Your privacy is very important to me and I am committed to keeping your data safe and secure. This document outlines what data is held about you, how that data is used, and your rights over that data.
I am registered with the Information Commissioners Office (ICO) and I adhere to current data protection legislation, including the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003.
I am happy to chat through any questions you might have about data protection and you can contact me via email at firstname.lastname@example.org.
What personal information do I collect?
When you contact me with an enquiry about my services I will collect information to help me satisfy your enquiry. This will include your name, contact details, and basic information about the services you require. If you decide not to continue I will ensure that all your personal data is deleted promptly.
While you access therapy
When you start therapy I will collect additional information that is necessary to providing the service. This will include:
> The name and contact information of your next of kin and GP surgery.
> Records of appointments and attendance.
> Therapeutic notes about our work together.
> Records of financial transactions and your payment information.
The name and contact details of your next of kin and registered GP surgery are collected for your safety. These will only be used in the event that you experience a medical emergency during a session, or if it is necessary to make a limited disclosure for your welfare (e.g., if you express a clear intent to end your life).
Therapeutic notes are collected as these are necessary to the basic fulfilment of therapy. Notes are kept intentionally brief and limited to just that information necessary to support the work. Notes will include details of the things we talk about; for example, your health, wellbeing, and relationships. You have a right to request your notes (see below).
Records of financial transactions between us are collected as these are necessary to take payments and to meet my tax obligations. Your payment details (e.g., bank account number, sort code) will be collected only if it is necessary for me to issue a refund.
After therapy has ended
Once therapy has ended I will keep your personal information for 3 years from the date of our last contact. This is to meet my obligations under the terms of my insurance. After this your information will be deleted. If you want me to delete your information sooner than this, just let me know.
When is information shared with others?
Everything we discuss in therapy is strictly confidential and will not be shared with anyone. However, there may be times when I need to share your personal information with others, including:
> Where I have an ethical obligation to share information for your safety (e.g., if you express a clear intent to harm yourself or someone else).
> Where I am legally required to share information; e.g., under legislation relating to child protection, money laundering, drug trafficking, and terrorism.
> Where am I ordered to share information by a court, or where you have authorised in writing that I share information with someone else (e.g., your solicitor).
I will always speak to you about this first, unless there are safeguarding issues that prevent this.
What is the lawful basis under which information is collected?
Under the GDPR I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I collect your data:
If you are currently having therapy, or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract and because I have a vital interest in processing your data.
If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information.
The GDPR also requires that I look after any sensitive personal information that you may disclose to me. This information is called ‘special category data’, and includes information about your religion, gender, sexuality, and ethnicity. The lawful basis for me processing special category data is that it is for the provision of health treatment (in this case, counselling or psychotherapy) and necessary for a contract with a health professional (in this case, a contract between you and me).
How is your information stored?
Your information is securely stored using encrypted and password protected computer systems.
Third party recipients of data
I sometimes share data with third parties, for example, where I have contracted a supplier to carry out specific tasks, like managing appointments or processing payments. In such cases I have carefully selected partners that are appropriate to the provision of a therapy service, and I have contracts with them to ensure they only use your data for the purposes for which they have been contracted.
Your data protection rights
Under data protection law, you have rights over your data:
Your right to access – You have the right to ask me for copies of your personal information.
Your right to rectification – You have the right to ask me to rectify personal information you think is inaccurate. You also have the right to ask me to complete information you think is incomplete.
Your right to erasure – You have the right to ask me to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask me to restrict processing of your personal information in certain circumstances.
Your right to withdraw consent for data processing – You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that I transfer the personal information you gave me to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, I have one month to respond to you. Please contact me at email@example.com if you wish to make a request.
How to complain
If you have any concerns about how I use your personal information, you can make a written complaint directly to me at firstname.lastname@example.org.
You can also complain to the ICO if you are unhappy with how I have used your data. The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk