Privacy Policy

Privacy Policy – GDPR Compliance

Introduction

The General Data Protection Regulation (GDPR) came into effect on 25th May 2018.
This policy explains what personal information I collect, how I store and use it, and how it is securely destroyed when no longer needed.

When you attend an initial consultation, we will agree on a Working Agreement which includes my commitment to confidentiality, how your data is protected, and the rare circumstances when confidentiality may need to be breached. You will be asked to sign this agreement before therapy begins.

Personal Details I Collect

I may collect the following information from you:

  • Name (for under 18s, also parent/guardian name)
  • Date of birth
  • Address
  • Contact number (and parent/guardian contact number for under 18s)
  • Email address
  • Emergency contact details (in case of illness or accident during a session)
  • GP contact details (used only with your permission)
  • Relevant mental/physical health information and medication details

How Your Information is Stored

  • Paper Records: Personal details are stored in a locked filing cabinet, separate from case notes.
  • Case Notes: Brief summaries of sessions are also kept in a locked cabinet. You are referred to only by a code to protect your identity.
  • Diary: Appointments are recorded in a paper diary using only initials. Stored separately from your personal details.
  • Phone: My work phone is password-protected and does not store your number under your name.
  • Email: Client emails are accessed only on a password-protected computer via a separate work email account.
  • Website: My website does not store any personal information.

How Long I Keep Your Information

  • Personal details: Kept for one month after counselling ends, then shredded.
  • Case notes: Kept for 7 years (as recommended by the BACP), then shredded.
  • Text messages & emails: Deleted within one month of counselling ending (or sooner if requested).

When I Might Share Your Information

  • Supervision: As part of ethical practice, my work is reviewed in supervision. Only your first name is used, and discussions are confidential.
  • Therapeutic Will: In the event of my death, my appointed therapeutic executors (both BACP members) will contact you, offer support where appropriate, and securely destroy all records.
  • Breaking Confidentiality: I may need to break confidentiality if:
    • You or someone else is at serious risk of harm.
    • There is disclosure of terrorism or drug trafficking (legal requirement to report).
      I will always try to discuss this with you first, unless it is unsafe to do so.

Your Rights Under GDPR

You have the right to:

  • Be informed about the information I hold about you.
  • Request to see your personal data (I will respond within 30 days).
  • Ask for corrections to inaccurate or incomplete information.
  • Request deletion of data, unless there is a legal reason for keeping it.

If you have any questions about any aspect of this privacy policy, my contact details are as follows:

Tel: 07771 438 583  and/or Email (via contact form)