Data protection statement
I hold sensitive personal data about my counselling clients, so data protection is of the utmost importance. This statement details how this data is used and protected in accordance with the General Data Protection Regulation (2018).
Data held and its purpose
I hold the following personal data: name, address, phone number, email address, date of birth, GP, medication taken, and notes from the counselling sessions.
Clients give their consent to the collection and holding of their personal data (via the counselling contract) and this is a prerequisite for providing counselling.
The client provides their data at the initial contact and during the counselling sessions. Name, phone number and email address are held for communication of details of counselling appointments and counselling information, and for phone counselling sessions. The client’s address is held in case of an emergency, for example, if the client is taken ill during a session and an ambulance is required. The address may also be shared with the police if the client or other person are at risk of serious harm without intervention. The client’s date of birth and GP details would be used if the client was suicidal or needed referring to more specialist mental health support. Details of medication provide useful background information on a client’s state of mind, possible side-effects and their likely impact on therapy. Notes of the counselling sessions are taken to facilitate my memory of the sessions and in case of legal proceedings.
Data is kept for 12 months after the client’s last counselling session (in case the client returns) unless there is a possibility of information being required via a court order, in which case data will be kept for three years. At the end of this period I delete data held electronically and shred paper notes. I also run an annual check to ensure that no data has been held beyond its retention period.
Data will not be shared unless requested through a valid legal process. In this situation the bare minimum of information necessary to meet the legal requirements would be supplied.
Clients are told the purpose of the collection of the data when they provide it and how long it is kept for. They are told that they can have access to the data at any time.
Written notes and hard copies of contracts are kept in a locked metal storage box. Notes are scanned and stored electronically in password protected files after the completion of counselling. My email account, computer and phone are password protected. I always lock my computer screen when I am away from it and my phone is set to auto lock after two minutes of inactivity. I carry the relevant client’s counselling notes to and from in-person counselling appointments and never leave them unattended.
Clients have the following data rights:
○ To be told what data I hold about them and what I do with it.
○ To request a copy of their data I hold.
○ To have any inaccuracies corrected.
○ To ask me to delete or destroy their data.
○ To be able to limit the amount or type of data used.
○ To move their data electronically to another business.
○ To request me stop using their data
This data protection statement is available on demand and via the website.
If you are concerned about how your personal data is handled, please contact me at firstname.lastname@example.org. If you are not satisfied by my response and believe that I am not managing your personal data in accordance with the law, you can complain to the Information Commissioner's Office: ico.org.uk
Updated 26 August 2020