I offer a confidential counselling service. I am committed to complying with the terms of the General Data Protection Regulation (GDPR) and to the responsible and secure use of your data. I have a legitimate interest in processing personal data to provide counselling services.
The purpose of this statement is to let you know what personal information I will collect and hold, why I collect this data, how long it is stored for and your rights over your personal data. I am registered with the Information Commissioner’s Office (ICO), reference ZA765955.
Information about you
I collect personal information from you when you enquire about my counselling services to set up an initial appointment. This information includes contact details, your availability and other relevant information. Once a client finishes counselling, data in the form of session notes is stored securely for 3 years, and data relating to contact details and payment details will be retained for 7 years. After these periods data will be destroyed.
My use of this information
Your data will be used only to provide you with my services and to give you information relating to my services. A breach of confidentiality is when a person shares information with another in circumstances where it is reasonable to expect that the information will be kept confidential. I will not share your details with any other person or organisation without your knowledge and permission unless there is a legal requirement for me to do so.
I will take all reasonable precautions to prevent the loss, misuse or alteration of information you give me. My session notes will be password protected on my password protected PC. I refer to client initials only in my own accounting record keeping. You will not be identifiable from my diary.
Communications in connection with my service may be sent by email. I use Hushmail as my email service provider as it is an encrypted web based service which provides a higher level of security. For ease of use and compatibility, communications on practical matters e.g. scheduling appointments may not be sent in an encrypted form unless you require it. I will encrypt email communication if I am communicating with you on any more sensitive matter. Email, unless encrypted, is not a fully secure means of communication. Whilst I endeavour to keep my systems and communications protected against viruses and other harmful effects by ensuring I am protected by up to date virus/malware, I cannot bear responsibility for all communications being virus-free. I will not be recording any of our sessions without prior notice and express consent by you.
For online sessions I use Zoom. I create a personal meeting ID and password for each individual client. I will not share the meeting ID and password with any third party.
For telephone sessions, you can be assured I work alone and our conversations will not be overheard or recorded.
Your rights over your personal data
If you would like to see the information I hold about you, or would like to correct, update or delete any records, please email me at email@example.com. If you have any concerns about my use of your data, please contact me directly at firstname.lastname@example.org. I will do my utmost to resolve any concerns you have. If for any reason I cannot resolve the issues you may choose to contact the ICO directly.