This policy outlines your rights, and my obligations to you, with regard to collecting, using, sharing and storing your personal information from initial point of contact through to after your therapy has ended. The Data Protection Act 2018 defines personal data as any information that can be used directly or indirectly to identify a living individual, including, but not limited to your name, address, telephone number or email address.
‘Data Controller’ is the term used to describe the person that collects, stores and has responsibility for people’s personal data. As a sole trader, I (Linda Hillery) am the Data Controller for Linda Hillery Counselling and registered with the Information Commissioners Office (ICO) Reference: ZB290477. Your privacy is very important to me, and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me. I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
My lawful basis for holding and using your personal information
The GDPR states that I must have a lawful basis for processing your personal data. I collect and process personal information from you to enable me to follow up on an enquiry and assess whether I am able to offer you counselling, and fulfil my contractual obligations to you as your professional counsellor should we then agree to work together. This contract is the lawful basis for my processing of your personal information. When our counselling sessions have come to an end, I will use legitimate interest as my lawful basis for holding and using your personal information.
How I collect personal information
Information will be collected via my website (www.lindahillerycounselling.com), over the telephone, in writing including via email, and in-person from you. I may also on occasion receive information from your GP, another health professional or a trusted third party when they are either making a referral or an enquiry on your behalf.
How I use your information
When you contact me with an enquiry about my counselling services I will collect information to enable me to respond to your request. This will include your name, email address and telephone number. Should you decide not to proceed with counselling following your initial enquiry, or I am unable to contact you to follow up on your enquiry, I will ensure that your personal data is deleted within 30 days of you advising me of this decision or of no contact being made, whichever is the earlier.
I keep written records of information gathered from our initial assessment session to help me to provide you with a counselling service and this includes your contact details and any other emergency contact details, details of your G.P, your previous medical history and any medication you may currently be taking. I also record dates and times of sessions attended and keep written notes regarding the key themes in our work. This information is securely stored in a locked fireproof cabinet that only I can access. I keep these records for 5 years after your final appointment, or 5 years after your 18th birthday depending on which is the latter, in line with the requirements of my professional indemnity insurance policy. This is for the purposes of preventing serious harm to you or others and to protect me in the event of a claim being made against me. After 5 years, unless there is a good reason to hold them for longer, records will be securely destroyed. I store any art or written work created in sessions that you want me to hold for you for the duration of our work. After our last session, any work you do not want to take away with you will be securely destroyed.
To enable me to contact you, I keep your first name, the first initial of your surname and your telephone number in my therapy practice phone which is fingerprint and PIN protected. In the unlikely event that I become incapacitated, a trusted colleague will be given access to my therapy practice phone, and the code to unlock it, for the sole purpose of contacting you to inform you of the situation. I also record your first name and the first initial in my paper work diary which is held in a locked fireproof cabinet when not in use and destroyed at the end of each calendar year.
Whilst we are working together, I keep emails and texts only until they have been dealt with or responded to, after which they will be deleted unless there is good reason to hold them longer. Following our final counselling session, I ensure all personal information is deleted from my therapy practice phone and my mailbox within 30 days. If you would like me to delete this sooner, please let me know.
Invoices will include your first name and the first initial of your surname, your address will be omitted unless you request otherwise. Note: when paying by BACS transfer, your full name will appear on statements. However, Banks and accountants are bound by GDPR law to protect your data.
I share financial information with my accountant, the HMRC and banks to demonstrate proof of earnings if requested. I keep financial data for the period of time required in law by HMRC, after which it is securely destroyed.
What you discuss in your counselling sessions remains confidential between us and I will not share your personal data with any third party without your consent unless there are exceptional circumstances such as where I believe there is a threat of serious risk of harm to yourself or others, or where there is a statutory obligation for me to disclose such as a case of terrorism, drugs trafficking or money laundering. I may also be ordered to disclose information by a court of law. Some of your information, such as website visits or telephone call data is shared with the website provider or mobile phone operator respectively who will operate under their own privacy policies, the details of which can be provided on request.
When you visit my website, and/or submit a contact form, you will be directly giving me some personal information. This will be used by me for one of the following reasons:
To allow me to follow up on your enquiry
So that I can contact you to book you an appointment
To monitor the effectiveness of my website and/or other marketing activity
You have a right to ask me what information I hold about you. You can also ask me to delete your personal information or request that I correct any personal data found to be inaccurate. You can request that I limit how I use your personal information or even withdraw consent to the processing of your data in certain circumstances. You can read more about your rights at https://ico.org.uk/your-data-matters/. I ask that any such requests are made in writing via firstname.lastname@example.org. I aim to respond within one month of receiving your request where I am able, but please note I may also have the right to refuse to comply with your request, for example in order to defend myself in a claim situation or to comply with the terms of my professional insurance but I will let you know where this is the case.
I hope that the policy outlined reassures you of the security of your personal information. However should you have any concerns about the way your personal data is being handled by me, please get in touch and I will do my best to address and resolve your concerns.
Should you wish to take the matter further, please contact the Information Commissioner’s Office on 0303 123 1123 or visit their website for more information https://ico.org.uk/make-a-complaint/