This privacy statement sets out my responsibilities and your rights in collecting, storing and sharing data about you. All details about you are collected and stored in accordance with the General Data Protection Regulation 2018 (GDPR). This privacy statement refers to any written documents, hard copies, electronic data notes, Emails, text messages, social media communication.
I am registered with the ICO (Information Commissioner’s Office). I am the data controller for Counselling and Psychotherapy with Nicola. My registration number is:ZA579417. I abide by the regulations imposed by such procedures. Counselling and Psychotherapy Services is collecting your personal details; name date of birth, address, telephone number, email address, GP details and emergency contact details.
What data do I Collect and why do I need this data?
Name and date of birth are kept to identify you and may be used if I need to contact you, your GP or if you request a report/letter.
Address, phone number, email address is kept to be able to make contact with you and may be used to identify you if I need to speak to your GP or if you request a report/letter.
GP details are kept for any concerns relating to your welfare. I will endeavour to always ask for your consent to contact your GP. This is discussed within the confidentiality section of your counselling contract.
Emergency contact details are collected in case I am concerned about your welfare. This is discussed within the confidentiality section of your counselling contract.
During our first session we will also complete a mental health assessment which will ask our questions about you and your life. This is to identify any difficulties, to be able to plan interventions and to assess if I am suited to your needs.
I keep a spreadsheet on a password protected laptop of current client’s names, together with phone numbers, allocated reference numbers, dates of sessions and payments, this is for accountancy and cross reference purposes. This spreadsheet will run for each current financial year, and at the end of the financial year, will be amended to only show clients’ reference number and first name, your surname and phone number will be deleted and this spreadsheet will be retained for Accountancy purposes. No one else has access to this laptop.
I may produce process notes to aid memory.
I keep a diary with your first name and date of sessions.
Records of client agreements to be able to release information to third parties.
If your counsellor needs to write down and record in writing anything of a serious nature your counsellor will explain why they have done this and what will happen to that information.
How your data is stored
All client records; personal details, notes, assessments, client agreements to contact third parties, counselling pre-agreements and contracts are stored securely in a locked filing cabinet. Any electronic client records; personal details, notes, assessments, client agreements to contact third parties, counselling pre-agreements and contracts are securely stored on a password protected laptop. No one else has access to this laptop. You will not be identified in any process notes, and they will not be stored alongside personal details. As recommended by the BACP, all client records will be stored for 5 years from the date of our last session, after this time they will be securely destroyed, unless you are under the age of 18. Any children's records will be kept for 5 years after they turn 18 years of age.
My laptop is up to date with virus protection and firewall software. If my laptop malfunctions and it is not fixable, I will destroy or remove the hard drive and do so with any other devices used so that it is not accessible by a third party.
Your telephone number is stored securely on a password protected phone. When storing your number, I only use your first name. If my phone is lost I can any delete your details through online services. Your name and telephone number are stored on a password protected mobile phone. At the end of our counselling sessions your name and telephone number will be transferred to a spreadsheet on a password protected laptop. My phone will retain summary records of calls made to or from your number (date and duration) and any recorded messages may be stored for three years. If we agree to communicate by text or by email, these records may be kept for the same duration of three years.
My mobile phone is a smart phone and could therefore also have your texts, and email and email address available on it. No one else uses my laptop or smart phone. My phone is used for appointments only and I will only respond to arrangements regarding appointments. If we use Zoom it permanently deletes all text-based communication. Zoom has encryption, to support protecting the session’s video, audio, text and screen sharing. This content is protected with the Advanced Encryption Standard (AES) 256 using a one-time key for that specific session when using a Zoom client. Zoom is Hipaa compliant and has stated that they do not store data on company servers.
Your email address is stored securely in my email account. My laptop is password protected. Microsoft processes all emails and subject to their privacy policies. Please remember that online, video call, instant messaging, email and telephone counselling may not be 100% secure due to using the services of a vendor/third party applications. Email accounts can be hacked or cloned.
Microsoft processes all emails and subject to their privacy policies.
When going online a digital footprint can be left. A digital footprint is a trail of data you create while using the Internet. It includes the websites you visit, emails you send, and information you submit to online services. A passive digital footprint is a data trail you unintentionally leave online. A few examples of active digital footprints include posting on social media platforms such as Facebook, Instagram and Snapchat. Filling out online forms, such as when signing up to receive emails or texts. Agreeing to install cookies on your devices when prompted by the browser. An example of a passive digital footprint is when websites that install cookies in your device without disclosing it to you. Apps and websites that use geolocation to pinpoint your location. Social media news channels and advertisers that use your likes, shares, and comments to profile you and to serve up advertisements based on your interests. Some websites have produced information to take control and even clean up your online digital footprint. Some examples include, changing your privacy settings, check out what data your device is collecting or change permission for apps and websites.
It is your responsibility to make sure that your Antivirus Software is updated. Antivirus software is a data security utility which is installed in a computer system with a purpose of protection from viruses, spyware, malware, rootkits, Trojans, phishing attacks, spam attack, and other online cyber threats.
Sharing your data
I will not share your data with any third party without your consent. However, there are exceptions to the limits of confidentiality I hold as a counsellor (details of confidentiality exceptions are listed within the confidentiality section of the counselling contract). In addition, in the event that I can no longer provide a counselling service to you due to a sudden serious illness or my sudden death I have in place a trusted colleague who will make contact with you either via email or by telephone.
If you make your payment to me directly into my bank account, your name will appear on my bank statement, therefore this information is shared with my bankers, and possibly your bank account details will be known to NatWest Bank (my bankers).
I submit my own financial accounts to the HMRC. If the bank decides to conduct an audit, I have to produce my bank statements to them. If you have paid through the bank then your name will be on these bank statements.
A coroner can request access to client data if a client unfortunately dies.
· The right to request a copy of your personal data in which I hold. A formal request is required for the above.
· The right to ‘data portability’ (where applicable)
· The right to object to the processing of personal data (where applicable)
· The right to ask me to correct any personal data if out of date or inaccurate
· The right to withdraw your consent to the processing of your data at any time
· The right, where there is dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
· The right to lodge a complaint with the Information Commissioners Office (ICO).
· The right to request your personal data is erased (where applicable). There are excemptions to this for example, ethical bodies and insurance companies ask for records to be available for the period of time as outlined above. In addition, for clients under the age of 18, records are kept for 5 years after the child turns 18.
Disclaimer: Whilst I do my best to research vendors/third party applications there may be a risk to confidentiality. Therefore, online, video call, instant messaging, email and telephone counselling may not be 100% secure due to using vendors/third party applications. Third parties become the data processor when using their applications.
I can be contacted through email firstname.lastname@example.org or telephone 07496529493. You can contact the Information Commissioners Office on 0303 123 113 or email https://ico.org.uk/global/contact-us/email/