Privacy Notice and GDPR

Please read this information before your initial appointment.

The General Data Protection Regulation (GDPR) is new legislation which came into effect on 25th May 2018.  Under this law you have a right to know what information I collect, how I use it and the circumstances in which it may be shared.

The personal information you provide to CYCounselling will be used for legitimate business interests, that is, to provide you with a professional counselling service.

At your initial appointment you will be given a copy of this privacy notice to sign, this is simply to acknowledge you have received and understood this policy.

Your Personal Data

Information kept includes:

  • Your signed privacy notice
  • Your signed counselling agreement
  • Brief record of each counselling session (which may contain sensitive personal data – see below)
  • A personal information sheet

Sensitive Personal Data (“Special Category Data”)

Some of the information collected may be sensitive personal data including physical and mental health.  Such data will only be used to provide a counselling service in accordance with legal obligations.  Sensitive personal data is stored as part of your clinical notes which are anonymised with a unique code.  Your personal information links to your clinical notes using a unique code.  This code is stored in a separate location and password protected.

Why I need it

Session Notes – Data I have a legal obligation to keep

I am required by my insurance company to keep session notes for a period of 5 years after the end of therapy, after which they are destroyed by either deletion or shredding.

What are your rights?

You have a right to request to see or have amended any personal information I may keep about you. You also have the right to request that I delete information that I hold about you. You also have the right to object to the processing and use of your personal data.

What information do you share?

We will not share any information about you with other organisations or people, except in the following situations:

Consent – I may share your information with other professionals whom you have requested or agreed I should contact. I also do collect feedback from client’s to use in marketing. I will ask your permission on the feedback form prior to using it.

Serious harm – I may share your information with the relevant authorities if I have reason to believe that this may prevent serious harm being caused to you or another person.

Executor – If for any reason I become incapacitated and unable to work your information will be passed onto the executor of my clinical will so they can contact you and make suitable arrangements.

Compliance with the law – for instance if I am required by a court of law

How your data is stored

Paper forms and correspondence are stored in a locked filing cabinet.  All electronic records are encrypted and require password access.  Your telephone number may be kept in my mobile phone which is also password protected.

Your identifiable information is kept separately from any session notes and are linked by a unique number.

How long I keep it for

For legal reasons I keep session notes for 5 years after the end of therapy which is the time frame my insurance company requires.  After this they are destroyed, either by shredding or deletion.

The following will be shredded or deleted within 3 months of our work finishing:

  • Personal information form
  • Your phone number from my mobile phone
  • Emails regarding appointment arrangements

Data Protection Accountability

If you wish to complain about how your data is handled, in the first instance please contact me directly. If your complaint is not resolved to your satisfaction you can contact the Information Commissions Office at:

https://ico.org.uk/concerns/handling/.