PRIVACY STATEMENT
You may be aware of the General Data Protection Regulation (GDPR) that was introduced on 25th May 2018. This regulation requires me to provide new clients with a Privacy Statement to explain how I collect, process and store the information I hold about them. I also need to let my clients know their rights in relation to these details. As such, here is my Privacy Statement.
​
My Lawful Basis for holding and using your personal information: The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data; If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information. If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract. The GDPR also makes sure that I look after any sensitive personal information (known as ‘special category personal information’) that you may disclose to me appropriately. The lawful basis for me processing any special categories of personal information is that it is for provision of health treatment (in this case counselling) and necessary for a contract with a health professional (in this case, a contract between me and you).
How I use your information:
Initial Contact: I will collect your Name and Email address (or physical address if no email is available) so that I can send confirmation of our agreed appointment date and time as well as relevant fees directions to the practice. I will also use this Email / Address to provide a copy of my Privacy Statement and Therapeutic Agreement.
If your GP or other health professional sends me your details when making a referral or a parent or trusted individual gives me your details when making an enquiry on your behalf and you decide not to proceed I will ensure all your personal data is deleted within 30 Days. If you would like me to delete this information sooner, just let me know.
During our Initial Consultation Appointment I will collect further information about you including your: Date Of Birth, Address, Telephone Number, GP Surgery, Medication, information about any Previous / Ongoing Therapy, Medical / Mental Health History, What brought you to Therapy and your Therapeutic Goals.
While you are accessing counselling: Rest assured that everything you discuss with me is confidential and that confidentiality will only be broken if I have a professional or legal obligation to share. Reasons for this include if I believe a client is going to harm themselves or others and reasons relating to child protection or serious crime. I will always try to speak to you about this first, unless there are safeguarding issues that prevent this. I also attend mentoring sessions with a Supervisor during which details of cases that I am working with may be discussed but your personal identity will never be disclosed. I will keep a record of your personal details to help the counselling services run smoothly and these will not be shared with any third party.
After counselling has ended: Once counselling has ended your records will be kept for a minimum period of five years (as required by my Liability insurance) from the end of our contact with each other and are then securely destroyed.
​
Third Party recipients of personal data: Your information will not be shared with any third parties unless for the reasons previously stated.
Your Rights: Are as follows:
-
Access - You have a right to see and request a copy of any information that I hold about you.
-
Rectify - You can ask me at any time to correct any mistakes there may be in the personal information I hold about you.
-
Erasure - You have a right to ask me to delete your personal information, however as I must comply with my insurance, this can only be done after the minimum 5 year period.
​
You can read more about your rights at ico.org.uk/your-data-matters. To make a request for any personal information I may hold about you, please email me at hmstherapy@protonmail.com.
​
If you have any issues about how I handle your personal data, you have the right to complain, in the first instance to me. If your complaint is not resolved to your satisfaction, you can contact the ICO, which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint.
Data Security: I may collect information from you through written records or electronically I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept secure. All written records are stored in a locked filing cabinet. Any electronic data is stored on a password protected phone or laptop. The phone is separate to my personal phone and my emails are encrypted. I may use Dropbox (a secure file storage system) to store some electronic data. In this case, any documents saved are also individually password protected.
​
Visitors to my website: My website was created by and is hosted on the Wix.com platform. When someone visits my website, Wix software tools are used to measure and collect session information, which may include page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page.
This information is only processed in a way that does not identify anyone. I do not make, and do not allow Wix to make, any attempt to find out the identities of those visiting my website.
I use legitimate interests as my lawful basis for holding and using your personal information in this way when you visit my website.
I use Wix.com Analytics so that I can continually improve my service to you. You can read Wix.com's Privacy Policy here.
Like most websites we use cookies to help the site work more efficiently. No user-specific data is collected by me or any third party. If you complete the contact form on this website, that data will be temporarily stored on the web host before being sent to me.
I am registered with the Information Commissioners Office (ICO), Reg No: ZB040171
This policy will be reviewed and updated with any changes that may occur or be required by Law.
V.1 Jan 21