I hold sensitive personal data about my counselling clients, so data protection is of the utmost importance.
This statement details how this data is used and protected in accordance with the General Data Protection Regulation (2018).
Data held and its purpose
I hold the following personal data: name, address, phone number, email address, date of birth, GP, medication taken, and notes from the counselling sessions.
Clients give their consent to the collection and holding of their personal data (via the therapy contract) and this is a prerequisite for the provision of therapy.
The client provides their data at the initial contact and during the therapy sessions. Name, phone number and email address are held for communication of details of therapy appointments and therapy information, and for phone therapy sessions. The client’s address is held in case of an emergency, for example, if the client is taken ill during an online session and an ambulance is required. The address may also be shared with the police if the client or other person are at risk of serious harm without intervention. The client’s date of birth and GP details would be used if the client was suicidal or needed referring to more specialist mental health support. Details of medication provide useful background information on a client’s state of mind, possible side-effects and their likely impact on therapy. The emergency contact number might be used if the client didn't turn up to a planned session following a previous discussion of suicidal thoughts. Notes of the therapy sessions are kept to facilitate my memory of the sessions and in case of legal proceedings.
Data is kept for 12 months after the client’s last therapy session (in case the client returns) unless there is a possibility of information being required via a court order, in which case data will be kept for three years. At the end of this period I delete data held electronically and shred paper notes. I also run an annual check to ensure that no data has been held beyond its retention period.
Data will not be shared unless requested through a valid legal process. In this situation, the bare minimum of information necessary to meet the legal requirements would be supplied.
Clients are told the purpose of the collection of the data when they provide it and how long it is kept for. They are told that they can have access to the data at any time.
Written notes and hard copies of contracts are kept in a locked desk. My note-taking device, email account, computer and phone are password protected. I always lock my computer screen when I am away from it and my phone is set to auto-lock after two minutes of inactivity. I carry the relevant client’s therapy notes to and from in-person therapy sessions and never leave them unattended.
In the event of my permanent incapacitation, my clinical will will be enacted. This allows for a trusted therapist to delete all client data after informing current clients of the situation.
Clients have the following data rights:
○ To be told what data I hold about them and what I do with it.
○ To request a copy of their data I hold.
○ To have any inaccuracies corrected.
○ To ask me to delete or destroy their data.
○ To be able to limit the amount or type of data used.
○ To move their data electronically to another business.
○ To request me stop using their data
This data protection statement is available on demand and via the website.
If you are concerned about how your personal data is handled, please contact me at firstname.lastname@example.org. If you are not satisfied by my response and believe that I am not managing your personal data in accordance with the law, you can complain to the Information Commissioner's Office: ico.org.uk
Updated 27 September 2023