Maintaining the privacy and security of your data has always been a priority for me as a therapist and I am committed to handling any data mindfully, fairly and legally and transparently. Please read the following carefully to understand how I treat your personal data in compliance with the General Data Protection Regulation (GDPR) that is effective from May 25th 2018.
A What data do I collect?
In order for me to be able to fulfil my responsibilities as a psychotherapist I will need to record some personal information about you. This information will include the following:
1) Information that you choose to provide me when you email me via this and other websites or email me direct or telephone me or text me. This includes the content of what you choose to tell me as well as your email address / telephone number.
2) At our assessment session I will ask you to fill out a form with your name and address, an emergency contact name and number and your GP's contact details.
3) At your assessment session I will give you a copy of this Privacy Notice to read and to name and sign your consent to the use and storage of your personal data. I will also give you another form regarding my availability /cancellation policy to sign your consent to.
4) I will also take notes of assessment information, that is, relevant medical information and aspects of your health and family history that you choose to share with me.
5) After each session I write some informal personal notes. These are not identifiable.
B How do I store this data?
1) If you choose not to work with me before or after the assessment session then I will erase all your contact details and the assessment form.
If we choose to work together then I will store your personal data as follows:
2) Your telephone number is stored on a work phone that is locked in my office at all times. It is stored with your initials only. If you send me a text or leave a voicemail I erase these messages once I have dealt with them.
3) The assessment form with your contact details and your signed consent form are stored in a locked case. This information is kept separate from the assessment notes and my personal notes. These are kept in a locked cabinet.
4) Your email contact address is stored on my computer which is password protected. If you send me an e mail then once the issue has been addressed I will delete the content of the email you sent to me and the content of any email that I sent to you in response. I also have a personal Smart phone which currently receives your email. This phone is password protected. I suggest that all email / text correspondence is limited to arrangements and is not appropriate for personal process. Please note that my email is currently NOT encrypted.
5) Please note that I do not store any financial information as I request that my clients pay me in cash or by cheque at the beginning of each session. I give receipts and keep copies for my records of those receipts. Only your initials appear on these receipts.
C What use do I make of the data I store?
1) I use your contact details to allow me to provide you with information about the services that you request from me. Your contact details allow me to correspond with you about our availability and any cancellations that you or I have to make. .
2) I use the informal notes to carry out my therapeutic obligation arising from the agreement entered into between the two of us.
D When would I have to disclose your data?
1) As part of my commitment to providing a professional service I abide by the ethical codes of my governing bodies, the BACP and the UKCP. This includes attending supervision which is bound by a confidentiality agreement. I also only refer to you by your first name to protect your identity when in supervision.
2) I am also ethically obliged to have a Professional Will so that in the event of my incapacity or my death my clients can be contacted to inform them of the situation and to be given help in finding alternative therapeutic support if that is what is needed. For this reason my supervisor and one other professional colleague have the telephone number and first name of all my clients. This information is stored by them on a piece of paper in a locked cabinet.
3) I am also ethically obliged to contact your GP if I feel you are in danger to yourself or others. I do not do this without your consent if at all possible.
4) I am also legally obliged to disclose your personal data with the relevant authorities in order to safeguard children/vulnerable adults, report money laundering or terrorism or if I am subpoenaed to court.
E How long do I keep your data?
I follow the recommendation of the Insurance Company with whom I hold my Professional Liability Insurance and will retain your data for three years after we have finished working with one another. Your details will then be deleted from my phone and computer and any written notes will be destroyed. Your contact details are removed from the forms held by the executors of my Professional Will as soon as we have ended our work together.
F What happens in the event of a data breach?
1) I have a legal obligation to report a data breach to you and the Information Commissioners Office ( ICO) within 72 hours.
G What are your rights?
1) You are entitled to view, amend or delete the personal information that I hold. All requests are required to have been dealt with after one month.