General Data Protection Regulation
This privacy notice explains what personal data I collect from you and how I store and process it as part of the counselling services provided by Trudie Johnston.
In the course of my practice I will collect, process and store personal data as a data controller.
As a counsellor, I want everyone that comes to me for support to feel both comfortable and confident about how the information that they share with me will be used and looked after. Therefore I would like to reassure you that I adhere to the laws and procedures relating to the General Data Protection Regulation (GDPR) 2018 and will only use your personal information to provide you with counselling services. I am registered with the Information Commissioner’s Office (ICO) registration reference ZA617270.
The General Data Protection Regulation (GDPR) 2018 also makes sure I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is that it is for the provision of counselling and necessary for a contract between us.
Personal Data that I collect:
- Date of Birth
- Preferred contact (telephone/e-mail/text)
- Emergency contact name
- GP details
- Medication details
- Health/previous counselling history
How I store information:
- Personal data. Details will be handwritten and kept in a locked cabinet. If counselling is not undertaken, or followed up within two months then the data will be shredded.
- Client notes. I will keep brief written notes of each session, these are anonymised by a client number and kept in a separate locked filing cabinet. * Client Notes are in the process of being stored digitally. Saved independently on a secure drive. Fully encrypted and held in a secure location. Secure back-up.
- Record of appointments in a diary (book). Appointments are booked using client ID number only. When not in use my diary is kept in a locked filing cabinet.
- My mobile phone is used solely for counselling purposes and is password protected.
How long I keep your data:
- II have a suggested retention period of seven years in respect of contact Information and client notes, although it is under periodic review.
Why do I keep your data:
- I will keep a record of your personal details to help with the smooth running of our counselling sessions.
- I collect personal information regarding details of someone who you have agreed I can contact in an emergency, your GP, any medication or health details, which is kept for safety purposes. Your GP and/or agreed emergency contact would only be contacted in a medical emergency, if I thought you were at risk of harm and I would always try and talk to you about this first.
- The retention of client notes is necessary for legal reasons, in the event of any criminal prosecution, civil litigation, insurance claim or complaint to my regulatory body. Therefore the client does not have the right to erase these notes, once counselling ends.
Sharing data – Confidentiality
Confidentiality is taken very seriously and data is not normally shared, however, in keeping with the law and good practice guidelines, there are some situations where information may need to be shared:
- If I feel you are in danger of serious harm to yourself or to other people, I have a legal duty to inform outside agencies, for example your GP, the local mental health crisis team or the Police, I may also contact your agreed emergency contact.
- Safeguarding purposes. If I thought a child or vulnerable adult was at risk I would be legally required to notify the relevant authorities, without your consent.
- If you discuss involvement in serious criminal activity, such as terrorism, money laundering or drug trafficking I would be legally required to contact the relevant authorities without your consent.
- Compliance with the law. A court of law can request information about you even without your consent, although this is very rare and something I would try and discuss with you first.
- Data may be shared with my regulatory body and/or insurance company in the event of a complaint being made against me.
- Supervision. I attend regular clinical supervision which is a requirement of my regulatory bodies (NCS & BACP) to ensure my practice remains safe and ethical. Some client details may be shared with my supervisor, but no names are mentioned.
COVID-19 – Test and Trace System.
(Face to face clients). In line with the NHS Test and Trace System and Government guidelines, I may be required to disclose your name in the public interest, if you, myself, a member of my household, or another client contracts COVID-19. Also the Government recommends that businesses keep a temporary record of clients and visitors that have visited in the last 21 days.
- The right to access. You have the right to ask for a copy of your personal information, free of charge, at any time. If you would like to do this please talk to me in person or contact me using the contact form.
- The right to rectification. You may update any of the information I hold for you at any time. I will amend them immediately.
- The right to erasure. You may request that I erase your data. I will comply within 30 days unless it is information I need to keep for legal reasons.
- The right to data portability. Your data is retrievable and may be able to be moved if necessary.
- The right to complain to a supervisory authority. If you believe I have contravened the GDPR, you may contact the ICO.
- The right to withdraw consent. You may withdraw your consent for me to hold your information. I will comply immediately unless I cannot for legal reasons.
Changes to this policy
I may edit this policy from time to time. If I make any substantial changes I will notify you by posting a prominent announcement on the website.
Last updated October 2021