I take your privacy seriously and I am fully committed to ensuring that your privacy is protected.
Below I will let you know what information I hold about you, why it is needed, how it is collected and stored.
I am aware of and comply with The Data Protection Act (1998) and GDPR (2018)
Why am I collecting data?
I collect data solely for the purpose of providing my services as a therapist and for communication with clients using this service. Initially this is used to assess whether I am able to offer you counselling, and then to deliver effective counselling to you if therapy commences. If, after an initial contact, we decide not to work together, I will erase your personal information.
How do I collect data?
I collect your personal information via my website, via responses to my profile on counselling directories on which I am registered, over the telephone, in email correspondence and in person during our sessions.
How do I store personal information?
I will store your personal information both electronically and physically. Information is stored electronically on devices that are password protected and physically using paper records which are held securely and anonymised. All information is accessible only by me. Names and contact details are stored separately to any other personal information.
For how long will I retain it?
Digital data will be removed as soon as therapy has discontinued. All paper copies are retained for 5 years in keeping with my insurance requirements.
Your right of Access
You have a right to make a written request for the details of personal information that I hold on you. You can email me and I will be happy to share the records that I have for you.
Your right to lodge a formal complaint
If you believe that your rights under the GDPR regulation have been infringed, or that the processing of personal data relating to you does not comply with lawful regulation, visit the Information Commissioners Office to find out how such matters can be dealt with on your behalf. Their helpline is 0303 123 1113 or visit https://ico.org.uk/concerns/
Your right to rectification
If you believe that any information I am holding on you is incorrect, incomplete or needs updating, please email me with details and I will promptly make the right changes.
Can I request that you delete my personal information?
Yes, you can request for your personal information to be deleted either verbally, or in writing. There may be an administrative charge for this. I may also have the right to refuse to comply with your request, for example in order to defend myself in a claim situation, or to comply with my insurance terms and conditions, and I will let you know my response to your request within one month of receiving it.
What and who is your ‘data controller’?
Under GDPR regulations (2018) a ‘data controller’ is defined as the person in an organisation who ‘determines the purposes and means of processing personal data’. I, Steven Peters, am the data controller for ‘stevenpeterstherapy’.
My business is registered with the Information Commissioners Office, the UK authority for upholding data protection, (www.ico.org.uk). I am bound by their policies with regards to your privacy, as well as the BACP code of professional practice.
Who I share your information with:
Personal information such as website visits or telephone call data is shared with the website provider or mobile phone operator respectively. These providers operate under their own privacy policies, and these can be provided upon request.
I manage my practice myself and operate my business as an independent sole trader. I do not send newsletters or operate a mailing list, nor do I have any social media linked to my website.
Exceptions to the above:
I am required to have regular supervision with another professional therapist in order to keep the work safe, ethical and effective (under the guidelines of the British Association of Counselling and Psychotherapy), however I never disclose any personally identifying information about my clients within supervision.
It is not usually necessary for me to contact a client's General Practitioner, unless there are concerns about the medication or treatment that a general practitioner may be prescribing you, or if your GP is the gateway to enable you to access other healthcare that you need.
If I share any information with your GP it will be in collaboration with you, with the purpose of you getting better quality health care. I will always ask you for your consent before sharing any personal or sensitive information when liaising with, or making appropriate referrals to other health professionals who may be involved in your care.
I will also check with you what information you do and do not wish for me to share and ensure you have a copy of any email or report I send.
In exceptional situations a family member, partner or friend may contact me, but that could only happen if you decided to share my details with them. All actions from that point would need your full consent.
Legal exceptions to obtaining your consent
There are some situations where I would be required to share your information with third parties, without your consent:
• If I am required to disclose data about you, under a Court Order for me to do so.
• Child Protection; If I am concerned about the welfare of a child, i.e., where there are child protection issues relating to potential physical, mental, sexual abuse or serious neglect
• Risk to self or others
Disclaimer: Your role in protecting your own privacy
1. You acknowledge that the privacy of your communications and personal information can never be completely guaranteed when it is being transmitted over the internet.
2. You acknowledge and agree that you share information via the internet at your own risk.
3. You agree to take responsibility for your own role in safeguarding your data privacy in the email address you choose to use and whether or not you choose to password protect information you send to me.
Your privacy in our work together
Emailing each other After we have decided on an initial appointment I will usually send you a confirmation email detailing the venue, fee and other relevant practicalities.
Zoom and similar services have updated their privacy measures to ensure they are fully compliant with GDPR regulations 2018.
Sessions where we meet in person
The rooms I use on a weekly basis are dedicated therapy rooms, situated within mixed office spaces, and are discreet.
What type of information do I collect about you?
If we decide to work together, as a registered healthcare practitioner, I would be reasonably expected to have the following information in case of an emergency:
• Your name, date of birth and contact details
• Who should be contacted in case of an emergency (e.g. next of kin)
• GP name and practice address
Do I keep notes on clients?
Yes. All notes are kept electronically under a password protected file. The notes are minimal and for supervision purposes.
Contact me if you have any questions
If you have any questions or concerns about how your data is processed or shared, please do not hesitate to contact me by emailing me at email@example.com
If you have a complaint or concern about any aspect of your treatment, please let me know as soon as possible.
Please give me full details of your complaint and I will undertake to treat it seriously, deal with it promptly and learn from it by reviewing or, if appropriate, improving my standards.
Make your complaint to me either in person, by phone, by letter or in an email to firstname.lastname@example.org
I will investigate your complaint during the following few days and will aim to:-
1. Find out what happened and what went wrong
2. Make sure you receive an explanation and an apology if this is appropriate
3. Identify what I can do to ensure that this problem does not arise again
Raising concerns with my professional register
I am professionally registered with the British Association of Counselling and Psychotherapy (BACP)
If you feel uncomfortable complaining directly to me or do not feel that your complaint has been resolved to your satisfaction, you can find information on raising concerns with the BACP here; https://www.bacp.co.uk/about-us/protecHng-the-public/professional-conduct/how-to-complain-abouta-bacp-member/.
The BACP can also be contacted on 01455 883300 and by email at; email@example.com.