Collecting personal data when we meet
If you meet me for a one-off consultation and we both agree to start working psychotherapeutically together, then I will give you a Therapy Agreement outlining my working methods and my terms of service. I will also request your explicit consent for holding your special category data. This will be a request for the details of your general practitioner (GP) and other relevant healthcare practitioners involved in your care. It also includes a request for the details of any relevant medication that you might be taking.
How else do I collect personal data?
• Depositor names may appear on my bank statements where electronic payments have been made
• Where applicable I will usually retain correspondence between you and I
How do I protect your personal data?
I treat your data with the utmost care and have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Assess to your personal data is restricted so that it is only accessed by myself.
All electronic records are password-protected and are backed up by an encrypted USB. All physical records are kept in a locked storage unit. Where possible all records are anonymised and kept electronically. All website interaction is secured using ‘https’ technology. I will notify you, and any applicable regulator, of a breach where I am legally required to do so.
How long will I keep your personal data?
I keep personal and special category data for the duration of each contracted therapeutic relationship and thereafter as required by statutory, legal, regulatory, government (eg HMRC), contractual (eg insurance) and governing professional bodies (eg BACP). I do not retain personal data for longer than is necessary.
With whom will I share your personal data?
I will not share, transfer or sell your personal data to any third parties for marketing purposes.
Professional third parties
When necessary, I may need to communicate your personal data to a health professional. I will not disclose personal data about you without your agreement except in situations where there is a significant concern about harm to yourself or others. Where possible, I will discuss this with you first.
Under some circumstances I am legally obliged to share personal data (eg a court order).
Emergency contact colleagues
In line with standard therapeutic practice and ethical requirements, I share your personal data (name and contact details only) with two members of my psychotherapeutic community who are known as Professional Executors. I do not share special category data. The sharing of personal data in this way is in line with the ethical and practice framework of The British Association of Counselling and Psychotherapy (BACP).
My participation in supervision with senior colleagues is in line with standard therapeutic practice. I do not share personal or special category data during supervision as per the ethical and practice framework of the BACP.
The GDPR gives you certain rights in relation to the data I hold about you. You can exercise these rights by contacting me on firstname.lastname@example.org. Under GDPR you can:
• Find out what information I hold about you
• Access a copy of the information I hold about you
• Rectify inaccurate or incomplete personal data
• Object to me processing your personal information
• Ask me to delete or restrict how I use your personal information
• Have your personal data sent to another data controller
• Complain to a regulator if you think I have not complied with data protection laws. You can lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/
Review of this policy notice
I keep this policy notice under regular review. This policy was last updated in January 2020