This privacy notice explains how I process data to comply with the General Data Protection Regulation (GDPR) 2018. I am a Data Controller registered with the Information Commissioners Office under reference ZA301765. I am committed to protecting your personal data and collecting only necessary data, processing it in a fair, transparent and lawful manner, keeping it no longer than necessary and thereafter securely destroying it. I have implemented appropriate physical, technical and procedural measures to protect your personal data from improper access, use, alteration, destruction and loss. You are entering into an agreement with me for the supply of a service – counselling – and I am processing your data in order to either provide that service or to determine if the service is appropriate. Some of the information you may disclose to me is considered ‘special category’ data. This is sensitive information that might include details for example about your health, mental health, sexual orientation, religious, cultural and political beliefs etc. The lawful basis under which I process special category data is that I am providing a health and/or social care service. I will never sell or share your personal data with other organisations for marketing or promotional, sales or other purposes. I do not use any form of automated profiling or decision-making.
What information do you collect?
In addition to contact details, I keep brief, factual notes about our counselling sessions which may include sensitive information that you have disclosed to me. I also keep creative work, writings, drawings or diagrams that we have used during our work.
Where do you keep this information?
All handwritten client session notes are stored in paper form in my office in a secure, locked file. I do not routinely bring notes to the clinic/sessions. I keep contact details and text messages/emails on my private practice confidential mobile phone and iPad which are password protected and stored securely when not in use.
Who is this information shared with?
Information is not shared with anyone. My professional code of conduct requires me to have regular supervision, which is bound by the same terms of confidentiality; clients are referred to by initials or case ID number only. In the event of me becoming incapacitated in some way, only a nominated trusted colleague would have access to the contact details of my clients. Please see Counselling Practice Living Will or ask me for further details. The only other occasion when I am obliged to break confidentiality would be for reasons which are explained in Working Together in Therapy- Our Contract which we discuss and I ask you to sign to confirm you are aware of and understand this at the beginning of your counselling.
How long do you keep records for?
Generally, I keep personal data for up to 5 years as it could be useful and relevant for a client returning to counselling. I have chosen 5 years as a reasonable time between retaining potentially useful data and keeping data for no longer than is necessary. Your contact details are deleted from devices and paper records are shredded. You would be notified within 72 hours should I become aware of any breaches in data confidentiality.
What are my rights?
Note that some of these rights only apply in certain circumstances and I may not be able to fulfil every request. Please contact me if you wish to exercise any of these rights, or if you want to discuss with me any aspect of my privacy practices.
Tricia Joyce MA (Distinction)