Your privacy is important to me, and I take every measure to protect your identity under the Data Protection Act of 1998.
I am committed to complying with the terms of the General Data Protection Regulation, and to the responsible and secure use of your personal data. Confidentiality and Privacy are at the very foundation of my counselling service, and I endeavour to explain how seriously I take your privacy in this notice. I have a legitimate interest in processing personal data in order to provide enquirers helpful information about my counselling services. The lawful reason for me to process and store client data is by obtaining your consent which is “Best Practice” as spelled out in the British Association for Counselling and Psychotherapy (BACP) Ethical Framework.
The purpose of this Privacy Notice is to let you know what personal information I collect and hold, why I collect this data, how I keep that data secure, who I share this data with, how long it is kept and your rights over your personal data. It is my hope that with this notice you may be able to give consent for me to process your data should you choose to begin therapy.
This policy only applies to data collected by me via written and online forms. Third party agents, and websites which are linked to me, are not covered by this policy. If you have any queries concerning your personal information or any questions on my use of the information, please contact me on info@somaandsoultherapy.co.uk .
1. Data Protection Lead
1.1 The Data Protection Lead is me, Dominique Ucbas. I am registered with the Information Commissioner’s Office (ICO) and hold the ICO registration number: ZB526852.
2. Information about you
2.1 I collect personal information from you when you enquire about my counselling services over the phone, email, or when you fill in the contact form on counselling directories, or via my website, to answer your enquiry and set up an initial consultation. This information includes your name, contact details, your IP address, your availability and other relevant personal information.
I request this information to help understand your needs and to provide the best service to you. This initial contact data is deleted within 30 days if you do not use my services. If you do become a client, then I retain the initial contact details. I also collect information provided to me when you communicate with me for any reason. This may be collected in conversations (phone or in person), emails, sessions, when you fill in the Counselling Contract, and any other forms that may be of therapeutic benefit to you.
3. Reason for keeping Data
3.1 The lawful reason for me to keep client data is to comply with the British Association for Counselling and Psychotherapy Ethical Framework and is done through the Counselling Contract where I obtain your consent. Having a counselling contract demonstrates to the client the ethical principle of “Autonomy: respect for the client’s right to be self-governing” (BACP 2018).
Client data, which consists of names, contact details (phone numbers, email address, home address), Next of Kin, Client’s GP and GP Surgery, and medication, are collected on the Counselling Contract. The details which are optional are noted clearly on the form.
4. My use of this information
4.1 Your personal information will be used to provide you counselling and to give you information relating to my services:
• To provide you with the professional counselling service requested from and contracted with me.
• To notify you about changes to your appointments and other changes to my services.
• To seek feedback from you on your experience of counselling.
• To improve my service to ensure that it is provided in the most effective manner.
• To administer my service, including the arrangement of appointments, and the handling of payments for the service.
• In case of emergency in situations of high risk.
4.2 I will not share any information about you with other organisations or people, except in the following situations:
• Consent – I may share your information only with professional carers or others whom you have requested or agreed in writing that we should contact.
• Serious harm – I may share your information with the relevant authorities if I have reason to believe that this may prevent serious harm being caused to you or another person for example if there is a child or adult safeguarding issue.
• Compliance with law – I may share your information where we are required to by court order or lawful regulations and rules to which I am subject.
• As part of the backups of encrypted data processed and held by professional IT security companies.
• For the purposes of receiving supervision, a requirement in abiding with the BACP Ethical Framework. Process data (as opposed to factual data) is destroyed within 30 days of supervision.
5. Security
5.1 I will take all reasonable precautions to prevent the loss, misuse or alteration of information you give me. Your identifiable personal information is kept separately from any session notes and other descriptive material collected during the initial consultation and subsequent sessions. Any access to electronic records stored digitally is password protected and only accessed via an encrypted (secure end to end) connection. No personal data is stored outside of the European Economic Area (EEA).
Once a client finishes counselling, all data regarding their counselling is stored securely for 7 years and then erased / destroyed. If the client is under age 18 the client records are stored until they reach age 18 and then stored 7 more years. If the client is under age 14 then the young person’s parent or guardian must also give consent for counselling to take place.
5.2 For ease of use and compatibility, communications in connection with this service may be sent by email, however this is not always an encrypted form of communication and suggest you only submit information to me using an internet connection that you trust (not a public Wi-Fi service for example). E-mail, including forms submitted through directories and my website, unless encrypted, are not a fully secure means of communication: any transmission is at your own risk. Whilst I endeavour to keep my systems and communications protected against viruses and other harmful effects, I cannot bear responsibility for all communications being virus-free or being intercepted by hackers.
6. Your rights over your personal data
6.1 You have the right to see the information I hold about you. You also have the right to require me to correct any inaccuracies in your information. Please email me at info@sommaandsoultherapy.co.uk and allow up to 30 days for these requests. I will do my utmost to resolve any concerns you have, but if these are not resolved to your satisfaction, you may choose to contact the ICO in this instance.
6.2 You may withdraw your consent for me to hold and process your data at any time. However, if you do this while actively receiving counselling, the counselling would have to end. You can withdraw your consent by contacting me. You will be required to fill in and sign a request for erasure / deletion / destruction of personal data form and this form will be kept on record for 7 years.
Under certain circumstances, especially those outlined above in section 4.2 I may not be able to erase or destroy your records:
• If you’ve requested me to break confidentiality in order to communicate with your GP, another professional carer or another person, I may extend the data retention period for any personal data for which you’ve consented for me to share, and I may not be able to erase or delete your data even if requested.
• Your disclosure of past, present or potential safeguarding issue(s) may nullify any request you ask of me to erase or destroy your personal data especially data pertaining to the safeguarding issue.
• Your disclosure of past, present or intent on future crimes, of those listed in the Counselling Contract, may nullify any request you ask of me to erase or destroy your personal data especially data pertaining to the disclosure.