General Data Protection (GDPR) Privacy notice (effective from 01-01-21) In order to provide an appropriate service to you as my client I need to keep basic personal details and notes related to your therapy sessions. This privacy notice lets you know how I will store these details and for how long. It will give you the reassurance that your information is held in confidentiality and that your right to privacy is taken seriously.
I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), and am registered with The Information Commissioners Office (ICO ico.org.uk/). I also adhere to the ethical guidelines regarding protecting client privacy and confidentiality set by the British Association for Counselling and Psychotherapy (BACP) BACP Ethical Framework for the Counselling Professions
How will I use your personal information When you make the decision to begin therapy I will ask you to complete a personal details form which includes your contact details, emergency contact and the details of your GP. Your sessions are confidential and I will not routinely contact your GP to inform them that you are attending therapy sessions. I will only use your information to administer your therapy sessions. This may include confirming session times, cancellations, breaks etc. via your preferred method, I will only keep your personal details on record for as long as necessary. Records will be kept in an anonymised form, not mentioning names of you or others, referring to initials only.
Confidentiality The therapeutic relationship places the confidentiality of the relationship between client and therapist as paramount. As outlined in The BACP ethical guidelines above, there are occasions when confidentiality may not be absolute such as
When there is a risk to self or others
When a court order is issued requiring information to be supplied to a judge
Normally, such circumstances would be discussed with you beforehand though there are instances where this may not be possible.
How I will store the records I will keep brief anonymised notes of your sessions to help our work together. The notes I keep will be stored on a password protected computer using Googledrive secure cloud storage. Any written notes will be kept in a locked filing cabinet. There is a clear principle under data protection law that records should be kept no longer than necessary. However, there is also a need to keep records to help if you return for further therapy, or if you have an issue with the process at a later date; the latter is a legal requirement. Any dissatisfaction with therapy should be directed to How to complain about a BACP member Professional conduct procedure. Records will be kept for a period of 7 years in case of complaint but personal details will be destroyed when therapy ends.
Third party recipients of personal data I do not share personal details with anyone without specifically asking your permission: for example, contacting your GP. For accounting purposes, my accountant may view invoices which contain initials only. If your sessions are paid for my a third party eg your employer, only invoicing information will be shared which includes dates of sessions. Details of your sessions remain confidential and will only be shared with your written consent.
Complaints If you have a complaint about how I handle your personal data please do not hesitate to get in touch by email at email@example.com. If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint. Changes to privacy notice This privacy notice may be updated from time to time, so please check occasionally for any updates. Rachel Feaver 22-02-21