I am registered with the ICO (Information Commissioners Office) as a data controller, my registration number is Z3665632.
If you are not happy with the way I use your data you can complain to ICO at www.ico.org.uk or phone them on 0303 123 1113.
I make every effort to keep all information confidential. Your personal information is stored securely and confidentially.
What information do I collect about you?
If we decide to work together, I will collect from you your:
Date of birth
On my website, if you fill in my contact form, I will collect the information that you fill in as well as the message that you write. This is sent directly to my email address by my website provider, Wix.
Why do I collect this information?
The legal basis for collecting information about you is because this is necessary for me to supply my service to you.
I collect your telephone number and email address so that I can contact you about future sessions, for example if I have an emergency and need to cancel a session.
Your name and address are collected as I would need these details as an identifier if I ever needed to contact your GP or the emergency services. Times I would need to do this are outlined below (under ‘Sharing information’).
I do not use your address, telephone number or email address for any form of marketing. I would use your email address or home address to send an invoice to if there was any non-payment for sessions.
How do I keep this information secure?
I use an encrypted, secure, GDPR compliant, online-based note keeping system called BAC-PAC (by Mayden) to store contact information and client notes. You can read more about BAC-PAC and its security here.
I scan our signed paper counselling contract, and store it in BAC-PAC, and then destroy the paper copy.
I keep notes of the content of our sessions, as well as contact that we have had outside of sessions (emails, texts etc), and store these in BAC-PAC. I delete text message content from my work mobile once I have transferred this to BAC-PAC.
In line with my insurance policy and guidance from BACP (British Association for Counselling and Psychotherapy, my governing body), I keep these notes for 7 years after we have finished working together.
The information disclosed during the course of counselling, and the fact that you are coming to counselling, is confidential. However there are some exceptions:
1. It may become necessary during our work together for me to break confidentiality for safeguarding reasons, serious harm to self or others, acts of terrorism or drug trafficking/money laundering. Your information may be shared with health professionals & emergency services as appropriate. This is the reason that I ask you for your GP details and your home address.
2. Clinical will. In the event of my death or becoming suddenly unable to work, the access details to my secure storage system containing name and contact details of my current clients will be given to my named executor. This is to enable my executor to make contact with you about my situation and to discuss counselling options going forward to maintain your safety. My executor follows the same confidentiality system as me, and will introduce themselves to you as my executor.
I may be required to share information in your notes if I am issued with a court order.
I will share your information with other medical or legal professionals if you ask me to.
Right to Access
You have the right to ask for a copy of your personal information, free of charge, in an electronic or paper format. You also have the right to ask me to amend or change any incorrect information about you.
Right to be Forgotten
You have the right to ask me to erase any information that I hold about you. This includes your personal information that is no longer relevant to original purposes, or if you wish to withdraw consent. In all cases and when considering such requests, these rights are obligatory unless it’s information that I have a legal obligation to retain.
As the client, you have the right to receive your personal information which you previously provided, and also have the right to transfer that information to another party. For the purposes of the General Data Protection Regulations (GDPR) 2018, the data “controller” is Helen Robertson Counselling.