PRIVACY STATEMENT AND DATA PROTECTION
I am registered with the ICO (Information Commissioners Office) which means I am required to tell you what data I collect from you and how I store and share it (copy of my ICO registration available on request).
What happens on an initial enquiry?
On clicking ‘complete here to email’ the data asked from you is your name, contact details and brief details of your enquiry. This is received into a business gmail account which is password protected and accessible only by Harmonious Counselling. Alternatively you may opt to call and if leaving a voicemail I confirm that my work phone is code protected and only accessible by me.
A two page document where information regarding your occupation, relationships (family and friends), current medication, general well-being (diet, alcohol, drug usage), mental health (suicidal thoughts, traumatic events, significant life events) and your goals / expectations of counselling are gathered.
A five page document sent to each individual prior to the assessment requesting; reasons for coming to counselling; current feelings within relationship; impact of relationship on mental health (i.e. medication, alcohol intake, physical / verbal abuse, traumatic events, significant life events whilst in relationship), current concerns in relationships, relationship history and what you are hoping to gain from couple counselling.
Once you become a client, the data you will be asked for in the contract, how I store it and when it may be shared.
Name, address, phone number, date of birth, GP/surgery, medication and who to contact in the event of an emergency.
This information is required so I can work ethically and safely knowing that our relationship is supported and, if for any reason I needed to contact you, or if I was worried about you, or in the event there was a medical emergency during our sessions, that I have the appropriate information to act in your safety (duty of care). Of course I would always discuss this with you before going ahead and contacting anyone, unless at the time you were unable to give consent.
Will I share your data and, if so, who with and for what purpose?
As a BACP member I am supervised to enable all aspects of my work to be discussed ensuring I work ethically at all times. In supervision, if you are mentioned, you will only ever be discussed by your christian name promoting confidentiality.
Additionally, I pass all my client’s christian names (with telephone number) to my counselling supervisor once a month so, in the event of an emergency, you could be contacted.
Outside of supervision, your data will only be shared on a ‘need to know' basis. I will not sell it or use it for unethical reasons. I may have to share it if my notes were subpoenaed by court. I may have to share it if you, or anyone you tell me about in our sessions, is at harm of risk. In these cases, I may have to pass this information onto your GP or to the police. Again, I would always discuss this with you before going ahead and contacting anyone, unless at the time you were not able to give consent (subject to confidentiality in signed contract).
As discussed in our initial session, and signed in your contract, if you disclose law breaking activities (currently terrorism, money laundering and drug trafficking) then I will share your personal information with the police.
How will I store your data?
Your data is kept on paper in a locked filing cabinet. You are manually assigned a reference number and your contract is kept away from your bullet point notes so you can never be identified. Your phone number is kept in my work phone which is code protected. Your email address is kept in my Gmail work account which is password protected.
Client documents held
Paper - Contract. GDPR agreement. Brief bullet point session notes.
Electronic - Christian name and telephone number. Email address.
How long will I store your data and how will I dispose of it?
Current law and my insurance company dictate that I keep your signed contract and brief bullet points of our sessions for 7 years after which time your notes will be confidentially shredded.
After 1 month your telephone number will be deleted from my work mobile.
Your rights under the GDPR
You are entitled to be informed on what I keep and to have access to your information, and make any corrections. You can withdraw your consent at any time on my using your personal information (in which case our work would terminate as I would not be insured to continue working with you). And you can request I delete your information (although I cannot guarantee this as it may be needed for insurance purposes).
In your first session, along with your contract, you will be asked to sign a copy of my General Data Protection Regulation Policy (GDPR) to confirm you are aware of the data I have collected, what will be stored and how it may be shared.