Privacy Notice

As a UK professional counsellor registered with the BACP, I am a self-employed sole-trader, and I am registered with the Information Commissioner’s Office. This means I am legally bound to hold your personal details and story carefully and confidentiality under The General Data Protection Regulation (2018).

GDPR requires me (“the data controller”) to let you know how I store and keep your personal information safe, and what your rights are.

The type of personal information I collect:

I currently collect and process the following information:

  • Personal identifiers, contacts, and characteristics. This is information I need to collect to perform my service for example, your name, date of birth, address and contact details.

  • Economic and financial data. This is information I need to collect in order to agree a discounted fee for counselling. For example your latest 3 months of bank statements.

  • Special category data. This is information you may choose to disclose to me during your counselling sessions for example, info regarding your racial or ethnic origin, gender reassignment, health issues and diagnoses, religious or philosophical beliefs, sexual orientation, and whether you have any criminal convictions or offences.

    How I get the personal information and why I have it:

    The personal information I process is provided to me directly by you in order for us both to perform the counselling contract and develop our therapeutic relationship. In some cases personal information about you may be provided to me by another person. EG: your referrer, a health professional, or a member of your social network. I will let you know if this is the case.

    I use your personal information to:

    • Conduct a written assessment and start to get to know you, to decide if I can meet your needs and agree your therapeutic goals.

    • Assess whether you qualify for the discounted fee rate if your total household income is under £24,999 per year.

    • Send you the onboarding contracts and agreements.

    • Have brief communication with you to make any necessary changes to the counselling contract and confirm any agreements we make.

  • Process your payments.

  • Set up digital calendar appointments, with a video call link if this is your agreed method.

  • Keep track of our work together, and your progress towards your goals in the therapeutic contract.

    Lawful basis to process your information:

    Under the UK General Data Protection Regulation (UK GDPR), the lawful bases I rely on for processing this information is that:

  • I have a contractual obligation.

  • I have a legitimate interest. How I store your personal information: Digital Records

    I securely hold some of your information on my private laptop. I use password protection and encrypted folders. I install anti-virus software. When not in use, my laptop is stored in a locked safe with a passcode. My passwords and passcodes are strictly private and confidential, and known only to me.

    Written Records

    I securely record some of your information on paper form, and when not in use it is stored in a locked safe with a passcode which is known only to me.

    Communication Methods

  • Emails: I use a secure hosted email service set up by the providers of my website, Webhealer. I also use a Gmail webmail account which is safeguarded by Advanced Protection (Google’s strongest account security). Both email providers have the strongest Transport Layer Security (TLS) possible to make sure email data is protected. TLS is an encryption protocol that protects data when it moves between computers. However, a secure TLS connection requires that both the sender and recipient use TLS. If the receiving server doesn't use TLS, the email providers will still deliver messages, but the connection isn't secure. So, for your peace of mind please check if your email provider uses TLS to send and receive messages.

  • Phone calls and messages: I use Whats App & Signal apps which mean messages and calls are end-to-end encrypted (the gold standard level of security protection).

  • Video calls: These are currently hosted through Zoom and are end-to-end-encrypted.

  • How long I store your information for:

    All client records are stored for 3 years after ending your counselling sessions, as advised by my insurance company.

Who has access to your records:

  • Yourself, under GDPR Legislation.

  • A court, with a court order.

  • A coroner.

    Your data protection rights:

    Under data protection law, you have rights including:
    Your right of access - You have the right to ask us for copies of your personal information.

    Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

    Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.

    Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.

    Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.

    Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

    You are not required to pay any charge for exercising your rights. If you make a request, I have one month to respond to you. Please contact me at marchlisa@icloud.com if you wish to make a request.

    How to complain:

    If you have any concerns about the use of your personal information, you can make a complaint to me at marchlisa@icloud.com

    You can also complain to the ICO if you are unhappy with how we have used your data. Information Commissioner’s Office
    Wycliffe House
    Water Lane

3

Wilmslow Cheshire SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk