The General Data Protection Regulation (GDPR) is legislation that comes into effect 25 May 2018. It’s purpose is to clarify how businesses and services collect, store and share information about you. This replaces the Data Protection Act.
This paper sets out what and how I collect, process, share and retain information about my clients.
.1.1 General Contact Details
1.2 Administrative Details
1.3 Therapeutic Information (Client Sheets & Notes)
1.4 Email Communication
Your and my emails may be saved in my email folders, although not necessarily all of them are guaranteed. If you require a partial or full set of email communication, please ensure to maintain your own records.
This document confirms that you agree for me to send you emails, messages or telephone calls that are confined to our professional relationship, timings, billing and other usual administrative necessities of working together. If you do not agree, we will need to find a mutually-agreed and mutually-convenient alternative method of contact.
I never share or forward client emails, their details, client email addresses nor email contents from clients to third parties unless there is a legal requirement for me to do so or agreement between you and me.
I never use your contact details for purposes other than for those supportive of our therapeutic alliance. I do not operate marketing mail lists nor do I run a subscription email list.
Please bear in mind that information you might send me (cold calls, cold emails and similar) in advance of our agreed contract to work together falls outside the confidentiality confines of a working relationship. However, I always work to treat all shared information with the utmost respect given that it is possible to do so. See next paragraph.
If I am sent or given information that may suggest forms of harmful activity, I am obliged by law to report this content.
Please note that email communication is not a guaranteed secure mode of information transfer. Bear this in mind if you consider sharing personal details with me by email.
If you wish, we can use an encrypted email service with protonmail.com, a Swiss service. You would need to open an account with them. At the time of writing, a free account is available.
1.5 Video Communication and Electronic/Tape Recording of Conversations
I never record nor store content undertaken by Skype and other similar modes of electronic ‘meetings’ unless by mutual agreement at the time. In return, I insist that no part of any session is recorded by you or your representative either via online software or other recording devices, such as a cassette recorder, smartphone or tablet computer without advance discussion and documented agreement to do so. This holds equally for face-to-face sessions where no recording by any party may take place without express and written permission with both parties to do so.
If you have concerns, please check the Privacy Policy of the software provider.
You are free to take paper notes, as am I.
1.6 My Website and Referring Websites
1.6.1 Cookies
Cookies are small files saved to the user's computers hard drive that track, save and store information about the user's interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website. Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.
My website uses cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer / device. This complies with recent legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user's computer / device.
On your first visit to my website, you will be presented with a pop-up notice that contains full details of each cookie and it’s function on my website, You may un-tick cookie types to disallow setting of that cookie on your computer. However, it may interfere with your ability to process links or website attributes without acceptance of those categories of cookies. I have disabled this pop-up on subsequent page loads. If you wish to see this again, please clear your browser cache and then reload the page and the cookies message will reappear.
Please review the pop-up Cookies notice for information about specific cookies my website uses and what their category of use they fall under.
Other cookies may be stored to your computers hard drive by external vendors when this website uses referral programs, sponsored links or adverts. Such cookies are used for conversion and referral tracking and typically expire after 30 days, though some may take longer. No personal information is stored, saved or collected. This website may contain sponsored links and adverts. These will typically be served through our advertising partners, to whom may have detailed privacy policies relating directly to the adverts they serve. Clicking on any such adverts will send you to the advertisers website through a referral program which may use cookies and will track the number of referrals sent from this website. This may include the use of cookies which may in turn be saved on your computers hard drive. Users should therefore note they click on sponsored external links at their own risk and this website and its owners cannot be held liable for any damages or implications caused by visiting any external links mentioned. My practice information and link to my website are available on various websites, such as British Association for Counselling and Psychotherapy (BACP) and the United Kingdom Council for Psychotherapy (UKCP). It may be possible to message me via these sites. You will need to check the Privacy Policy of these referring sites as to how they handle personal data especially if their software handles the messaging. I treat these forwarded communications like any other potential-client email; with respect and sensitivity.2.1 Session Notes
2.1.1 General Contact Details
These are stored within my synchronised Contacts software on my computer(s) and smartphone. These do not contain therapeutic information nor do they identify you as a client. If you wish for me to delete these when we end treatment, I will do so. Earlier deletion may impact on our ability to work together.
2.1.2 Administrative Details
These are stored within my Cloud-based accounting and invoicing software. Your name, address, email address, session dates, fees charged and paid and payment method are recorded. Other than session dates, no therapeutic process information is contained.
If you choose to pay by Paypal, Cheque or Bank Transfer, these details will be stored in relation to the transaction with the banks and Paypal. I do not utilise any other form of payment gateways. Electronic payment processing is directly between you and your bank or you and Paypal should you utilise these methods. I simply receive notice of these payments in my statements. For those who still write cheques, I do record details such as sort code, account and cheque number should I need to follow up paying-in.
If your therapy is being paid by a third party such as part of an Insurance claim, I will need to inform them of your session dates and attendance. If an external agency is involved, it will be necessary to discuss and agree with you any information I might be required to provide to the third party. As a matter of course, where possible, I would go through any information to be shared with you before sending out. This gives you the opportunity to point out any misunderstanding or what you might consider errors. These will either be corrected or a note made as to what you deem inaccurate.
2.1.3 Therapeutic Information
This is stored on paper.
2.1.3.1 Client Profile Sheet
This is stored in a lockable cabinet. You may request that I destroy this. However, bear in mind that this may interfere with our ability to continue working together.
2.1.3.2 Session Notes
Session Notes are anonymised via a client code to connect you to these notes. These are stored in a lockable filing cabinet separate to General Contact Details (2.1.1), Administrative Details (2.1.2), Client Profile Sheet (first part of 2.1.3) and Email Communication (2.1.4 below). If we utilise online communication software, there may be some crossover.
2.1.4 Emails
Emails are stored with the associated email server and my local client software.
Emails are usually backed up via Cloud email facilities. This includes attachments you have sent to me which I may also save locally. Encrypted Protonmail emails and any attachments are stored on the Protonmail webmail server.
I do not operate marketing mailing lists, nor operate email subscriptions.
2.1.5 My Website
Please view details of information on cookies (see 1.6.1 above).
3.1 Paper
3.2 Electronic
Your current rights are best found on the Information Commissioner's Office website: ICO Rights
Please bear in mind that some of these requests may impact upon our ability to work together. For example, you may request that I delete all contact data for you, but I would not be able to work with you without any means of contact.
We can discuss a mutually satisfactory means of establishing your agreement to this Privacy Policy. This may be by email or via paper copies.