Privacy Statement
Data
I am registered with the Information Commissioner’s Office and abide by the General Data Protection Regulation (GDPR) 2016 and the Data Protection Act (DPA) 2018. I am the data
controller and processor for my practice, trading as Clarity Counselling and Supervision. You can find out more about the GDPR and the UK Data Protection Act here: https://ico.org.uk/
Under the GDPR I have a duty to make clients aware of the following:
Reason for collecting Personal Data/Information
I collect relevant personal information from clients and supervisees to enable an up to date record of contact information, in case of emergencies and for the ongoing work in the therapeutic or supervisory relationship.
Confidentiality
I adhere to the British Association for Counsellors and Psychotherapists (BACP), Ethical Framework for the Counselling Professions, BACP Ethical Framework for the Counselling Professions Supplementary Guidance: Working Online (GPiA 047), The following is made adhering to these guidelines.
Our sessions are strictly confidential, and the contents will not be disclosed beyond good practice guidelines, these guidelines refer to the following:
Under the BACP Guidelines and GDPR I am legally obliged to disclose information if you are involved in drug trafficking, money laundering, planning terrorist’s offences, any offence under the Proceeds of Crime Act, or if a Court Order has been made.
Retention and storage of personal data
​
Holding of personal data will be as minimal as is possible and will only be relevant to the provision of counselling or supervision.
Data stored electronically:
Email address – stored in Contacts and not identifiable as a client
Contact phone number – stored in mobile phone using code number only.
Text messages – Please be aware that of you chose to contact me by text, these messages will be deleted unless they contain significant information.
No electronic devices are shared, and are password and fingerprint protected.
Data stored as a hardcopy and handwritten information:
Significant emails, signed agreements and contact details are printed and stored in a dedicated locked cabinet, to which only I have access.
Electronic copies and messages received by email are destroyed.
Personal data/records of our sessions will be kept for up to 5 years after our work together has ended.
Your personal data will be disposed of by wiping any electronic files and shredding any
handwritten information. You can also request in writing that all data is destroyed during our contact, once our work together ends, or at any time thereafter.
Your rights under GDPR
You have the right to request access to your client record and receive an explanation of what is held within it.
You have the right to withdraw consent, to request erasure or correction of your client record, to request portability, or to object to or restrict collection and processing of your data.
You have the right to know the source/s of personal data not originating from yourself, and the right to not receive unsolicited marketing.
You have the right to be made aware of any automatic decision making processes (e.g, profiling) and any significance and consequence for yourself.
You will be made aware of any data breaches within 72 hours. You will be compensated for any damage or distress caused by the data breach.
You have the right to complain to the ICO (Information Commissioners Office) if you are unhappy with the data processing arrangements, and to engage representation from a not-for-profit body in doing so.
To summarise :
I collect, store and process personal information about you to enable me to run my practice. This information can include contact information, as well as information about your age, health (mental and physical), and where relevant, sexuality, domestic and financial arrangements and other special category data. I am able to collect this information upon the legal basis of "Legitimate Interests", as per GDPR regulations.
Your information is stored in a locked cabinet and/or password and encryption protected. I may use this information to track the progress of our work together or to receive reflection and guidance from my supervisor.
I will keep this information for 5 years, unless I have cause for concern about a young person under the age of 18, in which case records will be stored until the young person reaches the age of 25. When deleted it will be by wiping electronic files and shredding handwritten information.
You have the right to complain if you are unhappy about any of the above by contacting the Information Commissioners Office here: https://ico.org.uk/concerns/, although I trust that you will try to discuss this with me in the first instance.
In the event of something happening to me that prevents me from attending a session and from communicating with you directly - such as illness or death - then I have appointed a Therapeutic Executor (a fellow professional) who would be able to access your contact details to inform you.