Counselling is a safe and confidential space. However, there are some legal and ethical limitations to confidentiality which I will highlight during the initial appointment.
Any contact information that you provide when contacting me (including details provided on the contact form of this website) are not used for any marketing purposes or provided to any third party for use of marketing purposes. Your details solely used for administrative and contact purposes such as to make appointments, arrange payments, client registration and any other follow up communication.
I am an approved Data Controller and am governed by GDPR (General Data Protection Regulation). To comply with General Data Protection Regulation, I am required to tell you what data I hold and how that data is stored. I am also bound by the British Association for Counselling and Psychotherapy Ethical Framework. Your data will never be sold to any other individual, company or organisation for any purpose. I am also required to gain your consent to store certain data about you.
I keep client data that you provide (both in your initial contact and during any counselling sessions) to ensure that I can work safely and professionally as outlined in the British Association for Counselling and Psychotherapy Ethical Framework for Counselling Professions. Your personal information is not stored on my website, other than to momentarily collect and forward to my Outlook email account. Under GDPR you have the right to know what data I collect, why and for how long I hold it. The data I hold on new and existing clients may include:
Your name and address
Your phone number(s) and email address
An emergency contact name and phone number
Your GP name and contact details
Relevant medical information and reasons for accessing therapy
Email communications between us for the arrangement, rescheduling or cancellation of appointments
You have the right to be informed on what personal information I hold
See the information I hold about you free of charge
To rectify any inaccurate or imcomplete personal information
To withdraw consent to me using your personal information
To request your personal information to be erased (unless this information is required for me to practice lawfully and ethically)
When sensitive information is to be destroyed it will be securely shredded or deleted using secure file deletion software.
If I discover that there has been a breach of your personal data, I will inform you as soon as possible. In addition to this, I am legally required to inform the ICO (Information Commissioner’s Office) of such breaches. I keep an electronic backup of contact details on an encrypted USB drive, which is password protected and stored in a locked cabinet. I store your contact details on a pin-protected smartphone, which are unidentifiable. Email/SMS correspondence: Email correspondence is stored on my Outlook email account and my laptop is password protected. SMS correspondence is stored on my smartphone which is pin-protected. Your personal information is not stored on my website, other than to momentarily collect and forward to my Outlook email account.
Brief anonymysed notes will be made during sessions on a notepad. These are then transferred onto a password protected encrypted USB drive and these are stored securely in a locked cabinet. I am required by BACP and my insurance company to retain session notes and personal data for a minimum of 7 years. After this time, unless there is a legal reason to retain the notes for a longer period, all session notes and any personal data relating to you will be securely destroyed.
If you have any concerns or further questions about how your data might be used or stored, please contact me, Dannii Richards as the Data Controller: firstname.lastname@example.org