I comply with the regulations outlined in the General Data Protection Regulation (EU 2016/679) in relation to information I obtain and hold in relation to my work.
Data Controller
As a sole trader, I am the Data Controller and am registered as such with the Information Commissioners Office (ICO).
Reasons for Collection of Information
I collect personal information for proper and lawful reasons and your information will only be processed if it meets at least one of the following conditions.
-
To fulfil my counselling agreement with you. This includes the collection of information before we enter into a counselling agreement, during your counselling and after the counselling has concluded.
-
To ensure I am giving you a professional and ethical service that complies with the Codes of Practice of the professional organisation I am a member of (BACP) and the requirements of my insurer.
-
When it is my legal duty to collect, store, use or transfer information in order to comply with legislation or the instructions of a court of law.
-
When it is required to maintain my own safety, your safety or the safety of third parties.
-
To monitor the effectiveness of my website, and/or other marketing activity.
-
To enable financial transactions between us.
How Information is Collected
-
The personal identifiable information I collect, store and use comes entirely from our conversations, emails, texts and phone calls.
-
The information others may hold comes from our online communication and/or from financial transactions between us.
Types of Information Held
-
Your name, gender, address, mobile/home number, email address, date of birth, name of GP, medication information, method which initiated contact.
-
ICE (In Case of Emergency) contact information; name, relationship and phone number.
-
Communication information from letters, emails, texts, and phone calls.
-
Signed letter of contract consent.
-
Information required to fulfil the counselling agreement between us.
-
Information about financial transactions between us.
Anonymised information I hold-
-
Information derived from sessions (case notes).
Third Parties may also hold information gathered through your interactions with me. This includes,
-
Information derived from the use of cookies on my website. (Note 1)
-
Information derived through email, SMS, phone contact between us (Note 1)
-
Information derived from our use of videoconferencing applications (Note 1)
-
Information about financial transactions between us
-
Information derived from the location of our phones (Note 2)
Note 1 - this is meta-data such as date, time, IP address and duration of communication, and usually does not include the content of the conversations.
Note 2 - Modern Smartphone applications upload the location of the phone to the application server. This can result in applications such as Facebook deriving a connection between us.
Storage of Information
I store information in two forms
-
Digitally -
-
Contact information - held on phone, laptop (password protected files) and backed up in the cloud and locally.
-
Emails - held on a laptop, phone and backed up on local devices.
-
SMS Texts -held on a phone, and backed up in cloud storage.
-
Anonymised calendar appointments - held on a phone, laptop and online system; backed up locally.
-
Anonymised case notes and information from sessions – held on a laptop and backed up on local devices.
-
-
In Paper form -
-
Your name, gender, address, mobile/home number, email address, date of birth, name of GP, medication information, method which initiated contact, ICE – held separately to the case notes, locked in secure filing cabinet.
-
Signed letter of contract consent - held separately to the case notes also in a locked cabinet.
-
Sharing of Information
Who I may share personally identifiable information with
-
Statutory bodies when required to by law or instruction of a court of law.
-
Your emergency contacts in case of an emergency.
-
Statutory bodies when required to avoid harm to you, me or others.
-
My accrediting/ethical membership body, insurers and professional advisers in the case of you making a complaint against me.
-
My professional executor, in the case of my incapacity or death.
-
A lawyer - If your information is requested by a court or you raise a legal action against me I may take legal advice, in order to clarify whether the court has jurisdiction, and whether the request meets the strict legal criteria required in such cases. In this situation I may consult a lawyer to help me make an informed decision about whether to release some or all the information I hold to the court. Personal information pertinent to the decision will be made available to the lawyer, who will be bound by a Professional Code of Conduct.
Who I share anonymised personal information with
-
Clinical Supervisors in order to ensure I am operating effectively and ethically.
-
Other counsellors who are members of a Professional Register in order to gain insight and to facilitate the sharing of best practice.
How long will I keep your information?
I will keep your information for a variety of lengths of time depending on how it is held
-
Digital Information - Basic contact information - contact information, emails, texts, messages and calendar appointments. For technical reasons this information cannot be entirely erased and could therefore remain accessible to a technically competent person until the storage device is destroyed or securely wiped and reformatted.
-
Paper information - Paper copies of information and signed contracts as outlined above will be shredded 5 years after counselling ends.
Your rights
You have a range of legal rights including
-
the right to access your personal information
-
the right to require me to change any factual mistakes in the information I hold.
-
the right to withdraw your consent to the non-essential processing of information*
-
the right to request the deletion/destruction of your personal information*
*You can withdraw consent to the use of your personal information and/or request its destruction however there are limits to this right laid down in the legislation. For example you cannot demand the destruction of records of financial transactions.
For more information about your Information Privacy Rights or to make an Information Privacy orientated complaint you can contact the Information Commissioners Office through their website https://ico.org.uk/