This policy refers to two types of personal data: identifiable information (including your name and contact details) and non-identifiable information (any information stored without identifiable information).
Personal data held
Identifiable information is acquired through your initial enquiry and in our first session and is held for the purpose of our ongoing communication and in accordance with my insurance company’s policy. Beyond your name, phone number and email address, further identifiable information is optional.
Non-identifiable information may be kept for the purpose of clinical supervision and reflection, insurance requirements, and decisions about risk and duty of care. This information is anonymised and stored separately from identifiable information.
Personal data collected on paper is stored in a locked filing cabinet. Electronic records are anonymised as far as is possible and password protected. My email account is powered by Microsoft, my website is powered by Wix, and I use Zoom (both password protected and end to end encrypted) for video sessions - any collection and use of data by these companies is subject to their own privacy policies.
Anonymised financial records are kept electronically (with password protection) for tax purposes. Electronic records exist for any transactions made by bank transfer, cheque or card payment. I use Paypal to take payment and their collection and use of data is subject to their own privacy policies.
I check annually that the personal data I hold for current clients is accurate and up to date. However, clients are encouraged to notify me of any changes to their personal data as soon as possible so that I can update my records.
In line with best professional practice and the requirements of my insurance company, personal data is kept for five years after you finish counselling or our last contact after which time it is destroyed by shredding or secure deletion. I annually check the personal data I hold to make sure everything has been deleted at the end of its retention period.
Sharing of data
Under normal circumstances, no information about you will be passed to anyone. This includes both identifiable and non-identifiable information.
In certain circumstances, I may pass on confidential information. These circumstances may include where there is risk of serious harm, if I am required by law to do so, or if I am required by a professional membership body, the ICO, HMRC or my insurance company to do so in the event of a complaint, legal action or audit. Where possible I will first ask for your consent before sharing the required information. In the event of my death or incapacitation, a trusted colleague is nominated to contact my current clients and to support them in making alternate counselling arrangements where required.
Your rights under GDPR legislation
The GDPR provides rights for individuals such as access to information held about them, and an avenue for complaints (contact the ICO or visit their website for further information). Please contact me in advance if you would like to ask me to provide a copy of the information held by me in my records, or to correct any inaccuracies in your information. You have a right to complain to the Information Commissioner's Office if you believe I am mishandling your data.