General Data Protection Regulation (GDPR)
Privacy Statement about personal information kept, collected, stored, and processed.
The General Data Protection Regulation (GDPR) is concerned with the personal information about you that I collect, store, and share. This statement details my GDPR policy.
Personal information I collect:
I collect the following information in order to help me provide you with counselling and to maintain my accounts for billing and invoicing.
Personal details: Name, Address, Telephone and Email, Year of Birth (due to working with adults, children and young people)
How I may Process/Share your personal information:
I have regular supervision/consultation with other therapists, (psychologists, psychotherapists, counsellors, psychiatrists) for my own professional development and the wellbeing of those I support. I may discuss general details in these consultations, avoiding personal identification. The people I discuss my work with are bound by the same rules of confidentiality, code of ethics, and rules of GDPR. I also use a Personal Assistant who will only have access to contact information. No session notes are shared or able to be accessed. My PA is also under the ICO Data Protection Act.
Therapeutic Will:
In the case of my death, your name and phone number will be shared with my therapeutic executor. This is so you can be contacted if you are still in receipt of therapy with me.
Emergencies:
If I have reason to believe that you intend to harm another person/organisation (e.g. terrorism), or yourself, the law may require that I inform an authority without seeking your permission. In such a situation, the law may require that I share your personal information without your knowledge. I would always endeavour to discuss this with you in advance if possible or appropriate. It is also the law that a judge can request the release of clinical notes without your permission, and I would be bound by law to release them. Again I would discuss this with you beforehand should this occur.
Storage of Information:
Paper- Name and contact details on my therapeutic will, counselling contracts and notes using your assigned code, only if completed by hand. All paper files/notes are stored in a locked filing cabinet in my office at home.
Desktop Computer and emails- I have a folder on my computer that contains documents with your name and the agreed rate you pay me. I also have electronic records of your notes with your allotted code and electronic copies of your counselling contract. As you pay me via bank transfer or PayPal your name or account reference may show up in my bank statements. Should you require an invoice or receipt, your name and address will appear there. My computer is password protected.
Any contact made via Social Media will be limited and you will be encouraged to use email/phone/WhatsApp instead as I cannot be responsible for GDPR in relation to Social Media platforms.
I have your email address saved in my contacts list on my email account and a folder in my account where I store any email contact we have had. The email account is password protected.
Smartphone-I keep your phone number in my smart phone and retain any texts you have sent me which may include your email address. My phone is password protected.
Erasing your Information:
I keep electronic emails for the duration of our work together, after 6 months I erase/delete them from my email account. I delete/erase all SMS/text messages also. In line with my insurance, I am required to keep any written notes (handwritten or electronic) for up to 6 years after we have completed our work together. After this time has passed, I will generally shred the information. However, I may keep them longer in case you return to therapy.
You have the following rights:
To be informed of what information I hold (this document).
To see the information that I hold about you (free of charge).
To rectify/correct any inaccurate or incomplete personal information.
To withdraw consent to me using your personal information.
To be informed should I discover there has been a data breach of your personal information which could put you at risk.
To request your personal information be erased/deleted/shredded. I can decline if the information is needed for me to practice lawfully & competently, or if there is an adverse reason (such as a complaint or legal reason).
Complaints Procedure:
We are committed to providing a high standard of service and welcome feedback to help us improve. If you are unhappy with any aspect of our service, please raise your concern with us as soon as possible so that we can investigate and attempt to resolve the matter promptly and fairly. All complaints will be handled confidentially and objectively. We aim to acknowledge complaints within a reasonable timeframe (30 days), provide a clear response, and outline any actions taken as a result. If you remain dissatisfied with how your complaint has been handled, particularly where it relates to the processing or protection of your personal information, you have the right to contact the ICO for independent advice or to raise a concern.
Counselling Service & Confidentiality:
My counselling service is committed to supporting individuals in a safe, respectful, and confidential environment. Information shared during counselling sessions will be treated sensitively and handled in accordance with applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Personal information will only be collected, stored, and shared where there is a lawful basis to do so, or where there is a safeguarding or legal requirement. We ensure that personal data is managed responsibly, and individuals have rights regarding their information, including the right to access their data and raise concerns with the ICO if they believe their data has not been handled appropriately.
Ways to contact me:
If you have any concerns regarding the above, you can contact me via my email address: yourgentlethoughts@gmail.com
Gentle Thoughts Counselling 