Who is the Data Controller:
What personal client data I hold:
Client contact details, client emails, client session notes, client next of kin and/or emergency contact details, client GP details.These are stored on my mobile phone or personal computer, all of which are password protected.
Where data came from:
Client self-referral, Counselling Directory (www.counselling-directory.com), British Association for Counselling and Psychotherapy (www.bacp.co.uk), Counsellor referral.
Who do I share it with:
I do not share your personal information with any third party. Names and phone numbers of current clients are shared with my professional executor in line with good practice in the profession. This person would contact you in the event of my death or being unable to work and unable to contact you myself. These details are destroyed at the end of working together.
What I do with it:
The client’s personal information and session notes are stored securely, double locked. Only I have access to them. Emails and phone messages are password protected.
Is the Data Controller registered with the Information Commissioner’s Office (ICO)?
How I ask for and record consent:
I explain to the client during the first assessment session, that I am required to keep client notes as per the code of ethics, outlined by the British Association for Counseling and Psychotherapy (BACP), which I am a member. I ask each client for their permission to store and keep data about them, which is stated in the client contract form and that all client information is securely stored.
How long are records kept:
Client records and personal information are stored for a maximum of 7 years after a client has ended, then all client files are securely destroyed. Child records must be kept for 6 years after 18 th Birthday.
Legal basis for processing personal data:
I am required as a member of the British Association for Counselling and Psychotherapy (BACP) and by my insurer, Holistic Insurance, to store and keep client contact details and client session notes.
Circumstances in which data may be shared with other agencies:
There are some situations where confidentiality can be broken, these situations are uncommon but if the situations detailed below are disclosed to me this may result in me breaking confidentiality: (e.g. immediate risk of substantial harm to self or others; or under a legal requirement, e.g. terrorism, drug money laundering; or via court order for disclosure). Depending on the particular circumstance, I would always aim to discuss this with the client before taking any action wherever possible.
Request for personal data:
You as the client have the right to: access a copy and explanation of your personal data and/or request a correction and/or erasure in certain circumstances, request limiting or ceasing data processing where applicable and a right to compensation for substantial damage or distress caused by data processing where applicable. Any request for your data will incur no fee and will be met by myself within 30 days.