Data privacy policy

Client data privacy policy for current and potential therapy clients

As a Counsellor, Psychotherapist and Craniosacral Therapist, I have to keep a certain amount of information about my clients so that I can communicate with them, manage their appointments and continue to work with them. I take confidentiality and privacy of your information very seriously and I am bound by codes of ethics laid down by UKCP, BCAP and ACST. I will never share your information with anyone else, unless you specifically ask me to do so.

With effect from 25th May 2018, the new GDPR law requires that I let you know how I store and use this information.

Why I keep and process information about you

If you are my current therapy client, or are about to become my therapy client, I need to hold information about you in order to work with you and to make contact with you.

I use the personal information that I keep about you in order (i) to contact you about appointments and payments, (ii) to contact you or to respond to you about your therapy in the interval between therapy sessions, (iii) to respond to questions you may have at a future date after you have finished having therapy sessions with me.

I keep brief session notes that do not reference you by name.

I have regular sessions with my clinical supervisor, a requirement of the professional associations to which I belong and also of my professional insurers. Any client matters I discuss in supervision are done so anonymously, with reference to the client by first name only.

What client information do I hold?

I keep only the information that is needed for me to be able to work safely and professionally with you, in line with the guidelines of the professional organisations that I belong to.

The client information I hold about you may include some or all of the following:

Personal information

  1. Your name
  2. Your date of birth
  3. Your postal address
  4. Your phone (home or mobile) number and email address
  5. The type of therapy I provide for you
  6. The name and phone number of an alternative contact for you
  7. Your GP name and contact details
  8. Medical information you have disclosed to me
  9. Payment information – what you have paid, when and how you paid
  10. Invoices – if you have asked for me to provide an invoice
  11. If you pay by cheque or by bank transfer that information is available to me from my bank statement
  12. My emails to you, and yours to me, and any attachments included
  13. Your medical insurance details if your sessions are paid by an insurance company

Session notes

I also may make brief notes on sessions – although this is not always the case. These do not include any personal information that would enable them to be identified with you. They are kept separate to your other personal information and are identifiable only by a coded client reference.

How long I retain notes

Under our agreement, and as a stipulation of my professional insurance provider, I keep notes for seven years.

When personal information is to be destroyed, it is shredded.

Your rights

You have a legal right to know what personal information I hold about you and to ask to see a copy of the information and ask for factual changes to be made where there is an inaccuracy or where information is out of date.

If you wish to do so, please contact me to discuss how I can supply this.

If I discover there has been a data security breach of your personal information that could put you at risk, I will undertake to tell you within 72 hours of discovering any such breach.

How is your information stored?

  1. Your name
  • Stored by me in paper form in a locked filing cabinet
  • Stored by me in a password protected electronic list of clients on my personal computer which is password protected and kept in my possession or locked at my premises
  • Included in a password protected electronic list of clients held confidentially by my nominated professional colleague, in order to contact you in the event that I suffer illness or injury and as a consequence am indisposed and unable to contact you myself
  1. Your date of birth
  • Stored by me in paper form in a locked filing cabinet
  1. Your postal address
  • Stored by me in paper form in a locked filing cabinet
  1. Your phone (home or mobile) number and email address
  • Stored by me in paper form in a locked filing cabinet
  • Stored by me in a password protected electronic list of clients on my personal computer which is password protected and kept in my possession or locked at my premises
  • Stored by me in the phone list stored on my mobile phone which is password protected and kept in my possession
  • Included in a password protected electronic list of clients held confidentially by my nominated colleague for use in the event that I suffer illness or injury and as a consequence am indisposed and unable to contact you myself
  1. The type of therapy I provide
  • Stored by me in paper form in a locked filing cabinet
  1. The name and phone number of an alternative contact for you
  • If I hold this information it is stored by me in paper form in a locked filing cabinet
  1. Your GP name and contact details
  • Stored by me in paper form in a locked filing cabinet
  1. Medical information you have disclosed to me
  • Stored by me in paper form in a locked filing cabinet
  1. Payment information – what you have paid, when and how you paid
  • Stored by me in paper form in a locked filing cabinet
  • Where information has been provided by you in electronic format – e.g. as an email or email attachment – this is stored by me on my personal computer which is password protected and kept in my possession or locked at my premises.
  1. Invoices – if you have asked for me to provide an invoice
  • These are stored on my personal computer which is password protected and kept in my possession or locked at my premises.
  1. Bank account details – if you pay by cheque or by bank transfer
  • Held in my paper banking statements identifiable by the details you supply to me
  • Identifiable by the details you supply to me and accessible via my online banking service which is password protected and accessed (i) via my personal computer which is password protected and kept in my possession or locked at my premises and (ii) via my mobile phone which is password protected and a mobile banking app which is password protected.
  1. My emails to you, and your emails to me and any attachments included

How is it stored:

  • Emails or email attachments are accessed through my email system
  • My email system is password protected and accessed (i) via my personal computer which is password protected and kept in my possession or locked at my premises and (ii) via my mobile phone which is password protected
  • I may delete emails after I have noted the contents (for example, emails around scheduling). Any emails that I consider it necessary to keep are retained in my email account, which is password protected.
  1. Your medical insurance details if your sessions are paid by an insurance company

How is it stored:

  • Your medical insurance details are not directly held by me but are accessed through the online portal of the insurance company you use

 

This document regarding client information is subject to regular review and will be updated as required.