General Data Protection (GDPR) Privacy notice (effective from 01-01-21) In order to provide an appropriate service to you as my client I need to keep basic personal details and notes related to your therapy sessions. This privacy notice lets you know how I will store these details and for how long. It will give you the reassurance that your information is held in confidentiality and that your right to privacy is taken seriously.
I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. I also adhere to the ethical guidelines regarding protecting client privacy and confidentiality set by the British Association for Counselling and Psychotherapy (BACP) BACP Ethical Framework for the Counselling Professions
How will I use your personal information When you make the decision to begin therapy I will ask you to complete a personal details form which includes your contact details, emergency contact and the details of your GP. Your sessions are confidential and I will not routinely contact your GP to inform them that you are attending therapy sessions. Very occasionally, if I feel that you are at risk, it would be necessary to involve your GP but this is something that I would always endeavour to discuss with you beforehand if I feel that it may be necessary. I will only use your information to administer your therapy sessions. This may include confirming session times, cancellations, breaks etc. via your preferred method, I will only keep your personal details on record for as long as necessary. Records will be kept in an anonymised form, not mentioning names of you or others, referring to initials only.
How I will store the records I will keep brief anonymised notes of your sessions to help our work together. The notes I keep will be stored on a password protected computer using Googledrive secure cloud storage. Any written notes will be kept in a locked filing cabinet. There is a clear principle under data protection law that records should be kept no longer than necessary. However, there is also a need to keep records to help if you return for further therapy, or if you have an issue with the process at a later date. Any dissatisfaction with therapy should be directed to How to complain about a BACP member Professional conduct procedure. Records will be kept for a period of 6 years in case of complaint but personal details will be destroyed when therapy ends.
Third party recipients of personal data I do not share personal details with anyone without specifically asking your permission: for example, contacting your GP. For accounting purposes, my accountant may view invoices which contain initials only. If your sessions are paid for my a third party eg your employer, only invoicing information will be shared which includes dates of sessions. Details of your sessions remain confidential and will only be shared with your written consent.
Complaints If you have a complaint about how I handle your personal data please do not hesitate to get in touch by email at firstname.lastname@example.org. If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint. Changes to privacy notice This privacy notice may be updated from time to time, so please check occasionally for any updates. Rachel Feaver 22-02-21