As a therapist I take the privacy and security of your data extremely seriously and I am committed to handling any data mindfully, fairly and legally and transparently. Please read the following carefully to understand how I treat your personal data in compliance with the General Data Protection Regulation (GDPR) that is effective from May 25th 2018.
A What data do I collect?
In order for me to be able to fulfil my responsibilities as a psychotherapist I will need to record some personal information about you. This information will include the following:
1) Information that you choose to provide me when you email me via this and other websites or email me direct or telephone me or text me. This includes the content of what you choose to tell me as well as your email address/telephone number.
2) At our assessment session I will ask you your name and address, an emergency contact name and number and your GP's contact details.
3) At your assessment session I will give you a form regarding my availability/cancellation policy and a brief description of the personal data I will hold on you, by signing it you will give your consent to the use and storage of your personal data.
4) After each session I type up some informal personal notes, which are identified only by your initials.
B How do I store this data?
1) If you choose not to work with me before or after the assessment session then I will erase all your contact details and the assessment form.
If we choose to work together then I will store your personal data as follows:
2) Your telephone number is stored on my computer, and on my telephone, both of which are password protected. It is stored with your first name only. If you phone me and leave a voicemail I will erase the message once I have dealt with it.
3) Your signed consent form is stored in a locked cabinet, along with my personal notes.
4) Your email contact address is stored on my computer which is password protected. If you send me an email then once the issue has been addressed I will delete the content of the email you sent to me and the content of any email that I sent to you in response. I also have a personal Smart phone which currently receives your email. This phone is password protected. I suggest that all email / text correspondence is limited to arrangements and is not appropriate for personal process. Please note that my email is currently NOT encrypted.
5) Please note that I also store financial information from payments made by bank transfer. These are stored in a locked cabinet.
6) My informal notes taken after the session are stored on my computer, which is password protected.
7) I also take written notes during supervision. These are stored in a locked cabinet.
C What use do I make of the data I store?
1) I use your contact details to allow me to provide you with information about the services that you request from me. Your contact details allow me to correspond with you about our availability and any cancellations that you or I have to make.
2) I use the informal notes to carry out my therapeutic obligation arising from the agreement entered into between the two of us.
D When would I have to disclose your data?
1) As part of my commitment to providing a professional service I abide by the ethical codes of my governing body, the UKCP. This includes attending supervision which is bound by a confidentiality agreement. I also only refer to you by your first name to protect your identity when in supervision.
2) I am also ethically obliged to have a Professional Will so that in the event of my incapacity or my death my clients can be contacted to inform them of the situation and to be given help in finding alternative therapeutic support if that is what is needed. For this reason I store the record of your first name and telephone number on my computer, which is password protected.
3) I will also contact your GP if I feel you are in danger to yourself or others. I do not do this without your consent if at all possible.
4) I am also legally obliged to disclose your personal data with the relevant authorities in order to safeguard children/vulnerable adults, report money laundering or terrorism or if I am subpoenaed to court.
E How long do I keep your data?
I follow the recommendation of the Insurance Company with whom I hold my Professional Liability Insurance and will retain your data for three years after we have finished working with one another. Your details will then be deleted from my phone and computer and any written notes will be destroyed. Your contact details are removed from the list kept for the executor of my Professional Will as soon as we have ended our work together. In line with their recommendation, I will also keep your financial details for six years from the end of our work together
F What happens in the event of a data breach?
1) I have a legal obligation to report a data breach to you and the Information Commissioners Office (ICO) within 72 hours.
G What are your rights?
1) You are entitled to view, amend or delete the personal information that I hold. All requests are required to have been dealt with after one month.