This privacy notice explains how I process data in compliance with the General Data Protection Regulation (GDPR) of 2018.
I am a Data Controller registered with the Information Commissioners Office under reference A8775927. I am committed to protecting your personal data and collecting only the data that is needed, processing it in a fair, transparent and lawful manner, keeping it no longer than necessary and thereafter securely destroying it. I have implemented appropriate physical, technical and procedural measures to protect your personal data from improper access, use, alteration, destruction and loss.
The lawful basis under which I process personal data is called ‘contract’. You are entering into an agreement with me for the supply of a service – counselling – and I am processing your data in order to either provide that service or to respond to your request to determine if the service is appropriate.
Some of the information you may disclose to me is considered ‘special category’ data. This is sensitive information that might include data about, for example, your health, mental health, sexual orientation, religious and political beliefs and so on. I take extra care with this kind of information. The lawful basis under which I process special category data is that I am providing a health and/or social care service.
I will never sell or share your personal data with other organisations for marketing purposes. I do not use any form of automated profiling or decision-making.
What information do you collect?
I will collect several types of information about you and in several different ways.
For instance, if you visit westkentcounsellor.co.uk, I will collect the following information about your visit: I.P. address, location, search engine, date, time, web pages visited, operating system, and device.
If you contact me via the web form on westkentcounsellor.co.uk, I will collect the following information: name, email, phone number, address, date, and time.
Before committing to provide you with counselling, I will ask you to provide me with the following information: name, email, telephone number, availability, therapeutic issues, personal, social, medical and financial circumstances, and other details relevant to deciding whether we can work together.
Once we have agreed that counselling with me is right for you, and your therapy commences, I will collect further information from you such as: your address, G.P. contact details, previous therapy, current medication, previous criminal convictions, network of support, financial and employment circumstances, health and physical issues, alcohol and drug use, appetite and sleep, and overview of your family situation.
Other information I may collect/process regarding clients:
Brief written session notes made in anonymised form, identifiable only by unique client codes;
anonymised records of creative work we may have used in our work together;
anonymised monitoring information, identifiable by unique client codes;
Where do you keep this information?
All personally identifiable written information is stored in a locked filing cabinet at my home. I hold session/counselling notes separately from personal and identifying information in an anonymised format.
I store electronic information in a password protected and encrypted format (including email, telephone numbers and text). I keep contact details only on a password protected mobile phone and phone numbers are anonymised.
Who is this information shared with?
My written notes are not shared with anyone. I have regular supervision with supervisors, and these are the only people with whom I talk about my work. Supervisors are bound by the same terms of confidentiality as I am. Clients are identified by first name only. In the event of my becoming incapacitated in some way, a supervisor is able to access only the contact details of my clients.
Some of your personal information may be shared with your G.P., or other healthcare professional, under certain exceptional circumstances. These include the requirements of a court of law, the threat of serious physical harm to you or to others.
Some of your personal information such as website visits, telephone call data, or payment information, is shared with the website provider, mobile phone operator, or card payment provider respectively. These providers operate under their own privacy policies, and these can be provided upon request.
Data storage, retention & disposal
I hold data for 5 years after a client’s last contact with me, in line with insurance requirements and GDPR. After this time, data is disposed of securely and confidentially.
What are my rights?
If you would like to see the information I hold about you, or would like to correct, update or delete any records, please email me at firstname.lastname@example.org. Please also email me if you have any concerns about my use of your data. I will try to resolve any concerns, but if these are not resolved to your satisfaction, you may choose to contact the ICO.