Your privacy is very important to me and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose of fulfilling my contractual responsibilities to you as a Psychotherapist/Counsellor.
This policy details how I will collect data, and what I will do with your personal information from initial point of contact through to after your therapy has ended. and your rights regarding your data.
I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
I am happy to discuss any questions you might have about my data protection policy and you can contact me via phone on 07375 026885 or email@example.com.
‘Data controller’ is the term used to describe the person/organisation that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is me, Barbara Luc of 7 Leysfield Road, London W12 9JF.
I am registered with the Information Commissioner’s Office (A8739217)
How will my personal information be collected?
I will collect your personal information in the following ways: via my website: www.blpsychotherapy.com, over the telephone, during video conference, in writing and in person during our meetings.
Why I am able to process your information and what purpose I am processing it for?
The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. I have explained these below:
If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information.
If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract.
The GDPR also makes sure that I appropriately look after any sensitive personal information that you may disclose to me. This type of information is called ‘special category personal information’
What is ‘special category’ information, and why do you need to process this too?
Special category information is defined by the GDPR as being information that is more sensitive than other personal information, and therefore requiring of higher levels of protection. Examples of this type of information could include information about your health, race, sexuality, or religion. To lawfully process special category information, I am obliged to identify a specific condition for processing it under Article 9 of the GDPR and communicate this to you. The condition of the GDPR that I apply to the processing of your special category information is that it is ‘pursuant to contract with a health professional’. This means that, if you either commence psychotherapy with me, or ask me to assess your eligibility of psychotherapy with me, then I will likely need to process some special category information about you. Usually, this is information about your mental health, and I need to process it in order to fulfil my contractual responsibilities to you in delivering safe, efficient psychotherapy.
How do I store your information?
I will store your personal information electronically. Even if initially I may collect physical information, it will be transferred to electronic storage. Personal information is stored electronically on devices that are password and/or fingerprint I.D. protected, and in files that are further password protected and only accessible by me. Names and contact details will be anonymised and stored separately to other personal information.
How is your information used?
When you contact me with an enquiry about my counselling services, I will collect information to help me fulfil your enquiry. This will include your name, address, contact number/e-mail address, your availability, any psychological issues that you would like to talk about, and symptoms.
Once we have decided that psychotherapy with me is suitable for you, and your therapy commences, I will collect further information from you that may include: you G.P. contact details, previous therapy, any goals you may want to focus on, current medication, your support network, financial and employment circumstances, health and physical issues, alcohol and drug use, appetite and sleep, family structure, overview of your family situation, and early memories of caregivers
Alternatively, your GP or other health professional/referrer may send me your details when making a referral. A parent or trusted individual may give me your details when making an enquiry on your behalf.
If you decide not to proceed, I will ensure all your personal data is deleted within one year. If you would like me to delete this information sooner, just let me know.
How long will you store my personal information?
According to the GDPR, your personal information should be stored for no longer than is necessary. I will typically store your information for a minimum of 7 years following the termination of our contract with each other and then securely destroyed. However, I may need to store your information for longer than this, for instance in order to defend myself in a claim situation, or to comply with my insurance terms and conditions.
What about my confidentiality while I am accessing counselling?
Rest assured that everything you discuss with me is confidential.
That confidentiality will only be broken if I felt you may be at risk of harm to yourself or others, or if I am compelled to by a court of law.
I will always try to speak to you about this first, unless there are safeguarding issues that prevent this.
Who will my personal information be shared with?
I sometimes share personal data with third parties, (for example GP or other healthcare professional, telephone provider etc. under certain exceptional circumstances), where I have contracted with a supplier to carry out specific tasks. In such cases I have carefully selected which partners I work with. Some of your personal information such as telephone call data, or payment information, is shared with the website provider, mobile phone operator, or card payment provider respectively. These providers operate under their own privacy policies, and these can be provided upon request.
Can I receive a copy of the personal information that you store about me?
Yes. The DPA gives you the right to find out what information that I store about you by requesting a copy of it. Any request that you make to obtain a copy of the personal information that I hold about you is called a ‘Subject Access Request’. You can write to me and ask for a copy of the information that I hold about you via emailing firstname.lastname@example.org I must respond to your request without delay, and usually within one month at the latest. I may charge a fee for providing this information based on the administrative costs involved.
Can I request that you delete the information you hold, about me?
Yes. This is known in the new legislation as the Right to Erasure. You can request for your personal information to be deleted either verbally, or in writing. There may be an administrative charge for this. It may mean that I may have the right to refuse to comply with your request, for example in order to defend myself in a claim situation, or to comply with my insurance terms and conditions, and I will let you know my response to your request within one month of receiving it. It may also mean that I will not be able to offer you therapy any longer.
Can I object or complain about the processing of my personal information?
Yes. Although I hope you are appropriately reassured after reading the policy outlined above of the security of your personal information should you wish to object or complain about the way that your personal information is being handled by me, then do please feel free to communicate this to me at the earliest possible opportunity. I will do my best to address your concerns and take steps to try and resolve whatever issues you may raise. You can write to me directly via e-mail.
Should you wish to take the matter further, please contact the Information Commissioner’s Office on 0303 123 1123, or visit https://ico.org.uk/concerns/ for more information.