Privacy Notice ‐ June 2018

This is the privacy notice of Gill Kaye at Hemel Counselling.

Introduction

I am committed to protecting all information that you share with me by being a good custodian of all your information (both personal and sensitive), handling it in a responsible manner, and keeping it secure and confidential. I understand that all my clients and visitors to my website are entitled to know what happens with their personal information, so, this notice is aimed at providing transparency and details of my practices to help you make an informed choice about working with me. This Privacy Notice and my practices comply with the new Data Protection Law 2018 (GDPR). I am registered with the Information Commissioners Office (ICO).

Definitions:
Personal Information ‐ anything that can identify you (name, contact details, DOB)
Sensitive Information ‐ any information about your race, culture, political opinions, religion, mental health, physical health, sexual life
Processing information includes collecting, storing, reading, archiving, disclosing, sharing, deleting, editing.

The legal basis for processing information

I generally process all information under a combination of contract and legitimate interests. For certain processing (e.g. disclosure and sharing) I will ask for your written consent.

Contract:
When you become a client or supervisee, a contract is formed between us, this is called the counselling / supervision agreement. You are entering this agreement voluntarily with the expressed wish that I have your information to provide my services to you.

Legitimate Interests:
It is reasonable to expect a counsellor or supervisor to be privy to both personal and sensitive information. In fact, the service I offer necessitates having such information; I would not be able to do my job without the information.

As well as needing your personal information to contact you to arrange sessions, professional standards require me to keep confidential records of our time together.

Consent:
In some circumstances I will ask for your consent; this will be generally around the area of disclosure and sharing. For example, for clients, I ask you to sign giving your permission for me to contact you GP if I became seriously concerned about your wellbeing. For supervisees, I ask you to sign giving your permission for me to contact your line manager, professional body or training organisation if I was concerned about your practice.

If you wish me to write a report or confirm that you are having sessions with me then I would need your explicit consent to disclose this information; I will usually get this in writing.

If you are making an email enquiry to me and are requesting a response, your consent is implied.


Contacting me:

When making initial contact with me, whether by telephone, by post, through my website or by e-mail, I collect your contact information in order to reply with the information you need.

Any IP addresses, left by electronic communication or website browsing, are not used or passed on by me. Please be aware that my internet provider may keep logs.

If you need to contact me between sessions please be aware that emails are vulnerable to human error and viruses and are probably better kept for less sensitive information such as arranging session times. Anything of a more sensitive nature may be better kept for telephone or face to face conversations.


How I store information:

Your personal identifiable information is kept separate to any session records which may contain sensitive information, so that your identity is protected.

Information is kept brief and relevant, and is intended for my sole use for the purposes of providing counselling or supervision services and for accurate record-keeping.

All information in paper form is kept in a locked filing cabinet; electronic information is held on a PC which is password protected and has up-to-date anti-virus software. Session records containing sensitive information are kept on an encrypted memory stick and are not identifiable without a cross-referenced code.

Contact details on my work phone are protected by a PIN.


Confidentiality of information:

Trust and confidentiality are an essential part of my work. All information shared with me is treated respectfully.

Your first name and contact details are given to a trusted counselling colleague (with your consent) so they can contact you in any event that prevents me contacting you myself. They will inform you of why I am unable to contact you and support you in any further decisions depending on the circumstances.

To comply with professional standards, I have regular supervision; their focus is to assist my work and ensure I am working professionally to the best of my ability; they treat all information confidentially and are not given your full personal information.

In the event of serious harm to self or others, or for safeguarding issues, I will break confidentiality to alert a third person who can help prevent this harm. For clients this may mean your GP or emergency services; for supervisees this may mean your professional body.

If your referral comes through another agency; confidentiality may be held within the agency as well as myself. They may require me to send reports or session notes.

I will not otherwise share information with any other third party without your permission unless ordered to do so under any legal obligations.


Legal obligations:

I am subject to the law like everyone else; sometimes, I must process your information to comply with a statutory obligation (e.g. disclosing any terrorist activity to the relevant authorities).

I may be required to disclose information to the police or the courts if they have the proper authorisation such as a search warrant or court order.


Retention of information:

Contact details on my phone are deleted as soon as our contract has ended.

Contract forms and session records are kept for 6 years from the end of the contract.

I destroy all paper information by incineration and all electronic information by permanent deletion.

I keep a set of statistics on an ongoing basis; this is when you were seen and for how many sessions. Contact details and session records are not kept beyond 6 years.


Your rights:

This Privacy Notice hopefully satisfies your right know what happens with your information. Any further questions you may have please feel free to ask me.

Please keep me informed of any changes to your information; so that it can be kept accurate and up to date.

You can request to see any information including session records; we can talk about this further in a session. You will need to give the request in writing and then I would have one month from the date of the request to show you the records.

If you make a request to have certain information not recorded or deleted, prior to the 6 years, I will give this reasonable consideration; however, I may not be able to uphold these requests based on legitimate interests of professional record keeping.


Information breaches:

If an information breach occurs that is likely to cause harm or distress then I will notify the ICO within 72 hours of discovering the breach. I may also inform the individual(s) concerned.

I will keep records of any breaches and actions.


How you can complain:

If you are not happy with my privacy policy or if you have any complaint with respect to how I process your information then you should tell me. This may be able to be resolved through communication together.

If you are in any way dissatisfied about how I process your personal information, you have a right to lodge a complaint with the Information Commissioner's Office.


Review of this Privacy Notice:

I may update this Privacy Notice from time to time as necessary.