I am registered with the Information Commissioners Office (ICO) which means I am required to tell you what data I am collecting from you as a client and what I intend to do with it under General Date Protection Regulations (GDPR) which came into effect from May 25th 2018
Data I keep and why I need it.
This is a document which is sent to you via email, and includes the following:
Contact details: including your home address, email address, phone number.
I use these details to contact you regarding your sessions and ask for a preferred contact method.
General Practitioner details:
If I became concerned that you or someone else might come to harm, I might need to contact your doctor. This contact would be discussed with you beforehand if at all possible.
Emergency contact name and number.
The name and contact number of the person you would like me to contact in an emergency. I would only make contact in the event of an emergency.
This is a paper document. It is a requirement of my professional organisation (BACP) that I keep notes while we are working together. These are brief and are assigned to a unique code. These notes may contain sensitive personal data. Any relevant information from our email or text message exchanges will also be recorded onto your paper notes.
Unique Identification Code
I log your name linked to a unique code on my personal computer. This information is used to keep a record of the number of clients I am working at a particular time and for accounting purposes. It is separate to your paper notes and contact information.
This is a paper document sent to you via email. This document is signed by you, the client, to give me permission to collect and store information.
Who will I share data with and for what purpose.
I will not share your data with any organisation unless:
My notes are subpoenaed by a court.
If I feel that you or someone else may come to harm.
My professional body requires that I appoint a Therapeutic Executor. This person is a senior colleague, who should an unfortunate life event mean I can no longer work with you, will be given access to your details in order to contact you.
How I store your data
Personal data I keep on paper is stored in a locked filing cabinet.
Your unique ID code is stored on my personal computer, which is password protected.
Data Retention and Disposal
Your paper data such as session notes and registration form may be kept for up to 6 years. After this time, they will be shredded. This is on the advice of my insurance company.
I do not normally record any session data electronically. In the event that data is stored electronically, it will be deleted after a period of 6 years or earlier at your request.
Email and text messages contact details will be stored and password protected indefinitely unless you request otherwise.
Under GDPR you are entitled to the following:
Right to be informed.
Regarding how your data is held, for how long and of any breaches of data confidentiality.
Right to Access and update records.
You have the right to ask for a copy of the personal information I hold free of charge and to receive this within 30 days from request. You also have the right to ask me to amend or change any incorrect information about you.
Right to be forgotten and restrict processing.
You have the right to ask me to delete any information that I hold about you. Please note that it is not an absolute right to be forgotten if I am legally obliged to keep records, for example financial records must be kept for 7 years.
You have the right to receive your personal information and to transfer this information to another party.
Please contact me Natashe Connor who is the data controller at this practice by email, if you would like to exercise your rights listed above. If you have concerns about potential personal data breach, please contact me in the first instance. For further information please contact the Information Commissioner’s Office on 0303 123 1113.
I am registered with the Information Commissioner’s Office as the data controller for my practice.
If you do not consent to me using your data in this way, due to GDPR constraints, it is unlikely that I will be able to work with you.
GDPR (data protection) requires me to tell you what happens to your information in more detail when using an internet service from a third party.
General Enquiries (non-clients)
Contact details captured during enquires made to me that do not result in the enquirer becoming a client will be destroyed within 7 days.
My website is used to advertise my services only no personal information is gathered or stored on the hosting platform.
I do not knowingly communicate with clients through social media.