My lawful basis for holding and using personal data
The DPA (2018) and the General Data Protection Regulation (UK GDPR) require that all organisations that store personal information about people may only do so provided that the information is processed lawfully, fairly and in a transparent manner; collected for specified, explicit and legitimate purposes; adequate, relevant and limited to what is necessary; accurate and, where necessary, kept up to date; kept in a form that permits identification of information subjects for no longer than is necessary for the purposes for which the personal information are processed; and processed in a manner that ensures appropriate security of the personal information.
My contractual obligations to you as a counsellor / psychotherapist are the lawful basis for my processing of your personal information. If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data, where it is necessary, to assess whether I am able to offer you psychotherapy in the first place, and then, if the therapy commences, to guide my clinical decision-making during therapy and for the performance of our contract.
How I will treat your personal information
I will treat your personal information in a way that is compliant with the DPA and the UK GDPR. The lawful and proper treatment of your personal information is important to me. I will never use your personal data for any purposes other than the administration of the therapy service that I am providing to you i.e. to arrange, cancel and rearrange appointments. I will only retain your personal information for as long as is necessary. This is in line with guidance from the Information Commissioner’s Office.
Special Category Personal Information
Special category information is defined by the UK GDPR as being information that is more sensitive than other personal information, and therefore requiring of higher levels of protection. Examples of this type of information could include information about your health, race, sexuality, sex life, or religion.
In order to lawfully process special category information, I am obliged to identify a specific condition for processing it under Article 9 of the GDPR and communicate this to you. With this in mind, the condition of the UK GDPR that I apply to the processing of your special category information is that it is ‘pursuant to contract with a health professional’. This means that, if you begin counselling sessions or psychotherapy with me, or ask me to assess whether or not you are eligible for me to offer psychotherapy to you, then I will likely need to process some special category information about you. Usually, this is information about your mental health, and I need to process it in order to fulfil my contractual obligations to you in delivering safe, effective psychotherapy. The lawful basis for me processing any special categories of personal information is that it is for provision of health treatment (in this case therapy sessions) and necessary for a contract with a health professional (in this case, a contract between me and you).
How I will collect your personal information
I will collect your personal information in the following ways: via my website www.cigdemberrett.com, over the telephone, via email, in writing, and in person during our meetings.
How I will store your personal information
I will store your personal information both electronically and physically. Personal information is stored electronically on devices that are password and/or fingerprint I.D. protected, and in files that are further password protected and only accessible by me. Names and contact details are stored separately to other personal information (anonymised format). Information is stored physically using paper records held securely in locked storage in an anonymised format. These records are also only accessible by me.
How long I will store your personal information
I currently keep records for up to eight years after the end of therapy. Retaining your therapy notes ensures that I can continue to offer you an efficient service if you make contact after therapy has ended. Your therapy notes do not include any personal details that could be used to identify you and continue to be stored securely in a locked filing cabinet that only I have access to for eight years after therapy has ended. Eight years after therapy has ended your therapy notes will be confidentially destroyed.
What types of information I will collect about you
I will collect several types of information about you and in several different ways. When you visit www.cigdemberrett.com I will collect the following information about your visit; location, search engine, date, time, web pages visited, and device.
If you request an initial consultation using the web form on www.cigdemberrett.com, I will collect the following information: name, email address, date, and time. During the initial consultation, I will ask you over the telephone to provide me with the following information: name, availability, the psychological issues that you would like to address, and symptoms.
If you contact me to book your first appointment, I will collect some brief information. This will include your name so that I can book the appointment into my diary and also a contact method, for example an email address or phone number. This information is requested so that you could be informed if I was unable to attend an appointment due to unforeseen circumstances.
If you do not want to be contacted under any circumstances, you do not need to provide a contact method. Alternatively, an organisation such as your employer may send me your details when making a referral or a relative may give me your details when making an enquiry on your behalf. If an enquiry is made and you decide not to proceed, I will ensure that all of your personal data is deleted within one month. If you would like me to delete this information sooner please let me know.
Once your therapy commences, I will collect further information from you. My records include your Contact Details form, Personal History form and Session Notes (dates, attendance and a line or two about the session).
At the beginning of your first appointment I will ask you to complete a Contact Details form containing your name, address, date of birth, contact information and also contact information for your GP. Please be aware that I will not routinely contact your GP to inform your GP of your attendance as your attendance is confidential. To fulfil my duty of care towards you while also maintaining your confidentiality I will only contact your GP if it is necessary and should these circumstances arise I would discuss this with you wherever possible before contacting your GP.
The session notes are brief notes of our therapy sessions for the purpose of assisting our work together. The notes help me to keep track of the issues that we are working on and they are for my use only. The notes do not include any personal details that could be used to identify you and they are stored securely.
Personal History record includes details such as previous therapy, current medication, network of support, financial and employment circumstances, health and physical issues, alcohol and drug use, appetite and sleep and overview of your family situation in order to guide the psychotherapy work.
The above-mentioned records are kept separately and securely (either encrypted and password protected digitally or stored in a locked filing cabinet that can only be accessed by me). The executor of my ‘Therapeutic Will’ also has your contact details to use in an emergency if I cannot practice. I will ask for your signed consent to hold your information.
Third party recipients of personal information
I will never pass on your contact details to any third party organisations for the purposes of sales, marketing or research.
If your appointment is funded by a third party, for example, your employer, the only information shared will be for invoicing and payment purposes (i.e. the dates of attendance and non-attendance). Details of what is discussed in the sessions will remain confidential and can only be shared if you give me your written consent to do so.
Confidentiality will only be broken under certain exceptional circumstances. For example, if you disclose abuse / neglect of a child or vulnerable adult, or say something else that implies serious harm to yourself or others, or if a court of law requires me to disclose information. As a counsellor / psychotherapist, I am required to have regular supervision. I may discuss our work with my supervisor without sharing any identifiable information about you.
You can request access to the personal information that I store and process about you. You can request corrections to be made to the information held or for your personal information to be deleted. You can also ask me to restrict the processing of your personal information or to object to the processing of it altogether in some circumstances.
If you would like to make a request relating to any of the rights above, please send a request in writing by emailing firstname.lastname@example.org.
Please be aware that in certain situations psychotherapists / counsellors may be unable to comply with the above requests (i.e. required to retain the records by a court of law). Please also be aware that there may be a charge for complying with a request if it is deemed to be excessive in nature.
I hope that the policy outlined above will be sufficient to reassure you of the security of your personal information. However, if you wish to complain about how I handle your personal data please feel free to get in touch by email at email@example.com. If your complaint is not resolved to your satisfaction you can contact the Information Commissioner’s Office https://ico.org.uk/concerns/handling or Tel 0303 123 1113.
Changes to privacy notice
This privacy notice may be updated from time to time.