Privacy (GDPR) Policy

I (Nicola Pott) am the nominated Data Protection Lead and have overall responsibility for data protection. I am registered with the Information Commissioner’s Office.

 What information is kept about you:

The information that I collect and keep may be both personal and sensitive information:

Emails – This could be directly from yourself or via other websites such as Counselling Directory or BACP website.

Written information – I will keep brief notes which summarise the counselling session and process, this will also be kept in a locked filing cabinet and will be labelled with an anonymous code. 

Registration Document and Therapy Agreement Form – This is the form that records your basic details and the therapy agreement between us, which requires a signature. This will be kept in a secure encrypted proton mail account.

Telephone/ text contact – This is when you have called or sent a text which then indicates your phone number and whatever content you include I save using initials only.

Contact details - Your name, contact details and client code will be kept in a secure database called clinicalwill.app. Myself and my therapist trustee ( another fully qualified and registered counsellor/psychotherapist) will have access to this. A written list of client name and contact details will be kept in a locked container.

Accounts – Includes: Anonymous client code, date and amount paid. My accountant and HMRC may need access to this information. Kept on password protected computer and backed up on secure encrypted proton mail account.

Anonymised record of enquiries: Includes no personally identifiable details. Includes general theme of counselling issue e.g. ‘anxiety’ referral source e.g. ‘BACP’ and date. Kept on password protected computer and backed up on secure encrypted proton mail account.

 Why this information is collected and kept:

All information collected is for contact and contractual purpose. The legal basis for this is described in Article 6(1) of the UK GDPR legislation. I will use your name, email address and telephone to confirm appointments when needed and send information through for example techniques or helpful websites. My computer and phone are password protected. I will only contact your emergency contact if an emergency situation occurs during your session. The session notes enable me to fulfil my role as a counsellor/ therapist and fulfil professional and legal requirements. The spreadsheet containing the date, client code and amount paid will be used for accounts/ tax purposes. Your contact details will be used by myself in order to fulfil my contractual role as your counsellor/ therapist. If something were to happen to me and I were unable to let you know, my therapist trustee would access your contact details on clinicalwill.app so that they could inform you. If you consent to the cookies on my website, the website provider uses the information provided by the cookies to provide statistics that inform marketing. If you complete the contact form on my website your query is then emailed to me. The anonymous record of enquiries informs the focus of my practice and marketing.

 How long I keep this information:

All personal information other than the data spreadsheet, registration document, client notes and your therapy agreement, is deleted or shredded upon completion of counselling or 3 months after our last contact. The only exception to this would be if I were legally required to keep specific data beyond that point.

Who do I share your information with:

If something were to happen to me and I were unable to let you know, my therapist trustee would access your contact details so that they could inform you.

My accountant and possibly HMRC may need to see the database with client code, date and amount paid.

I would disclose your information in relation to safeguarding or protection from harm, where I would contact your GP or the appropriate authorities.  This would be discussed with you wherever possible.

I would disclose to law enforcement if you disclosed:  acts/intent of terrorism, money laundering, drug trafficking.

 Access to Your Personal Information:

You are entitled to access the personal information that I hold, so long as this would not be detrimental to you in any way. Please send your request to me using my email address.

 Security precautions taken:

When you give me personal information, I take steps to ensure that it is treated securely. My databases are password protected and all paper records are kept in a locked filing cabinet. Non-sensitive details (your email address etc) are transmitted normally over the internet and this can never be guaranteed to be 100% secure. As a result, though I strive to protect your personal information I cannot guarantee the security of any information you transmit to me, and you do so at your own risk. I encourage you to avoid disclosing any confidential information via email. 

Your right to withdraw consent:

You are entitled to withdraw consent at any time, please let me know by email. Please note that other than for the database of enquiry details, I would then not be able to go ahead with further therapy sessions (as the use of the data enables me to perform my contractual role as a counsellor/ therapist safely and legally and meet the ethical requirements described by the British Association of Counselling and Psychotherapy).

Your right to complain:

If you are concerned about the privacy of your data you have the right to complain to the Information Commissioner’s Office (ICO).

 Changes to this Privacy Policy:

I will keep my privacy notice under regular review and update it as needed. This policy was last updated May 2024.