GENERAL DATA PROTECTION REGULATION (GDPR)
Introduction
Your privacy is very important to me, and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me.
To ensure the laws overseeing our personal data are fit for purpose, European regulators have created a series of new rules. The result is the mutually agreed European General Data Protection Regulation (GDPR), which came into force on May 25, 2018.
Privacy Notice
What data do I collect and why?
I use different methods to collect information; Paper and electronic. This information is collected, stored then destroyed as soon as it has served the purpose for which they were intended.
Paper Records:
-
I do keep a paper record of the following personal information which I collect directly from you during our second session, after you have agreed to ongoing counselling: name, date of birth, address, contact details, employment, name of GP/GP Surgery, age, gender, marital status, children (if any), medications currently prescribed, medical and mental health history, hopes for gains from counselling.
-
Copies of the signed contract and GP consent form.
-
Brief factual summary of the initial assessment and any relevant diagnostic information; periodic summaries; attendance, payment receipts, record of known risks, risk management plans, actions taken and any relevant correspondence (e.g. letters to GP); a copy of this document.
Electronic Records:
-
Encrypted Electronic table recording attendance, fees and payment.
Purpose of Paper and Electronic Records:
-
I keep a minimal set of factual data in order to provide a professional service.
Paper Notes:
-
Clinical notes for my own use, which serve as an aide memoire and are sometimes used in supervision.
-
Such notes do not constitute part of the permanent record and will be destroyed as soon as they have served the purpose for which they were made.
Purpose of Paper Notes:
-
The purpose of these notes is to help me think about the work and develop my understanding of the therapeutic task.
Electronic Communications:
-
If you contact me by e-mail, please note that you will be consenting to any information disclosed being collected and stored in encrypted format.
-
For reasons of confidentiality, I would discourage disclosure of clinical material via e-mail.
-
I do not store phone numbers or text messages on my phone once they have served their purpose.
-
If you pay by BACS your name may appear in my bank records.
How I use your information
Initial contact.
​
When you contact me with an enquiry about my counselling services, I will collect information to help me satisfy your enquiry. This will include your name, age, email address, contact phone number, availability and a brief description of the difficulty you are seeking help with from counselling.
Alternatively, your GP or other health professional may send me your details when making a referral or a parent or trusted individual may give me your details when making an enquiry on your behalf.
If you decide not to proceed, I will ensure all your personal data is deleted within two weeks unless you request that I keep your details on my waiting list. If you would like me to delete this information sooner, just let me know.
How and when I will share your data?
-
Very strict confidentiality is an essential prerequisite for counselling and your data will not be disclosed to any other party except under the following circumstances:
-
Anonymised discussion of case material in clinical supervision
-
In the case of grave risk to you or someone else, I may with your consent contact other professionals or law enforcement agencies, (e.g. seeking a medical opinion) if, on the basis of my clinical judgement, it is in your best interests to do so; in an emergency I reserve the right to contact other agencies even if it is against your wishes, if I believe that it is in your best interests, or in the best interests of any vulnerable person to do so; or under a legal requirement, e.g. terrorism, drug money laundering.
-
Disclosure of my Records and Notes may be ordered by a Court.
-
In the event of my serious illness or death I have appointed a trusted colleague to have confidential access to your record, for the purpose of notifying you and making arrangements for your further care.
-
My decision-making is guided by the principle that disclosure of your data can be damaging to the therapeutic process and that such disclosure will be avoided and resisted, except where clinical judgement deems it to be necessary.
-
You are entitled to request a copy of my records and notes under the terms of Data Protection Legislation (please see below regarding your rights.)
How I store data?
-
Paper records and notes are kept securely in a locked filing cabinet in my home office.
-
Electronic records are stored in encrypted format and only accessible via a password.
How Long do I Store Your Data?
-
Records - 7 years (NB a requirement of my professional indemnity insurance.)
-
Clinical Notes - Such notes do not constitute part of the permanent record and will be destroyed as soon as they have served the purpose for which they were made.
-
BACS records - indefinitely
-
Electronic Communications - deleted once they have served their purpose
Your Rights:
-
The right to access a copy of your data -written request; within 30 days.
-
The right to be forgotten - i.e. deletion or ceasing of your personal data collection, in certain circumstances.
-
Data portability - Data may be returned to you to pass onto another service provider (counsellor) of your choice, if required.
-
The right to correct your data.
I am happy to chat through any questions you might have about my data protection policy and to make a request for any personal information. You can contact me via enquiries@sueiveycounselling.co.uk
If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint.
My lawful basis for holding and using your personal information.
The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. I have explained these below:
If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information.
If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract.
The GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is that it is for provision of health treatment (in this case counselling) and necessary for a contract with a health professional (in this case, a contract between me and you).
Additional information for website owners and employers
Visitors to my website
When someone visits my website, I use a third-party service, WIX and Google to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. I do not make, and do not allow WIX and Google to make, any attempt to find out the identities of those visiting my website.
I use legitimate interests as my lawful basis for holding and using your personal information in this way when you visit my website.
I use WIX and Google analytics so that I can continually improve my service to you, you can read WIX privacy notice here https://www.wix.com/about/privacy
I use WIX as the content management system for our website - find out about WIX and data protection. https://support.wix.com/en/article/data-protection-regulations-and-your-wix-site
Like most websites we use cookies to help the site work more efficiently - find out about our use of cookies. https://support.wix.com/en/article/cookies-and-your-wix-site
No user-specific data is collected by me or any third party. If you fill in a form on my website, that data will be temporarily stored on the web host before being sent to me.