The privacy of clients is very important and we are committed to complying with the terms of the UK General Data Protection Regulation (UK GDPR). We are also registered with the UK Information Commissioner’s Office (ICO), registration number ZA277806.
The purpose of this policy statement is to let you know what personal information we collect and hold, why this information is collected, how long it is stored for, and your rights in accordance with current data protection regulations.
The information given below is correct at time of writing.
The type of information collected:
We collect personal information from potential clients when they enquire about our services and to arrange an initial appointment. This includes contact details, availability and other relevant personal information needed to respond to enquiries.
If you decide not to proceed with accessing our services, we will ensure all your personal details are deleted within three months of your last contact. If you would like this information deleted sooner, please let us know.
Once any client stops accessing our services, all data regarding their support is archived and stored securely in line with retention guidelines from our insurance company, our professional bodies and HMRC and then it is destroyed. Data is kept as a legal duty to fulfil our professional responsibility to retain records in case of legal proceedings and/or complaints for which documentation is required, and this also gives us a reference in case you decide to return to therapy in the future.
We currently collect and process information that includes:
• Name
• Date of Birth
• Address
• Contact details (phone number/email address)
• GP contact details
• Emergency contact details
• Risk assessment details
• Weekly availability
We may also collect and process ‘special category data’ including:
• Personal history (including physical and mental health)
• Medication and substance use history
• Gender identity
• Sexuality
• Ethnicity
These lists are not exhaustive and other information maybe necessary to collect depending on personal circumstances, and this will be discussed with you and consent gained.
Use of this information:
Your data will only be used to provide you with our services and to give you information relating to our services.
We will not share your details with any other person or organisation without your knowledge and permission. Exemptions for this clause can be found in the therapeutic agreement and these include safeguarding, acts of terrorism, money laundering, drug trafficking, and risk of serious harm. In addition, we may share your information with your GP or your local mental health crisis team in case of emergency and we may be required to share certain items of data if our taxes are audited by HMRC.
Data collection, security and storage
Most of the information we hold comes direct from our clients through verbal and written communication during referral and assessment processes and during the course of therapy.
When someone visits our website, we collect some data indirectly such as standard internet log information and details of visitor behaviour patterns using a third-party service (WordPress.com). We collect these statistics to analyse visitor traffic and improve the visibility of our website. This information is only processed in a way that does not directly identify visitors. We do not make, and do not allow WordPress.com to make, any attempt to find out the identities of those visiting our website. Like most websites, cookies are also collected to help the site work more efficiently.
We take all reasonable precautions to prevent the loss, misuse, or alteration of any data we hold. If despite all our security precautions there is ever a data breach that affects you, we will contact you within in 72 hours of the breach to inform you of the next steps.
The collected information outlined above is kept on a secure, GDPR-compliant online system called MS Office and PowerDiary which both have password protection and two-factor authentication (2FA).
Communications in connection with our services may be sent by email. For ease of use and compatibility, communications will not be sent in an encrypted form unless you require it and give us permission to communicate with you in that way. Email, unless encrypted, is not a fully secure means of communication. While we aim to keep our systems protected against viruses and other harmful effects, we cannot bear responsibility for all communications being virus-free.
Some pieces of information such as your email address and contact numbers are stored on a smart phone and email account. Both are locked with passwords/PINs and contact numbers are assigned to client codes rather than using personally identifiable details.
Your data protection rights
Under data protection law, clients have certain rights regarding the processing and use of their personal information including:
· The right of access: you have the right to ask us for copies of your personal information.
· The right to rectification: you have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
· The right to erasure: you have the right to ask us to erase your personal information in certain circumstances.
· The right to restriction of processing: you have the right to ask us to restrict the processing of your personal information in certain circumstances.
· The right to object to processing: you have the right to object to the processing of your personal information in certain circumstances.
· The right to data portability: you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us using the details found below if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can get in touch with us using the above contact details. We will do all we can to resolve any concerns you may have.
If, for any reason, we cannot resolve the issues you have and/or you are unhappy with how we have used your data, you may choose to complain to the Information Commissioner’s Office (ICO) directly.
Their contact details are:
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk
S Miles Online Counselling 