The type of personal information I collect 
 

I currently collect and process the following information: Personal identifiers, contacts and characteristics (for example, name and contact details, text messages and emails containing details of your appointments, G.P name and address, medical history and any mental health diagnosis, medications etc.. Details of next of kin and any emergency contact numbers including work contact information. Website traffic markers (explained later) 
 

How I get the personal information and why I have it
 

Most of the personal information I process is provided to us directly by you for one of the 
following reasons: I must carry out assessments to comply with legal requirements, and for safeguarding purposes. Emergency contact details are required in the event of medical or other emergencies. I use the information that you have given me in order to assess whether you are suitable for counselling, or whether any signposting or referrals might be necessary. I take the details of your G.P in case I need to contact them in emergencies, or to let them know about any 
suicidal ideation / intentions, but this will only happen with your full consent unless you are 
a child or vulnerable adult. Please refer to the section about client confidentiality for further 
details about the law in this area. 
 

The lawful bases I rely upon for processing this information are: 
 

(a) Your consent. You are able to remove your consent at any time. You can do this by 
contacting me using the details supplied 
(b) I have a legal obligation.
(c) I have a vital interest.
(d) I need it to perform a public task.
(e) I have a legitimate interest 
I collect your data via the client assessment questionnaire that is completed by you during 
the initial enquiry process, and it is also recorded in the counselling agreement form I use. I 
collect information about why you are using the service, a small amount of medical 
information and a small amount of information about your important others, alongside brief 
session notes. This information enables me to provide a high quality service to you, ensuring 
that I am equipped with the knowledge of our previous discussions prior to each session. 
Your contact details / address and other details will only be used with your explicit consent. 
Please see my consent for treatment form for further details. If you wish to withdraw consent at 
any time then you are required to make this request known verbally and in writing using the 
email and phone number supplied to you during the onboarding process. 
If you have visited this website then you may have filled out the 'schedule a session' section. The website uses third party Google / Wix services that collect information that cannot identify you when you visit this website. This lets me know how many visitors visit the website, what country they are from, and how long they spend visiting the website.
 

How I store your personal information 
 

Your information is securely stored. 
Hard copies of all your paperwork are stored in a locked cabinet in a secure room. 
Online ‘cloud’ storage documents are password protected and stored within a password protected and encrypted ‘cloud’ server.
Text messages are secured with face and fingerprint technology as well as password 
protected. 
Email accounts and attachments to emails require a username and password. 
 

Your data protection rights
 

Under data protection law, you have rights including:
Your right of access - You have the right to ask me for copies of your personal information. 
Your right to rectification - You have the right to ask me to rectify personal information you 
think is inaccurate. You also have the right to ask me to complete information you think is 
incomplete. 
Your right to erasure - You have the right to ask me to erase your personal information in 
certain circumstances. 
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances. 
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that I transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, I 
have one month to respond to you. Please contact me using the supplied details if you wish 
to make a request.
 

How long will you hold my information for?
 

I am regulated by the B.A.C.P and my practise is insured by Protectivity. I am 
consequently regulatory bound to hold your data for 10 years* after your final session. This 
is unless you are a child, in which case I must hold your data until your 25th birthday. If you 
are 17 when treatment ends, we must keep your data until your 26th birthday. All records 
will be deleted in the January after the above retention scales. This is in line with wider NHS 
regulations for holding data.
 

What if I don’t want my records to be held for that long?
 

Under GDPR laws you can make a request in writing to me for all your records to 
be deleted. In this case all your paper records would be shredded with a cross shredding 
machine and any electronic data such as emails or text messages would be permanently 
deleted from the devices they are stored on. I would have to save the request for deletion 
you made but would not save any other data.
 

Is what we discuss kept confidential?
Everything we talk about during sessions is strictly confidential. To ensure I am doing my job 
effectively and you have the right support, I will discuss elements of your sessions with my 
clinical supervisor. During these discussions I will not disclose any details that may 
identify you to the supervisor, and the supervisor also adheres to the GDPR and confidentiality framework. 
 

Exceptions 
I do not give out any information about you to third parties unless:
I think that you or somebody else is at risk of serious harm then I may need to break 
confidentiality and tell a third party such as the police, a G.P or Social Worker. I would do 
this with your knowledge, and this is because I have a duty of care and a legal obligation to 
phone these authorities.
If I was issued with a police warrant, subpoena, or court order for your information, by law I would also have to provide your information. 
If you have signed a client waiver form.

The Terrorism Act (2000) requires that I disclose any belief or suspicion of terrorism. 

The Drug Trafficking Act (1986) requires me to disclose to the police any information of an individual making money through drug or sex trafficking. 

The Road Traffic Act (2000) requires me to disclose to the police any information to the police that might identify a driver in a traffic offence. In addition, if I became aware that you may be driving whilst unsafe (e.g through epilepsy, medical condition, drug or alcohol abuse) the law requires me to pass this information to the DVLA. 

If I receive a court order 

Any other person that you request me to inform, for example a Solicitor or Doctor 

If I believe there are grounds for taking action, it will be discussed with you (if reasonably possible) before any action is taken. I would also inform my Clinical Supervisor before any action is taken 

​

What if I see you outside of the session?
 

If you see me outside of a session my ethos is to smile at you and greet you with a “hello”, 
but I will not engage in any conversation to ensure your confidentiality. You are welcome to 
share with other people about the therapy you are receiving, but I am obligated by GDPR 
law to ensure your confidentiality is protected. I also ask that you do not disclose the 
identities of any other clients, should you happen to see another client on the premises. I
would request that in order to ensure the success of your treatment, that you refrain from 
discussing your treatment with me outside of your sessions.
 

What about other Health and Social Care Professionals?
 

As I adhere to GDPR, any contact relating to you with other health care professionals 
would only be made with your verbal and signed consent. For example, if I were to write to your GP for signposting or referral purposes I would only do this with your verbal and written consent. I will also ask you to sign a copy of the document to confirm that you agree to the details contained in it before it is then shared.
 

How to complain
If you have any concerns about our use of your personal information, you can make a 
complaint to me at cljbestlifetherapy@gmail.com. You can also complain to the ICO if you are unhappy with how I have used your data.
The ICO’s address: 
Information Commissioner’s Office
Wycliffe House
Water Lane 
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

 

To complain to the BACP (British Association for Counselling and Psychotherapy)

 

Submit a completed Professional Conduct Complaint Form along with supporting documents via email to

complaints.assessor@bacp.co.uk 

 

Professional Conduct Team,

BACP,

15 St. John's Business Park,

Lutterworth,

LE17 4HB.