GENERAL DATA PROTECTION REGULATION (GDPR)
My practice holds all data securely, in line with the British Association for Counselling & Psychotherapy's Ethical Guidelines and in accordance with the laws of England and Wales.
This policy is written with the intention of providing transparent information regarding how I, Emma Harris, controls and processes your personal and sensitive information.
To find out more about General Data Protection Regulations (GDPR) and your rights, please visit www.ico.org.uk
DATA COLLECTION & STORAGE
All client records except for my personal process notes (see below), are stored electronically using Bacpac, a client management software for counsellors and psychological therapists, which uses a secure hosting platform and is ISO 27001:2013 accredited.
"Client records" includes the signed therapeutic contract, the client information sheet, GDPR consent form, Core 10 assessment forms completed during our sessions and a log of session dates, accounts and brief session notes.
Personal information collected/processed may include:
Gender (or preferred identity)
Date of birth
GP name and contact details
Emergency contact name and details
Medical conditions relevant to counselling
Prescribed medication relevant to counselling
This client information is used as contact and emergency contact information while you are in counselling. I will only contact your emergency contact if there is a medical emergency during a session.
Other information collected/processed regarding clients may include:
Personal process notes made in anonymised form, identifiable only by unique client codes, will be stored electronically, in a password protected, encrypted file, on my personal computer . These notes are for my purpose only and are of a technical nature. Any information that is used in supervision is done in a way as to conceal the client’s identity.
Text messages: Your telephone number may be stored in my mobile phone (using a first name only) should we exchange messages this way.
Email: your email address and correspondence will be stored in my email account by nature of you contacting me.
All information collected is for contact and contractual purpose. I will use your name, email address and telephone to confirm appointments and send information through for example techniques or helpful websites. My PC, iPad and professional mobile phone are all password protected and I routinely delete email and text messages containing sensitive information once read.
DATA SHARING/SUPERVISION/IN CASE OF EMERGENCY
It is rare that any personal information would be shared with any other party without prior client consent, other than in a case of emergency or for the purpose of supervision.
I reserve the right to inform the relevant authorities, without seeking your permission, if I become aware of a significant risk of harm to you, the client, or any other person, likewise, if there is a legal obligation to do so (acts of terrorism, money laundering and drug trafficking).
As BACP registered counsellors, it is a professional requirement that anonymised client information is shared with clinical supervisors in order to maximise service provision to clients. Supervisors are held by the same privacy, data protection and confidentiality clauses as described here and in my contract.
Where there has been a breech to Emma Harris Counselling GDPR policy, for example data has been shared with a third party without consent or data has not been destroyed in a timely manner, the breech will be reported to the ICO within 72 hours.
The counselling directory and the BACP find a therapist provide robust information regarding their privacy policies and any processing of personal data to all users which can be found at https://www.counselling-directory.org.uk/privacy.html or at https://www.bacp.co.uk/privacy-notice/
Emma Harris Counselling’s website is hosted by Wix. For more information about how and why Wix store and share information please take a look at https://www.wix.com/about/privacy
I have a professional will in place, meaning that in the event of my death or sudden illness my therapeutic executor will be able to access my client records and will contact you and support you in finding another counsellor. They will take responsibility for all my client data under GDPR requirements.
Under the General Data Protection Regulations 2018, you have certain rights. These are:
To be informed what information I hold about you (i.e. this document)
To request to see this information at any time (This is facilitated by making a formal request.)
To withdraw consent to me using your personal information.
To request your data to be erased, limited or amended at any time, however there are exceptions to this where the information is needed for me to practice lawfully & competently and where insurance companies/ethical bodies request that records are maintained.
ERASING YOUR INFORMATION
Once a client has ended therapy I delete their contact details from my electronic devices and any remaining emails will be deleted and trash emptied. I will hold onto your clinical information for up to seven years past the end of our working together. This is so that I have a reference of our work in situations such as you returning to counselling in the future, and is a requirement of my insurer in case a claim is made. After this time has passed, I will delete entirely the information held electronically.
A printed copy of this statement will be given to you when we first meet for counselling. If we agree to continue working together, we will both sign the printed copy of this statement to indicate our agreement.