Privacy Policy – How I Manage Your Data
General Data Protection Regulations (GDPR 2018) classify me as a data controller and
require me to tell you how I protect your data. In the process of undertaking counselling
sessions, some of your personal data will be stored and processed. This document is
provided to make as transparent as possible how I use it, where I keep it and what I do with
it.
Information Collected & Stored:
In my role as a counsellor in private practice I complete a ‘Counselling Assessment’
document in the first session, recording information which could identify you, e.g. your
name, phone number, email address, home address and GP details. This is so I have
methods of contacting you. This contact information is in paper form and is stored securely
in a locked filing cabinet.
In case of my ill health this information in the ‘Counselling Assessment’ document can be
accessed by a nominated professional executor – a colleague who is a Registered Counsellor
– who will be able to access your contact details to inform you of my inability to work.
Your signed ‘Counselling Agreement’ document is stored on paper in a secure locked filing
cabinet with your contact information.
I also keep a record of the date of each counselling session and if required, notes regarding
the theme of a session, identified only by your initials. I use this to keep a record of our work
as it progresses. This information is kept on an encrypted word document saved on my
password protected computer.
Your phone number is stored by first name only on my phone which has a lock-screen
security code.
Data Retention / Deletion:
‘Administrative’ type texts or emails that you send me will be deleted once our work
together has finished. If I receive a more in-depth email relating to session content, then I
will store this electronically and password protect the document.
As advised by my therapist insurance any counselling records will be kept for 7 years before
they are deleted or destroyed securely.
Data Sharing:
As stated in my ‘Counselling Agreement’ document in the Confidentiality section, there are
limited situations where I may share your information, such as if I believe you or someone
else is at risk of significant harm. I would always inform you first that I need to share my
concerns with another professional, e.g. GP.
In rare cases I may be obliged by law to share any content of our sessions – this would be if
you disclosed matters relating to terrorism or money laundering. In this unlikely event I
would always inform you before doing so.
In line with my professional registration, I share client information in fortnightly Clinical
Supervision where only the necessary anonymised information will be shared, using only
your first name. Supervision, as well as adherence to professional guidelines, ensures that
our practice continues to be ethical and competent.
Access to Information:
You can request access to personal information (Subject Access Request) that I hold on you,
except in limited circumstances when I am not permitted to do so for legal reasons. I will
provide this information to you within 30 days. If you feel any information, I hold about you
is inaccurate, then you are able to ask me to update your information.
If you want me to delete information, then please inform me of this in writing and I will
endeavour to do so unless I need to keep it for legal or internal business purposes.
NGM Counselling updated 2023