My lawful basis for holding your personal information

There are different lawful bases depending on the stage at which I am processing your data. I have explained these below:

• If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information.

• If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract.

• The GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is that it is for provision of health treatment (in this case counselling) and necessary for a contract with a health professional (in this case, a contract between me and you).

 

What data of yours will I be storing?

• Your details (name, email address, home address, telephone number, date of birth)

• GP details, your health conditions and medication details

• Emergency contact information

• A record of the dates of your counselling sessions with me

• A record of financial transactions

• Copies of signed contracts and agreements

• Client notes

• Emails and other correspondence

 

How I use your information

Initial contact:

When you contact me with an enquiry about my counselling services, I will collect information to help me satisfy your enquiry (your name and email address).  If you decide not to proceed with me, I will ensure all your personal data is deleted within one month. If you would like me to delete this information sooner, just let me know.

 

While you are accessing counselling:

I will keep a record of your personal details to help the counselling service run smoothly. I will keep written notes of each session: these are kept brief with a short summary of the content, the day of the session, any emergency or safeguarding issues if they arose, and using an anonymised client code.  For security reasons, any email correspondence will be deleted after one month if it is not important. If necessary for me to keep, our correspondence will be stored on my Google Mail account.

 

After counselling has ended:

Once counselling has ended, your records will be kept for five years from our last session and then securely destroyed. I will keep them in a secure online folder, along with any email correspondence we had. If you want me to delete your information sooner than this, please tell me.

 

Breaking Confidentiality

Everything you discuss with me is confidential. This confidentiality will only be broken if I believe there is risk of serious harm to you or to others (e.g. informing a mental health crisis team if you declared intent to take your own life). I also have a legal obligation to pass on information about a serious crime, e.g. terrorism, drug trafficking, or in the case of protecting or safeguarding children and vulnerable adults. I will always try to speak to you about breaking confidentiality first, unless there are safeguarding issues or legal requirements that prevent this (e.g. in cases such as terrorism).

 

Data Security

I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept secure. I keep any data stored to a minimum and I store it securely, with password protection, encryption, and 2-factor authentication using the cloud-based storage system Google Workspace. I also use anonymised client codes with my notes. My website is hosted by Wix – if you complete a contact form on my website, your name, email address and message will be stored in a ‘Contacts’ folder automatically. I will regularly delete these submissions.

 

Third party recipients of personal data

I will not share your personal data with any third party without your consent, unless I need to break confidentiality for any of the reasons listed above. For example, your GP, a crisis team, the police, or child protection services. I use the following services which I may share your personal data with only if it was necessary:

• The ICO

• My supervisor

• I have a Clinical Will in place. In the event of an accident, severe illness, or my death, your name and contact details will be shared with my Clinical Trustee.

 

If I encountered an emergency and was unable to contact you myself, your name and contact details may be shared with a trusted person to inform you about the changes to our meetings. No other personal information would be shared.

 

Supervision

It is a requirement of my membership with the BACP that I attend regular supervision with a qualified supervisor to discuss my counselling work – my supervisor is an experienced counsellor. This is an essential element of any counsellor’s practice to ensure I am working safely and ethically, and that I am offering a consistently high standard of service. Client identities are not revealed in sessions, and my supervisor is also subject to the same ethical and professional obligations to protect your confidentiality as I am.

 

Your Rights

I try to be as open as I can be in terms of giving people access to their personal information. You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop processing your personal information. You also have a right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances. You can read more about your rights at ico.org.uk/your-data-matters  

 

You can ask me at any time to correct any mistakes there may be in the personal information I hold about you. To make a request for any personal information I may hold about you, please put the request in writing addressing it to: hello@rubyfarrell.co.uk

 

Electronic Communication

The security and privacy of any electronic communication between you and I can never be fully guaranteed, despite everything I have in place to protect it. As such, I advise you not to share any sensitive information with me via email.

 

Complaints

If you have any complaints about how I handle your personal data, please do not hesitate to get in touch with me by writing or emailing to the contact details given above. I would welcome any suggestions for improving my data protection procedures. If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint