This page is to tell you about the personal data I hold about you and how I use it. This is so that I am compliant with the EU General Data Protection Regulation (GDPR).
My registration with the Information Commissioner’s Office (ICO)
I am registered with the ICO as a data controller (registration reference ZA278789).
The purpose of processing your personal data
I process your personal data in order to provide you with psychotherapy, to contact you and to refer to in clinical supervision.
Lawful basis for processing your personal data
The GDPR requires me to identify the lawful basis for my processing data. This basis is my legitimate interests as a trainee psychotherapist working independently (Article 6(1)(f)). The category of personal data is ‘special category data’, i.e. data that is more sensitive and which needs more protection. Because it is ‘special category data’, I am required by the GDPR to identify a specific condition for processing it. This specific condition is that the processing is necessary for ‘the provision of health and social care or treatment’ (Article 9(2))h)).
The personal data I collect, how I use it and who I share it with
I keep a paper record of your name, phone number, address, email address, our agreement, a copy of any correspondence with you or your GP, your GP’s name, address and phone number in a locked place in my home.
Your initials, phone number and email address are on my smartphone. I use your phone number and email address to check, and sometimes change, the times of our sessions.
I write notes about our sessions on paper and keep them in a locked place in my home, which is a separate place from where I keep your contact details, etc. The session notes do not include your first or second name, nor your contact details. I also keep paper records of any emails or text messages that I consider significant as I delete these from my computer, webmail account and phone within six months. I also keep any completed questionnaires (these would not have your name on them) with these notes. I write my session notes to record our work together, for personal reflection and for discussion in clinical supervision. My supervisors are bound by the same rules of confidentiality as I am, and the GDPR, and in our discussions your anonymity is protected. Full names are not disclosed, nor identifying details.
I give a list of all my clients’ names and contact details to my clinical executor. He will be informed by my next-of-kin if I die or am suddenly taken ill and cannot contact you myself. He would then contact you. He would offer help as appropriate.
I may use your GP’s surgery details to contact your GP if I am concerned about your safety and wellbeing. I would hope to discuss this with you first, and to have your permission to contact him/her.
If I felt there was an immediate risk of substantial harm to yourself or others, I may judge it necessary to contact other appropriate professionals. Again, I would hope to do this with your permission.
If I were under a legal obligation to disclose information (for example, information related to terrorism or money laundering, or if I received a court order for disclosure) I would take professional advice and discuss the matter with you if appropriate.
How long I keep your data
I keep my notes of our sessions, and my paper record of your contact details for six years after we finish working together. Both are then shredded.
I delete your contact details on my smartphone as soon as we finish working together.
I delete text messages and emails from devices and my webmail account within six months of them being sent, but keep a paper record of any I consider significant with my session notes for six years after we finish working together.
Your rights You have the right to:
Cookies are used on this site