Privacy policy

I am the Data Controller for the purposes of the Data Protection Act 2018 (“the Act”) and registered with the Information Commissioner Office (number ZA483143). This policy outlines the personal data held by me about you. Such data is collected from you with your consent. I hold and process data in accordance with the provisions of and principles set out in the Act and the UK General Data Protection Regulation 2018 (GDPR).

I keep:

a)       Electronic records of your contact details on a sheet to be completed at the start of our work together.

b)    Background notes of our sessions and content, copies of emails or text exchanges, including preliminary contact inquiring about the possibility of counselling with me, copies of any questionnaires completed by you, and a note of the content of telephone conversations. This may include sensitive personal data which you share with me in the context of therapy such as information relating to your sex life or religion. 

These data records are subject to the provisions of the Act and the principle of the GDPR. They are kept pseudonymised, secure, private and confidential, except as indicated in paragraph 1.3 of our agreement made when counselling begins. If the client is paying by BACS, the client must be aware that the therapist’s name will appear on the statement.

Any electronic records that are kept on a portable device (including my mobile phone) are password protected and encrypted. I request that you only use electronic communication such as email or text messaging for short messages asking me to contact you or alter an appointment. Please, use encryption to preserve confidentiality.

I may rely on one of the following legal basis to retain you personal data: i) your explicit consent ii) necessity to perform a contract iii) to protect your vital interests; and iv) where required to manage legal claims.

The following processors may be used to process your personal data: Google Inc. (for the purposes of email), VSee Lab. Inc (for the purposes of teleconferencing), GiffGaff Limited (telephony) and Square Space (website host)

In order to work effectively and safely, neither you or I will attempt to produce video or audio recordings of a session or part of a session without prior permission.

The records are kept as long as is reasonable for the purpose for which they were prepared, in most cases for 7 years, and then securely destroyed. If contact is made which does not lead to a client agreement, any record of such contact prepared by me is usually destroyed after the lapse of one month from such contact.

Rarely, clients, their solicitors, the police and the courts ask permission to access to counselling records. I will require specific written consent and proof of identity from you. As these records are not suitable for use in legal proceedings, I reserve the right to resist legal requests to produce these in court. Any request to provide a written report made by the aforementioned will be considered on case-by-case basis on receipt of written consent by you request. Any report so provided will not refer to specialist diagnosis or other matters outside my training and will be restricted to brief details of attendance dates and numbers of sessions attended.

You may wish to exercise your rights under the Act and make a subject access request in respect of your personal information held by me. To exercise such a request, it should be put in writing to me, and provide evidence of your identity and proof that your address is the address to which the information is requested to be sent. Within one calendar month of receipt by me of the request, and other required proofs, I will respond, usually in the form of a schedule listing and describing the personal data held by me on you. By submitting your data on the contact form of the website, or by arranging therapy sessions with me you acknowledge that you understand and agree to this subject access policy for counselling and to the other parts of this policy.

Under the Act, you have the right to access a copy of your personal data, to request corrections or erasure in certain circumstances, and to request the limiting or ceasing of data processing, where applicable (although this may mean that our work together may have to cease). You also have a right to compensation in the event of substantial damage or distress caused by data processing outside the terms of this agreement.

In view of the nature of our work together, I have determined that the appointment of Data Processing Officer under the Act is not required under the Act.

Please note that it may be necessary from time to time to make changes to this policy and I will inform you as soon as possible when this happens and seek your agreement to the new policy.