Who is the Data Controller:
What personal client data do I hold?
Client contact details, client emails, anonymised client session notes, client next of kin and/or emergency contact details (where appropriate), client GP details. With the exception of client emails (those sent from the client), all other data is stored using secure analogue storage. Emails are encrypted and password protected.
Where the data came from:
Client self-referral, Counselling Directory (www.counselling-directory.com), British Association for Counselling and Psychotherapy (www.bacp.co.uk), Counsellor referral.
Who I share it with:
I do not share your personal information with any third party, with the exception of certain circumstances in which data must be shared (please see this section below) and with regards to my Counselling Will (please see Counselling Will section below).
What I do with it:
The client’s personal information and session notes are stored separately and securely, double locked. Only I have access to them. Emails and phone messages are password protected.
Is the Data Controller registered with the Information Commissioner’s Office (ICO)? No. The reason for this is with the exception of emails and phone messages sent by the clients, no client information is stored digitally.
How I ask for and record consent:
I explain to the client during the first assessment session, that I am required to keep client notes for statutory and insurance purposes and as per the code of ethics, outlined by the British Association for Counselling and Psychotherapy (BACP), which I am a registered member. I ask each client for their permission to store and keep data about them, which is stated in the client contract form and that all client information is securely stored.
How long are records kept:
Client records and personal information are stored for a maximum of 6 years after a client has ceased counselling. If a client attended counselling before the age of 18 years old, records must be kept for 6 years following the client’s 18th birthday or when the client has ceased counselling, whichever is later. After this time the client’s files are securely destroyed.
Legal basis for processing personal data:
I am required as a member of the British Association for Counselling and Psychotherapy (BACP) and by my insurer, to store and keep client contact details and client session notes.
Circumstances in which data may be shared with other agencies:
There are some situations where confidentiality can be broken, these situations are uncommon but if the situations detailed below are disclosed to me this may result in me breaking confidentiality:
- Immediate risk of substantial harm to self or others;
- Under a legal requirement, e.g. disclosure of illegal act, information relating to terrorism; or via court order for disclosure.
- Written permission given by client to disclose information.
Depending on the particular circumstance, I would always aim to discuss this with the client before taking any action wherever possible.
As part of my service to clients and in accordance with good practice guidelines, I have a Counselling Will. This means on the event of me becoming incapacitated, a trusted BACP registered colleague would gain access to current client contact details for the sole purpose of informing the client of my incapacitation and to offer support when/if possible. No other details or records will be shared.
If you would like to opt out of this service, you may do so at anytime.
Request for personal data:
You, as the client, have the right to: access a copy of your personal data and/or request a correction and/or erasure in certain circumstances, request limiting or ceasing data processing where applicable and a right to compensation for substantial damage or distress caused by data processing where applicable. Any request for your data will incur no fee and will be met by myself within 30 days.