Statement of Intent
This policy is set out in detail on how I will handle your data. This policy ensures that any personal details submitted to me are processed and stored securely when you contact me and the lawful basis under the Data Protection Act 2018 and the General Data Protection Regulations (‘GDPR’) that permits me to do so. The Data Protection Act and General Data Protection Regulation aims to protect individual’s fundamental rights and freedoms, notably privacy rights, in respect of personal data processing. The Act applies to paper and electronic records held in structured filing systems containing personal data, meaning data which relates to living individuals who can be identified from the data.
Data protection operates by giving individuals the right to gain access to their personal data. This is done by making a subject access request in which they are entitled to:
As a data controller I must not hold data for longer than required. Persons have the right to inspect and receive a copy of all data regarding them. Persons have the right to apply to be forgotten. Once an application regarding erasure of information has been received, I will respond within 1 month and delete all of the data related to that person (unless required by law to retain any documents). I process personal client information on a secure and password protected computer and am registered with the ICO as a data protection officers.
Purpose of the Policy
I recognise confidentiality and privacy are very important. From 25th May 2018, under the General Data Protection Regulations, I am required by law to inform you how I keep safe the data you provide and how I hold this data. I am bound by the British Association for Counselling and Psychotherapy’s code of ethics (BACP). I am required to gain your explicit consent to holding your data in certain ways.
My aim is to:
The types of personal data I collect and use
I will keep client data you provide so that I can work safely and professionally following the BACP Ethical Framework. Under GDPR you have the right to know what client data I hold, why I hold it, and for how long. The client data that I hold may include:
All information you provide is stored securely on a password/code protected computer with up-to-date antivirus software. Any payment transactions via your bank will only be identified by an anonymised client reference number and no other information will be required or shared.
Unfortunately, the transmission of information via the internet cannot be completely secure. I have in place security measures to protect your personal data, but I cannot guarantee the security of your data particularly by email; any transmission is at your own risk. If there had been a data breach of your personal information I am obligated to let you know. Your contact details are kept in an electronic format on my laptop and mobile. My laptop and mobile is password/code protected. My professional liability insurer advise I keep session notes for up to five years after the relationship has ended and for clients under the age of eighteen their records will be kept for five years after their eighteenth birthday. After this time, they will be shredded. I may delete your data when we have finished our work together, unless there is a possibility we will work together again in the future.
Controlling your personal information
I do not share your personal information with anyone else unless in pursuit of counselling on your behalf and only then if I have your permission to do so. In exceptional circumstances I may be required by law and my ethical responsibilities to break confidentiality with you. I would discuss this with you first wherever possible but if you do not give consent I may still have to disclose information. This relates to situations where you may be at risk of harm, causing harm to others, the safeguarding of children and adults at risk, offences under the Prevention of Terrorism Act 2000, serious crime under the Serious Crime Act 2007, drug trafficking or money laundering and road traffic accidents under the Road Traffic Act 1991 where I am under legal obligations.
This policy was updated on 18th January 2022, and will be reviewed on a regular basis.