I aim to be fully compliant with current GPDR legislation and to let you know how I use and protect the data you’ve given me. GDPR replaces the previous Data Protection Act. I wish to be transparent with regard to the processes I have in place. Identifiable information, if shared, will only be used in accordance with this privacy statement. I follow guidance from my governing bodies UKCP and my insurers Towngate.
As a private practitioner and supervisor, I’m considered the data processor and controller in my practice. As the data controller, I process some of your personal data. During the assessment process information such as next of kin, family members and medication are gathered and held. This is encrypted (if digital) and securely stored. No one but me can access this information.
Data Processing means obtaining, recording or holding information. The definition is very wide, and most of what I do involves a degree of processing. I process the personal data I have collected as controller. I maintain records of personal data and processing activities and hold responsibility should there be a breach.
This is a primary concern and is separate to other terms and conditions. As my client, you can withdraw consent at any time. I hope to offer you choice and control. As a therapist and supervisor who occasionally uses creative interventions, I want to ensure you know that any drawings or art done in session is yours. I will store this material safely and dispose of it in a timely manner. I will never use any of your data/artworks for writing, publishing, research or training purposes.
I have bi-weekly ongoing supervision for support/creative inspiration and to ensure that my practice is safe. When I share client material or images this is always done confidentially, protecting your identity. Nobody but me has access to any of your data. I will keep this process under review and refresh it if anything changes.
I keep notes on the ongoing work that I do with clients, but only use initials to identify people and I keep these notes minimal. I hold notes for five years. After this time frame, they're disposed of securely. You have a right to see the information I hold about you should you wish to. You have a right to change any information which you consider to be incorrect. You can also ask me to delete all/any of the information that I hold. There are however some details I need to keep due to legal and professional obligations.
I promise to keep all sensitive data safely. This involves using passwords and encrypted documents. I keep all sensitive data in a lockable file. I dispose of data by shredding documents after the counselling has finished after a 5 year window. I dispose of emails on a regular basis.
While we work together I will store your name and phone number on my smartphone. I will only contact you in response to you or concerning appointments. I do not engage with clients through any social media.
In the event of a complaint.
Please contact me directly. If we cannot resolve this you could then contact the Information Commissioner Office ( ICO). I am registered with them and my reference is ZA257108 (A8189801). https://ico.org.uk/concerns/handling/ or Guidance for GDPR Compliance.
In compliance with my membership of the United Kingdom Council for Psychotherapy, I am required to hold an up-to-date Professional Will. In the event of a sudden cessation of my therapy practice eg through an accident or death, I have appointed 2 Professional Executors and a Co-ordinator who would manage things on my behalf. This is arranged for your welfare as my client and every step is taken to ensure GDPR standards are met. The Exectors and Co-ordinator have access to a password protected document with the names and contact details for all my clients. However they are instructed only to view these details in the event my becoming incapacitated.