Freelance Counsellor & Psychotherapist (MBACP)
Email: email@example.com Tel: +44 (0)207 101 3249 Location: East London, UK
If any single change is notably substantial, I will reset this website’s ‘cookie banner’ to obtain fresh consent from returning visitors.
Additionally, you should periodically review the privacy policies of any third party providers highlighted in the ‘Use of online third parties’ sub-section below.
If you observe a change that is unacceptable to you, please contact me so that we can take the necessary action in line with your rights (see the ‘Your rights’ sub-section below).
Whilst the protection of privacy is ultimately achieved through the implementation of policy, my specific arrangements are guided by the following core principles.
End-to-end Confidentiality: You deserve to feel confident that every single aspect of your therapeutic journey, including any use of this website, benefits from being confidential
Minimised Exposure: You deserve to be assured that your data is captured transparently, in the most minimal form practical, is held securely for the shortest time necessary and is used only for the purposes for which it was provided by you
Compliant Practise: You deserve the protections provided by my adhering to the relevant laws and the Ethical Framework of my professional body (the British Association of Counsellors and Psychotherapists).
I adhere to the UK’s prevailing data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
The GDPR ensures your personal and confidential data is kept private and held securely and that it is processed in the way that you have agreed to. It protects your rights as a consumer of a service or product that might involve your identifiable data such as your name and address or whether you have a specific condition. It also covers any notes that I take during your therapy sessions as well as emails or texts that we exchange.
For legal purposes, I am the Data Protection Officer for the personal information I store about you. I am registered as such with the UK’s Information Commissioner’s Office (ICO) and comply with its data handling requirements. You can see my ICO registration here.
Limits on client confidentiality
Under UK law, there are some very specific and truly exceptional circumstances in which client confidentiality can be broken, namely:
Your disclosing of a serious or life-threatening risk of harm to yourself or others
Your disclosing of involvement in (or knowledge of) an act of terrorism or its funding
My receipt of either a disclosure order from a competent court or a coroner’s request.
Capture and usage of personal information
I only collect personal data that is:
Necessary for the good practise of Counselling and Psychotherapy so that we can engage effectively in our work together AND
EITHER provided to me through your use of this website and/or my therapeutic services OR generated in the normal course of you using my services (e.g. your appointments record will form the basis of your invoices).
I will keep a record of the following:
Some minimal medical information (e.g. your doctor’s name in case of an emergency during therapy and any current prescriptions)
Details generated in the course of using my services (e.g. your appointments record for invoicing purposes)
Any information contained in (or relating to) any communication that you send to me by whatever method (e.g. a client testimonial via this website’s ‘Feedback’ page)
Any other personal information that you choose to provide to me.
The purposes for which I will use your personal information are to:
Administer this website and my private practice (e.g. arranging appointments)
Enable your use of the therapeutic services described on this website (e.g. to arrange an initial assessment of your needs)
Send you billing-related information (e.g. invoices)
Send you non-marketing communications (e.g. emails addressing any enquiry or feedback that you have submitted).
If (and only if) you wish to write a review at any point for my website, it will be fully anonymised in the event that it is published here.
Use of online third parties
External sharing and cross-referencing
I do not and will not:
Share any of your personal information with a third party for any reason, except as may be required by the law (see ‘Limits on client confidentiality’ sub-section above)
Use any third party data sources (e.g. credit checking agencies) to cross-reference or enrich data collected by me.
International data sharing
At the time of writing, all of my private practice’s clients are in the UK and for them, international data transfers are not required or performed and are therefore not a privacy consideration.
Clients outside of the UK expressly agree to the transfer of personal information to the UK as described in this sub-section.
Hyperlinks to other websites
My website includes hyperlinks to, and details of, third party websites.
I have no control over, and therefore cannot be responsible for, the privacy policies and practises of third parties or their websites.
To prevent unauthorised access or disclosure, I apply appropriate physical, electronic and managerial procedures to safeguard and secure the personal information collected either online or in conversation.
Take reasonable technical and procedural precautions to prevent the loss, misuse or alteration of your personal information.
Store all the personal information you provide using a combination of:
Secure computers (with password, firewall and anti-virus/malware protection) AND
Paper records physically held in locked storage cabinets.
You acknowledge that:
The transmission of information over the internet is ultimately insecure and therefore I cannot absolutely guarantee the security of your personal data sent over the internet
Therefore there are circumstances in which your personal data may be intercepted, lost, corrupted or accessed by unauthorised persons.
My data retention arrangements are set out below and are intended to ensure that I comply with my legal obligations.
In general, I will retain paper and digital documentation containing personal data to:
Enable the provision of my therapeutic services
Enable my compliance with the law
Inform any prospective or ongoing legal proceedings to which I believe the documentation may be relevant
Establish, exercise or defend my legal rights.
Subject to the four preceding considerations:
I will keep written notes of each session in anonymised form, but will store them separately to your personal information that I hold
As a requirement of my insurance, session notes are kept for a period of 7 years after we have ended our work, after which they will be securely destroyed
Under UK law, you have the right to ask me to delete your data before 7 years have passed; please contact me if this is something that you want to action
Any emails or text messages will be deleted within 7 days of receipt unless there is a compelling reason to retain them (e.g. they form part of your clinical notes or are needed for tax purposes), in which case they will be kept for 7 years as above
Your telephone number will be stored on my (PIN-protected) business telephone until your final invoice has been settled, at which point it will be deleted; if I change my telephone, your details will be deleted on my old telephone and retained on my new one until your final invoice has been settled.
Your legal rights
In summary and subject to any overriding legal requirements and appropriate ID checks, your rights enable you to ask me, either verbally or in writing, to:
Provide you with any personal information I hold about you (which I must provide within one month)
Limit how I use your personal information or to stop processing your personal information entirely
Object to my use of your personal data in specified circumstances
Change or delete (as applicable) any incorrectly recorded personal data that I hold about you
Delete your personal information in its entirety.
You can read a more detailed treatment of your rights here.
If you wish to complain about how I hold your data, then in the first instance please contact me, Rumena Pervin, in my capacity as my Practice’s Data Protection Officer, at firstname.lastname@example.org.
If your concerns are not addressed to your satisfaction, then you can contact the UK Information Commissioner’s Office (ICO) here.
I will report any data breach to you, to the Information Commissioner’s Office and to the British Association of Counsellors and Psychotherapists within 48 hours of it becoming apparent that any personal data has been compromised.
10th August 2022