details, GP details and medical history. Your personal data will be used to provide you with my services as specified on our counselling contract. I will only use your data for the purpose for which it was collected.
Counselling is a confidential service and I will only share your data with third parties where we are required to do so by law. An example of this might be contacting your GP or another health professional if there is an immediate risk to yourself, or another. Another example might be if you are involved in a court case or police investigation then my session notes might be requested by the court. I keep brief written notes from our sessions, which are not identifiable and are stored in a secure place.
How will I protect your personal data?
All records, including the client information form and client notes are kept securely. It is a requirement of the British Association for Counselling and Psychotherapy (BACP) that I have clinical supervision and therefore I may discuss our work during these meetings, however all records are kept securely and are adequately protected from unauthorised disclosure.
How long will I keep your personal data?
Records are kept for a period of 7 years and are then destroyed securely.
What are your rights over your personal data?
I recognise that there may be occasions whereby clients may wish to exercise their rights under GDPR and make a subject access request in respect of personal information held. You also have the right to request that information relating to you be deleted or amended at any time. Any such requests should be put in writing to me at firstname.lastname@example.org.
If you have any concerns about how I have handled your data you can contact the Information Commissioner’s Office.