Privacy Statement.

This statement sets out my privacy policy as required under GDPR. It describes how I look after and use any information you may give me, either as a client or a prospective client.

Data Controller

As a sole trader, I (Catherine Speddings) am the Data Controller and am registered as such with the ICO.

How Information is Collected

• The personal identifiable information I collect, store and use comes entirely from our conversations, emails, letters, texts and phone calls.

Types of Information Held

Personally Identifiable Information I hold-

• Your contact Information and preferred contact methods.

• ICE (In Case of Emergency) contact information. I ask your ‘In Case of Emergency Contact’ to fill in and sign the form I provide and to indicate they consent to me holding their contact details. (NB. You do not need to gain explicit consent from your GP.)

• Personal information, including age, gender & present address.Also your G.P. and surgery.

• Communication Information from letters, emails.

• Contracts & Consents. Information about Contracts & Consent such as signed letters of consent.

• Information required to fulfil the counselling agreement between us.

• Information about financial transactions between us

Anonymised information I hold-

• Brief factual notes from therapy sessions (Case notes)

Storage of Information

I store information in the following ways.

1. Anonymised written case notes and information from sessions including the assessment made in the initial session. This is held in a locked filing cabinet

2. Letters, signed consents and agreements, socio-demographic and contact information. This is held separately to the case notes also in a locked cabinet

3. Information about financial transactions (bank statements). This is held in separately to the above in a file, again in a locked cabinet.

4. Appointments are stored in my diary and are anonymised. I also store client’s telephone numbers in my diary but again these are coded and anonymised.

I do not store client phone numbers and email addresses digitally. Call history, emails and text messages are deleted from my phone at the end of each working day. Any content that I feel needs to be recorded will be documented in your anonymised notes. N.B. at weekends and holiday times these may remain on my phone for longer periods but will be deleted as soon as I return to work.

Emails regarding initial enquiries and initial appointments will be kept for 14 days or until an initial assessment is arranged and then deleted whichever is sooner. Subsequent emails will either be printed and kept with your identifiable information or deleted once replied to depending on the nature or content of the email.

Sharing/ Processing of Information.

Any Sharing/Processing of Information will only be done on a lawful basis as outlined by ICO. The lawful basis on which I will process your information will depend on the circumstances surrounding my decision to process your data but will be one of the following; consent, contract, legal obligation, vital interests or public task. I will only share/process your information in order to;

• To fulfil my counselling agreement with you. This includes the collection of information before we enter into a explicit or implicit counselling agreement, during your counselling and after the counselling has concluded.

• To ensure I am giving you a professional and ethical service that complies with the Codes of Practice of the professional organisations I am a member of, and the requirements of my insurers.

• When it is my legal duty to collect, store, use or transfer information in order to comply with legislation or the instructions of a court of law

• When it is required to maintain my own safety, your safety or the safety of third parties.

In such circumstances I may share your personal identifiable information with;

• Statutory bodies when required to by law or instruction of a court of law

• Your emergency contact in case of an emergency and /or G.P.

• Statutory bodies when required to avoid harm to you, me or others

• My accrediting/ethical membership body, insurers and professional advisers in the case of you making a complaint against me

• My professional executor, in the case of my incapacity or death.

• A lawyer - If your information is requested by a court or you raise a legal action against me I may take legal advice, in order to clarify whether the court has jurisdiction, and whether the request meets the strict legal criteria required in such cases. In this situation I may consult a lawyer to help me make an informed decision about whether to release some or all the information I hold to the court. Personal information pertinent to the decision will be made available to the lawyer, who will be bound by a Professional Code of Conduct.

Who I share anonymised personal information with

• Clinical Supervisors (including specialist supervisors) in order to ensure I am operating effectively and ethically

With your written permission I may share anonymised information with

• Counselling tutors and examiners in order to gain additional qualifications and accreditations. I would discuss this fully with you prior to asking you to consent to this.

How long will I keep your information

I will keep your information for a variety of lengths of time depending on how it is held

• Digital Information – Texts and phone records will be deleted and emails stored as indicated above. For technical reasons this information cannot be entirely erased  until the storage device is destroyed or securely wiped and reformatted.

• Anonymised notes and paper copies of contact information will be shredded 7 years after counselling ends.

• In case of emergency contact information will be shredded at the end of the course of therapy.

Marketing

I will never use your information for marketing, or contact you to market a service to you unless you have specifically given consent in writing

Sending of information outside the EU.

I will not knowingly send your personal information outside the EU unless

• I am required to in order to comply with the instructions of a Court of Law

• I have to do so in order to defend myself against a legal action or a complaint brought by you.

Your rights

You have a range of legal rights including

• the right to access your personal information

• the right to require me to change any factual mistakes in the information I hold.

• the right to withdraw your consent to the non-essential processing of information*

• the right to request the deletion/destruction of your personal information*

*You can withdraw consent to the use of your personal information and/or request its destruction however there are limits to this right laid down in the legislation. For example you cannot demand the destruction of records of financial transactions.

For more information about your Information Privacy Rights or to make an Information Privacy orientated complaint you can contact the Information Commissioners Office through their website https://ico.org.uk/

Changes to this policy.

If I have to make changes to this policy that are inconsistent with the original purposes for which your data was collected I will notify you in advance wherever possible and give you the opportunity to withdraw consent for your information to be processed.