Privacy

 

General Data Protection Regulation Policy

 

The General Data Protection Regulation (GDPR) is concerned with the personal information about you that I collect and process. This privacy notice describes what personal data of yours is collected and why, how it is stored and shared, and your rights related to your information, in line with the regulation.

 

Lawful basis for processing your information:

 

The lawful basis for processing of your information is in relation to the delivery of a contract to you as a health care professional. As a member of the British Association for Counselling and Psychotherapy (BACP) I operate under a strict code of confidentiality.

 

Personal information I will collect:

 

  • Name

  • Gender (or preferred identity)

  • Date of birth

  • Family and significant relationships

  • Occupation

  • Address

  • Telephone number(s) (plus permission to send an SMS and/or leave a voice message)

  • Email address (plus permission to send emails to you)

  • Telephone and/or email address of any third party paying for sessions

  • Counselling/psychotherapy history

  • GP name and contact details

  • Telephone number of someone who can provide company or support to you if necessary – video/phone counselling only

  • Medical conditions relevant to counselling

  • Prescribed medication relevant to counselling

  • Details of other professionals and organisations providing support to you

  • Presenting difficulties

  • Significant life events and family history relevant to counselling

  • Session summary (After each session I will keep a short record of the content)

 

I will also ask and record how you heard about my services. This is not necessary for our work together and you are free to refuse to say how. I use this data to evaluate advertising or directory entries I have purchased.

 

How your personal information will be stored:

Storage methods:

 

  • Paper: I store the paper documents listed below securely in a locked safe and/or filing cabinet. When I transport paper documents between locations I carry them in a bag that has a combination lock. I will use a four-digit client code on documents relating to you to link them together.

 

  • Phone: I use an Android One smartphone that is solely for my counselling work. The smartphone is secured by fingerprint identification and receives regular security updates. I will store your phone number in my contact list along with a four-digit client code rather than use your name or any information that could directly identify you. I will delete the logs of our calls, SMS messages and voicemails on a regular basis and on our work ending together. I will also delete your phone number on our work ending.

 

  • SMS/WhatsApp: Electronic correspondence will be held in my phone’s SMS app or WhatsApp app should we exchange messages this way. I will delete all correspondence stored there on a regular basis and on our work ending together.

 

  • Email: Your email address and correspondence will be stored in my practice Gmail account by nature of you contacting me or vice versa. I will use Gmail when responding to website queries. I will delete all correspondence stored in my Gmail account on a regular basis and on our work ending together. Gmail encrypts messages, so that it cannot be read by a third party in transit. Gmail as part of Google is covered by the EU-US privacy shield https://www.privacyshield.gov/list.

 

  • My website: If you contact me through the contact form on my website, hosted by Wix, the information will be forwarded to my Gmail account. A copy of the information will be held in my website account temporarily but I will delete this on receipt of the information in my Gmail account.

  • Video counselling: For video counselling I use doxy.me, which is a GDPR and HIPAA compliant video calling software. Doxy.me does not store personal identifiable information about you and has an active EU-US privacy shield certification.

  • BACS: If you (or a third party) choose to pay for your session by bank transfer my bank will record the transactions, and the payment will be recorded on my bank statement.

 

Documents that I will hold:

 

Paper:

  • Client contact information form

  • Third party contact information form

  • Therapy agreement

  • GDPR privacy notice

  • Assessment form

  • Brief notes on each session

  • Any cause for concern or safeguarding forms

  • Copies of additional documents, such as letters, related to clinical matters

  • Duplicates of receipts of cash payments with four-digit client code written on them

  • Copies of invoices

  • My bank statements

  • Appointments diaries

Electronic:

  • Phone number with four-digit client code

  • Phone contact log

  • Email, SMS and WhatsApp correspondence

 

How I may share your personal information:

 

Supervision

I attend regular consultations with a qualified therapist. The purpose for this is to maintain the quality and effectiveness of my therapeutic work and to remain in line with the requirements of the BACP’s ethical framework. In order to protect your privacy I will discuss you and any aspect of your life in a non-identifiable way.

Therapeutic will

 

I have made arrangements so that In the event of my death or incapacity a trusted counsellor colleague acting as my Therapeutic Executor will be able to access your name and contact details and notify you, if you are still in therapy with me.

 

Emergencies

 

If I believe that you are at risk of serious harm, I may share necessary personal information with emergency services, the mental health crisis team, your GP or the appropriate authority. I will endeavour to seek your consent before making a disclosure when possible.

Sharing in cases of public interest and legal obligation

 

I would share necessary and relevant personal information with the appropriate authority when there is a risk of serious harm to another person, organisation or the state (e.g. violence, drink-driving, terrorism), you have committed a serious crime, or a child is being abused. When possible and legally allowed, I will do so with your prior knowledge.

If I tested positive for COVID-19, I may be required to provide details of people who I have been in contact with to Public Health England/the NHS. I would need to provide your name and contact details if our last contact was within the relevant time period. However, this would not include the context in which we have met and therefore not disclose you are accessing therapy.

 

I would also have to share relevant personal information with a court, if ordered to do so, when required by law.

 

I would share cash payment receipts, invoices and my bank statements with the HMRC if required to provide them as evidence in matters of tax.

Third party payments

 

If your sessions are paid for by a third party (e.g. an employer, a family member or a friend), I would discuss with them payment and payment-related matters, such as the number, time and date of sessions, when payment is due and when payment is no longer required following the termination of sessions. It may also involve sending them invoices or receipts.

I would not share with the third party details about clinical and personal matters discussed in our sessions.

 

How long I will hold your personal information:

When we have finished working together I will shred paper copies of contact information and erase any electronic correspondence within one month. I will hold onto your consultation records (i.e. the therapy agreement, GDPR privacy notice, assessment form, session notes, and any other documents related to clinical matters) for up to five years past the end of our working together. This is so that I have a reference of our work in situations such as you returning to counselling in the future, and because it is a requirement of my insurer in case a legal claim is made against me. After the five years has passed, I will shred those documents.

I will keep duplicates of any cash payment receipts, invoices and bank statements, as well as my appointments diaries for five years after the 31st January deadline of the relevant tax year in case the HMRC require me to provide them as evidence in matters of tax.

 

Your rights relating to your personal information:

 

  • To be informed what information about you I hold (i.e. this document).

  • To request a copy of the information I hold about you (free of charge for the initial request).

  • To request that I rectify any inaccurate or incomplete information I hold on you.

  • To request that I stop using your information (However, I can decline whilst the information is needed for me to practise lawfully, competently & contractually, and I can continue to store the information for up to five years for use if you made a legal claim against me).

  • To request that I erase information that I hold about you (However, I can decline whilst the information is needed for me to practise lawfully, competently & contractually and to comply with the requirements of my insurer).

If you would like to make a request, please email me at wjcounselling@gmail.com. I will respond to requests within 30 days.

This policy was formulated using the following sources:

This policy will be reviewed regularly. Last updated April 2020.

  • Instagram
  • Facebook Social Icon

© 2019 by Will Jones Counselling and Psychotherapy. Created with Wix.com