This privacy notice tells you what I will do with your personal information from the first time you get in touch through to when your counselling has ended.
I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR) and the Data Protection Act 2018. As a British Association for Counselling and Psychotherapy (BACP) member I have a contractual commitment to working in accordance with their current Ethical Framework for the Counselling Professions. I also adhere to the British Infertility Counselling Association’s (BICA) Guidelines for Infertility Counselling Practice. Please visit the BACP (www.bacp.co.uk) and BICA (www.bica.net) websites for more information.
Your privacy is important to me and you can be confident that I will keep your personal information safe and secure and will only use it for the purpose it was given to me. I am happy to talk through any questions you might have about my data protection policy and you can contact me by phone (07599 511610) or email (email@example.com). ‘Data controller’ under the GDPR is the term used to describe the person that collects, stores and has responsibility for people’s personal data. In this instance, the data controller is me. I am registered with the Information Commissioner’s Office. My registration number is A86099359.
My lawful basis for holding and using your personal information
The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. If you have had counselling with me and it has now ended, I will use legitimate interest as my lawful basis for the time I hold your personal data. If you are currently having counselling with me or if you are in contact with me to consider counselling, I will process your personal data where it is necessary for our counselling agreement. The GDPR also requires that I appropriately look after any sensitive personal information that you may disclose to me. This type of information is called ‘special category data’. The lawful basis for me holding and using any special category data is that it is for provision of health treatment (in this case counselling) and necessary for an agreement with a health professional (in this case, a contract between me and you).
Be assured that everything you discuss with me is confidential. Confidentiality will only be broken if there is a concern that you or someone else may be at risk of serious harm, or if there is a legal requirement from law enforcement agencies or government departments for me to disclose information about you. I will always try to speak to you about this first, unless there are safeguarding issues that prevent this.
The information I collect
When you contact me with an enquiry about my counselling service, I will collect information from you to help me with your enquiry. This will include your name, your preferred ‘phone contact number and an email address. Alternatively, your GP or other health professional may send me your personal data when making a referral or making an enquiry on your behalf.
If you decide not to proceed with counselling, I will ensure all your personal data I have been given is deleted within 48 hours of receiving notification. If you would like me to delete this information sooner, please let me know.
Information I request before the first counselling session
Once we have had an initial 15-minute phone consultation and if you decide you would like counselling from me, I will email you copies of my Counselling Agreement and Privacy Notice so you can read them before our first session. We can discuss these in the first session if you have any questions about them. If you are having virtual face-to-face or telephone counselling, in addition to emailing you the Counselling Agreement and Privacy Notice I will also email you a statement that allows you to inform me, by return email, of your consent and agreement to both documents. If you are having face-to-face counselling these documents will be signed in the first face-to-face session.
• Information collected in the first counselling session
In your first counselling session and after answering any questions you may have, I will ask for personal data (the GDPR ‘special category data’ mentioned above) from you. This will include your address and preferred ‘phone number. I will also ask for an emergency contact (such as next of kin) and your GP's contact details along with any relevant medical information.
• Information collected while you are accessing my counselling service
After each of your counselling sessions I will write brief session notes. They are my record of the session content and are a reminder of any important facts, changes or progress I want to recall, perhaps to discuss further in our next session or, once anonymised, to take to supervision. The notes might also contain important information you send me between sessions via email. They may also contain other personal data you share throughout the counselling process including your age, marital status, children, occupation, medications and health issues and any other ‘special category data’ for example your race, ethnic origin, political views, religion and sexual orientation.
• Your information after your counselling ends
Once counselling has ended all your personal data held on my password protected laptop will be kept for 3 months then will be securely deleted to ensure it is ‘put beyond use’.
Your ‘phone number held on my password protected, work mobile phone will also be kept for 3 months then permanently deleted. If you want me to delete your information sooner than this, please tell me. Your session notes, signed Counselling Agreement consent and Privacy Notice consent will be securely shredded 3 years after the counselling process ends in accordance with BACP’s Professional Conduct procedure.
Why I collect your personal data
BACP, my professional body advises the keeping of session notes as part of good counselling practice. Towergate Professional Risks, my insurance provider, also requires that I keep session notes.
I request your ‘phone number, address and email so that I can contact you to arrange sessions, rearrange sessions and cancel sessions (e.g. if you or I were ill). I may also want to send you information and resources as we work together.
I request details of an emergency contact so I have a named person I can call should you become unwell or very distressed during a session.
I request your GP contact details under my duty of care to you as my client. I would only contact your GP in a situation where you needed urgent medical help or support. I would aim to have your consent to do this.
How I store your personal data
I keep your personal data securely in a password protected and encrypted folder on my password protected laptop that is solely for my use.
I keep written session notes for each session. These are anonymised using an ID coding system and kept in a file in a locked, metal filing cabinet.
I also hold your preferred ‘phone number on my password protected, work dedicated mobile phone for the period that we work together, stored under your anonymised ID code.
Your consent regarding the Counselling Agreement and Privacy Notice, emailed or handed to me are stored in a separate, locked, metal filing cabinet.
For security reasons I do not retain text messages from you for more than 2 weeks. If there is relevant information contained in a text message, I will transfer it to your anonymised session notes.
Any email correspondence from you will be deleted immediately after reading if there is no reason to keep it. If necessary, I will transfer any relevant email information to your anonymised session notes.
Online Virtual Face-to-Face Session Security
Caroline Stewart Counselling does not currently have a presence on social media.
Your security when paying session fees
For privacy reasons, if you choose to pay for the counselling sessions by bank transfer, you may prefer to use an ID code you tell me, instead of your name. If you use your name on bank transfers it will appear on my printed and electronic bank statements. If you choose to use your name, I will blank it out on any printed statement copies before passing them to my accountant. Information on transactions can be found under my bank’s Data Protection Policy. www.bankofscotland.co.uk
I try to be as open as I can be in terms of giving clients access to their personal information. You have a right to ask me to delete your personal information at any time. I will comply with your request after ensuring that I can do so and still work ethically and within the law. I reserve the right to seek legal advice. You have the right to ask me to limit how I use your personal information, or to stop processing your personal information. You also have a right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances. You can read more about your rights at ico.org.uk
To make a request for any personal information I may hold about you, please email your request to me on: firstname.lastname@example.org
If you have any concerns about how I handle your personal data, please do not hesitate to get in touch with me by emailing me on email@example.com I would welcome any suggestions for improving my data protection procedures. If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK.
For more information go to ico.org.uk
Thank you for reading my privacy notice