As a counsellor/coach at Solution Counselling, I have a legal responsibility to protect client privacy and ensure private personal information is used and stored in accordance with their wishes and legal rights. I am registered with the Information Commissioner’s Office (Reference ZA848532), the body upholding Data Protection in the UK (details at 11, below). I work to comply with privacy policies laid down by the ICO.
1. How I obtain and store your personal information
I obtain details of clients’ personal information when they:
Contact me to discuss and/or have Solution Focused sessions. Information may include email address, telephone number and Facebook details.
Complete and return Client agreement documents, containing details of Date of Birth, GP information and Emergency Contacts.
Share personal details in the course of Solution Focused sessions (see ‘Sensitive information’, 4 below).
2. Your consent to use and storage of your personal data
I can only store and use your data because you give consent to do so. This consent is implicit when you first contact me to talk about counselling or coaching services and becomes formal when you sign and return your Client Agreement with me before starting our work together. However, your consent can be withdrawn at any time, by contacting me direct. I will then delete all the information I hold for you.
3. How I use your information
I use your personal information to:
Provide an informed, responsive and personalised counselling/coaching service
Carry out follow-up checks I describe in your Client Agreement
4. ‘Sensitive information’
Sensitive information is defined as any information you share during our conversations together about:
Mental and physical health
Information about home location and lifestyle
Details about professional, personal and family relationships
Sexual history or orientation
Beliefs and religion
Use of alcohol, prescribed and non-prescribed drugs
Any criminal offences or alleged offences
I am bound legally and by my professional Code of Ethics to keep sensitive information secure and confidential and ensure it doesn’t come into the hands of any third party.
5. Third party information sharing
I will not share any your information with any third party, unless you give me formal consent to do so. However, situations might arise where I’m obliged to share your information without your consent, though I would always attempt to get this consent when possible. This exception to confidentiality applies in cases involving:
Risk to life
Details of these exceptions can be found at 11, below.
6. Third party information sharing: professional supervision
As a counsellor, I’m obliged to have professional supervision by another counselling professional, when I might discuss content of counselling sessions I’ve run. In that case, my Supervisor is bound by the same rules of confidentiality and I will keep the sharing of any information that could identify you to a minimum.
7. How I store your personal information
I keep written notes from our sessions in a locked cupboard at my address. All notes are identified only with a client number, the key to which is kept on my password-protected laptop. All other personal information, such as contact details, emails, texts etc is kept on my laptop and mobile phone, password protected and accessible only by me. For apple's GDPR policy relating to their products, see: https://www.apple.com/legal/privacy/en-ww/
For Google's GDPR compliant security relating to my password-protected Gmail account, please see: https://privacy.google.com/businesses/compliance/#?modal_active=none
8. How long I store your information
Unless you withdraw your consent to hold your information, I’m obliged by my professional body to keep all client records, including contacts such as emails and texts for seven years.
9. Sharing your information with third parties: exceptions
I will never share your information with any third party, unless the following apply, in which case I will ask for your consent to contact relevant professionals/organisations to ensure the safety of people involved:
Child protection: I am legally obliged to disclose information relating to welfare of a child where there is potential physical, mental, sexual abuse or serious neglect involving someone under the age of 18.
Court order: I am legally obliged to share information I have about you, eg if a Court requires me to do so through a Court Order.
Risk to life: I’m obliged by local and national safeguarding policies to share your information as needed to prevent serious danger either
To yourself (eg through suicide). In this case, I would contact your GP to make sure that you were able to get all the support you need.
To other people you tell me about during our sessions where I feel concern for their safety.
10. Your data protection rights
Under data protection law, you have the right to:
Ask for copies of your personal information that I hold
Correct (‘rectify’) personal information you think is inaccurate and complete information you think is incomplete.
Ask me to delete (‘erase’) your personal information.
You don’t have to pay anything for exercising these rights. If you make a request, I’m obliged to complete the request within one month. Please contact me at firstname.lastname@example.org if you want to make a request.
11. How to complain
If you have any concerns about how I use personal information, you can make a complaint to me at email@example.com. You can also complain to the Information Commissioner’s Office if you think your rights under GDPR regulation have been infringed or the processing our data doesn’t comply with the law.
ICO Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
The ICO’s address:
Information Commissioner’s Office
Cheshire, SK9 5AF
For any other questions, about how your data is processed or shared, contact me on catherine@solutionCounselling.co.uk or on 07980 595440.