I take the privacy of personal data very seriously and have written this policy in line with the GDPR regulations, which became law on May 25th 2018. Further information regarding GDPR can be sourced at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
The main principles of GDPR
Personal data must be:
Collected purely for specific and clearly stated legitimate purposes
Sufficient for purpose and limited to what is necessary for that purpose
Accurate and up to date
Stored only for the period of time that is necessary, and no longer
Processed and stored in a manner that ensures appropriate security of the personal data.
The term personal data applies to any identifiable information which is kept by me about my clients, which will be collected to help me to contact you to follow up from an initial enquiry, arrange or change session times and have necessary information in case of an emergency or crisis. This includes, but is not limited to:
Your phone number and text messages/call logs on my phone (stored using a code rather than your name),
Emails and your email address,
Forms which may be stored electronically or printed out. These will contain data such as name, address, phone number and email, next of kin/emergency contact, GP name and address, health information, medication and allergies and as much history and personal information as you feel happy to share in writing.
I keep very brief notes of our sessions. These are on paper and are stored securely and anonymously.
I will keep basic records for seven years and counselling notes for three months after our work has ended, or when I last heard from you. Paper notes will be shredded and any electronic communication including web forms, emails and text messages will be deleted.
I keep a paper or electronic copy of the client details form and client questionnaire. Your name, telephone number and e-mail address may be stored electronically so that I can contact you with regard to arranging counselling sessions. I will not contact you for any other reason and will not pass your information onto third parties, unless there is a serious concern that you or somebody else is at risk of harm which requires a confidentiality breach or legal obligation, such as those relating to safeguarding, child protection or terrorism.
You have a right to ask to see the information I hold about you, to ask me to change any information that is incorrect or to delete any information I hold about you, which I will do, except for any information that I have a legal obligation to keep. If you wish to complain about how I have kept your data, in the first instance please contact me. If your complaint is not resolved to your satisfaction, please contact the Information Commissioners Office, www.ico.org.uk.