It is necessary for me to hold your personal contact details and records of your therapy sessions if you decide to work with me. Your privacy is important to me and you can be confident that your personal information will be kept safe and will only be used for the purpose it was given to me. I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. I also adhere to the ethical guidelines regarding protecting client privacy and confidentiality set by the British Association for Counselling and Psychotherapy (BACP).
Holding and use of your personal information
The GDPR states that I must have a lawful basis for processing your personal data. For the purposes of GDPR Maxine Freshwater is the Data Controller. Address: 10 Queen Street, Ipswich, Suffolk, IP1 1SS. There are different lawful bases depending on the stage at which I am processing your data. I work to GDPR guidelines to ensure that I look after any sensitive personal information that you may disclose to me appropriately.
How I use your information
I will never use your personal data for any purposes other than the administration of the therapy service that I am providing.
Initial contact: When you contact me to book your first appointment, I collect some brief information to help me to process your enquiry i.e. your name, phone number and email address. Also your Skype address if relevant. If an enquiry is made and you decide not to proceed, I ensure all your personal data is deleted within 30 days.
During therapy: I will use your email address or phone number to contact you during therapy, if you have given consent for this. At the first appointment, or before, I ask you to complete a personal details form containing your name, address, date of birth, contact information and contact information for your GP. The form is stored in electronic format on a secure, fingerprint-only access protected laptop.
Our session content will be kept confidential. I am an Accredited Member of the British Association of Counselling & Psychotherapy (BACP) and I abide by their professional code of ethics. Confidentiality will only be broken if there are legal or ethical obligations to disclose, for example, if you disclose abuse/neglect of a child or vulnerable adult, or say something else that implies serious harm to yourself or others, or if a court of law requires me to disclose information.
In the event that confidentiality must be broken I will always try to speak to you about this first, unless, due to safeguarding issues, I am prevented from doing this.
It is a BACP requirement that counsellors have regular supervision, so I may discuss some of our work together with my supervisor. You would not be identified and my supervisor also abides by the BACP’s code of ethics regarding confidentiality.
I keep brief notes during therapy, which is also a BACP requirement. The notes do not include any personal details that could be used to identify you. They are stored electronically on a fingerprint locked device.
After therapy: Counsellors are required to keep records after therapy has ended for a certain period. Your therapy notes do not include any personal details that could be used to identify you. Seven years after therapy has ended your therapy notes will be destroyed.
Your personal details form is destroyed on ending your therapy sessions. Please note that I am required to keep a record of your name, date of birth and your client reference number for seven years after therapy ends.
My email account is password protected and mobile phones and laptops used to respond to your emails are password protected with fingerprint technology and have anti-virus software. Any email correspondence will be deleted within one month if it is not necessary to keep it.
This website and the website email system are protected with SSL security.
By accessing the website, you are consenting to the information collection and use practices described in this privacy notice. Should you choose to contact me using the contact form on the website none of the data that you supply will be stored by the website or passed to any third party data processors. Instead the data will be collated into an email and sent to me over the Simple Mail Transfer Protocol (SMTP). SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted before being sent across the internet. The email content is then decrypted by local computers and devices.
Under GDPR, 2018 guidelines you have the following rights: The right to request access to the personal information that I store and process about you. You can ask for corrections to be made to the information held or for your personal information to be deleted. You can also ask me to restrict the processing of your personal information or to object to the processing of it altogether in some circumstances. You can read more about your rights at ico.org.uk/your-data-matters. If you would like to make a request relating to any of the rights above, please send a request in writing by emailing firstname.lastname@example.org. Please be aware that in certain situations counsellors may be unable to comply with the above requests. For example, if compelled to retain the records by a court of law. Please also be aware that there may be a charge for complying with a request if it is deemed to be excessive in nature.
If you have a complaint about how I handle your personal data please do not hesitate to get in touch by email at email@example.com. If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint.
Changes to privacy notice
This privacy notice may be updated from time to time.