What is the General Data Protection Regulation 2018 (GDPR)
The regulation of personal data is laid out in the General Data Protection Regulation 2018 (GDPR), which is available on the ICO website www.ico.org.uk. In complying with these GDPR regulations I am obliged to ensure that your personal data is:
- Accurate and up to date.
- Stored securely to prevent data loss, misuse and unauthorised access.
- Retained for the purpose of my work with you only.
By following the GDPR I ensure that any sensitive personal information that you may disclose to me is managed appropriately. This type of information is called ‘special category personal information’. The lawful basis for my use of special categories of personal information is to provide health treatment, in this case counselling, and is therefore a necessary part of your contract with me as a health professional.
Your personal data and how I use it
When you first enquire about therapy I will collect basic personal information for contact and identification reasons. For example, I will need your contact details to be able to get in touch with you to manage appointments and to send you appointment reminder requests if you would like them.
As well as collecting and storing personal information such as name, email address, phone number, and date of birth, I will also ask for the address and name of your GP, but I would only contact your GP under specific circumstances (see the confidentiality section). I may also need you to give me information on medical conditions and prescribed medications relevant to the counselling service provided.
As a record of our counselling sessions, I will keep brief session notes on what we discuss in therapy to remind us both of the work we are doing. These will include personal and sensitive details about your life. The notes are used solely for the delivery of a therapy service to you.
Storage of personal data
I store all hardcopy personal information and session notes in a locked filing cabinet. Legally, I am required to retain these for 7 years for adults and up to the age of 21 for a child or a teenager, at which time they will be shredded. I will store your contact details and emails electronically. These will be deleted one month after your last session or, in the case of emails, printed as a hardcopy record. All text messages will be stored electronically and deleted within one month of sending.
To ensure confidentiality, all adult sessions will be conducted in accordance with the GDPR regulations. There are particular regulations covering confidentiality arrangements when working with children and teenagers which can be found ‘Working with Children and Teenager Policy.’ (link)
Irrespective of age, all session notes will remain confidential and anonymised under a case number, with the following exceptions:
- When you have given your permission to share information for example, statistical data.
- In cases where I am compelled to give evidence by a court of law.
- If I consider there is a real possibility of harm to yourself or others, or in such instances when the information is of such a nature that confidentiality cannot be maintained for example:
- Safeguarding adults (adult protection)
- Safeguarding children (child protection)
- Offences involving children under the age of 18.
- In cases of terrorism, fraud or money laundering.
In all other circumstances I will seek your permission to:
- Contact you via your preferred method and will only leave a message with your consent.
- Share information outside of the above exceptions.
- Use anonymous details for continued professional development (case studies or training).
- Publish any marketing material such as case studies or testimonials including those using a pseudonym.
Each time you visit a website Google Analytics automatically tracks information such as your geographical location, IP address, browser type, browser version, operating system, referral source, page views, length of visit, the times and dates you visit the site, navigation paths, and whether you are a new visitor or a returning visitor. When you visit http://www.new-leafcounselling.com the information collected by Google Analytics may be used to customise the website according to your interests and help improve products and services.
New Leaf Counselling uses Facebook. If you make contact via this means then Facebook’s own privacy policies need to be considered. To access these policies please click on the link. https://en-gb.facebook.com/policy.php
Online / Telephone Counselling
New Leaf Counselling uses Doxy.me. They have their own privacy terms which you can access on their website. https://doxy.me/privacy-policy
Links to external websites
All personal and sensitive data held by New Leaf Counsellingis held securely. Electronic data stored on a computer is stored on a password protected computer, in a password protected account held on the computer. Hardcopy data is held securely in a locked cabinet with the only keyholder named as Karen Batty Data Controller. In the unlikely event of a data breach, I comply with the regulations set out under Article 33 of the GDPR.
Your Rights’ Controlling your personal information
You may choose to restrict the collection or use of your personal information. If you have previously agreed to using your anonymous personal information for continued professional development or marketing purposes you may change your mind at any time by writing to Karen Batty at email@example.com
You may request details of personal information which I hold about you under the General Data Protection Regulation 2018 (GDPR). If you would like a copy of any stored personal information, please email me at firstname.lastname@example.org.
I aim to keep all personal data up to date, if you believe that any information we are holding about you is incorrect or incomplete, please let me know as soon as possible and I will correct any information found to be incorrect.
Amendments and Updates
This Privacy Notice was last updated in July 2019.
Karen Batty is responsible for this privacy notice and can answer any questions you may have regarding it. Please contact me at email@example.com
The ICO can be contacted at:
ICO website: https://ico.org.uk/global/contact-us or Telephone: 0303 123 1113