How I Collect and Store Your Personal Data
I may collect and process your information as follows:
1 Information that you provide by filling in forms for our counselling or training services.
2 Contact details when telephoning us and other data
3 Email correspondence, which is periodically deleted if you are not a client but stored in folders if you are.
4 Personal data you provide via a confidential questionnaire on paper or by email, which is used by a therapist to fulfil your counselling assessment.
5 Communications regarding your ongoing care, including emails plus reports, which have been prepared at your request.
Details of awards fulfilled by training delegates.
I use only the data, which has been provided by our clients to provide the Service that you have requested from us. This means that the legal basis of our holding your personal data is for legitimate interest. We are happy to provide any additional explanation needed. Any requests for this should be sent to email@example.com. We keep our Privacy Notice under regular review;the last being April 2018.
If I need to keep more information, it would only be with your express consent in which case the legal basis of holding this information is consent.
Retaining your data allows us to process any complaint you may make. In this case the legal basis of our holding your personal data is for contract administration.
Communications between therapists and their clients must be retained according to the rules of our Regulatory Authority for 7 years for adults 30 years for children.
We ensure the information we hold is kept in secure locations with restricted access to authorized personnel only. We have put in place suitable physical, electronic, managerial and reasonable security procedures to safeguard and secure the information we store. We ensure external data processors that support us are legally and contractually bound to operate and prove security arrangements are in place where data that could or does identify a person are processed.
We protect personal and confidential information held on equipment such as laptops or handheld devices with encryption.
Security of our website and computer systems is of utmost importance to us. Our website uses software to provide high-
Every individual has the right to see and have a copy of personal data that can identify you.
You can make a subject access request in writing to firstname.lastname@example.org or to the therapist you have asked to see. We shall respond within 30 working days from then. Our response will include the details of the personal data we hold on you including: how we acquired the information, why we keep it and those with whom we have shared it, if this was subject to your consent.
You have the right to ask to have your information corrected or updated where it is no longer accurate. The right to ask us to stop keeping your information provided that we aren’t required to do so by law or in accordance with Professional Regulatory Guidelines.
If you would like to invoke any of the above rights, write to Jennie Wickenden-
Our data role
We act as a data controller for use of your personal data to provide the service you have requested. We also act as a controller and processor for processing your data to other healthcare providers such as a GP or Consultant with your consent
Do you share my information?
Within the mental health sector, we follow the common law duty of confidence, which means that where identifiable information about you has been given, it is treated as confidential and only shared for the purpose of providing direct care. We are committed to ensuring that your information is secure and not disclosed to third parties in accordance with the requirements of the General Data Protection Regulation.
We share your data only with your consent, such as writing a confidential report to a specified professional. The exception to this would be in the event of a complaint; we would provide information as required to our Registrant Body, in our case, the British Association Counselling & Psychotherapy or EMDR Europe.
We seek your consent before sharing your information with another healthcare provider.
However, we may use your data where there are overriding safeguarding issues. For example, if we think your life is in danger we may pass your information to an appropriate authority such as social services in the case of a child or vulnerable adult, or a GP. We may use your data if there is a legal requirement such as a formal court order. In this event we are using the legal basis of vital interests.
Any contractors such as accountants that provide a service to act for us as our agents, act on the understanding that they keep data confidential.
What safeguards are in place to ensure data that identifies me is secure?
We only use information that may identify you in accordance with GDPR. This requires us to process personal data only if there is a legitimate basis for doing so and that any processing must be fair and lawful. If we use your data for marketing purposes such as newsletters, this would be subject to you giving us your express consent.
We will protect your information, inform you of how your information will be used, and allow you to decide if and how your information can be shared.
How long do you hold confidential information for?
All records held by us will be kept for the duration specified by guidance from our professional association (BACP) or The Registrant Body of your therapist.
Website technical details
If you have a complaint regarding the use of your personal data then please contact Jennie Wickenden-
If your complaint is not resolved to your satisfaction you can approach the Information Commissioner’s Office
Jennie Wickenden Walsh