Privacy Policy

I am registered with the Information Commissioners Office ( ICO) which means I am required to tell you what data I am collecting from you as a client or supervisee and what I intend to do with it under General Data Protection regulations ( GDPR) which came into effect on 25th May 2018.

I reserve the right to modify this privacy policy at any time, so please review frequently as changes and clarifications will take place immediately when posted on this website.

Data I keep and why I keep it

Registration Form

This is a paper document that includes the following:

  • Name
  • Contact details – home address, email address, phone number. I use these to contact you regarding your sessions and preferred contact method.
  • General Practitioners detail. If I became concerned that you or someone else might come to harm, I might need to contact your GP. This contact would be discussed with you beforehand if possible.
  • Emergency contact name and number. The name and contact of the person you would like me to call in an emergency.

Clinical Notes

This is a paper document. It is a requirement of my professional organisation (BACP) that I keep notes whilst we work together. These are brief and assigned to a unique code. These notes may contain personal sensitive data. Any relevant information from our email or text messages will also be recorded on to your paper notes.

Unique Identification code

Your name is linked to a unique encrypted identification code on my Computer which is password protected. The information is used to keep a record of the number of clients that I am working with at a particular time and for accounting purposes. This is separate to your paper notes and contact information.

Privacy Policy Consent Form

This is a paper document, this document is signed by you the client, to give me permission to collect and store information.

Mobile Phone / Portable devices / Personal Computer

In order for me to contact you, with your permission, your email and phone will be stored and password protected. These details may be held for an indefinite period after our work together unless you request otherwise.

Who will I share data with and for what purposes

I will not share you information with any organisation unless:

  • My notes are subpoenaed by a court
  • If I feel that you or anyone else may come to harm
  • My professional body recommends that I appoint a Therapeutic Executor. This is a senior colleague, who should an unfortunate life event means that I can no longer work with you will be given access to your details in order to contact you.

How I store your data

  • Personal data I keep on paper is stored in a locked filing cabinet.
  • Your unique ID code is stored on my personal computer, which is password protected.
  • Your email address will be stored within my electronic media, which are passcode protected.
  • Your contact details and email address will be held within Apples iCloud Storage which is password protected.

Data Retention and Disposal

Your paper data such as session notes and registration form may be kept for up to 6 years. After this time they will be shredded. This is on the advice of my insurance company.

I do not normally record any session data electronically. In the event that data is stored electronically, it will be deleted after a period of 6 years or earlier at your request.

Email and text messages contact details will be stored and password protected indefinitely unless you request otherwise.

Your Rights

Under GDPR you are entitled to the following:

  • Right to be informed

Regarding how your data is held, for how long and of any breaches of data confidentiality.

  • Right to Access and update records

You have the right to ask for a copy of the personal information I hold free of charge

for the initial request and to receive this within 30 days from request. You also have the right to ask me to amend or change any incorrect information about you.

  • Right to be forgotten and restrict processing

You have the right to ask me to delete any information that I hold about you. Please note that it is not an absolute right to be forgotten if I am legally obliged to keep records, for example financial records must be kept for 7 years.

  • Data Portability

You have the right to receive your personal information and to transfer this information to another party.

 

Please contact Nick Davies, the data controller/processor by email if you would like to exercise your rights listed above.

If you have concerns about potential personal data breach, please contact me in the first instance. For further information please contact the Information Commissioners Office on 0303 123 1113.

  • Consent

If you do not consent to me using your data in this way, due to GDPR constraints, it is unlikely that I will be able to work with you.

Third Party Apps & Internet Privacy Policy 

GDPR (data protection) requires me to tell you what happens to your information in more detail when using an internet service from a third party.

I only use third party providers who acknowledge that they are fully GDPR compliant or are in the process of being fully compliant at the time of writing this privacy policy.

General Enquiries (non-clients)

Contact details captured during enquires made to me that do not result in the enquirer becoming a client may be stored indefinitely within  Cloud storage unless a request is made to delete it.

Your Web Browser – Deleting Browser History and Cookies

You may be in a situation where you do not want anyone who has access to your computer to know that you are looking for a counselling service. Information as to how to erase your internet search history and cookies from any websites you have visited can be found by using the link below.

https://privacypolicies.com/blog/how-to-delete-cookies/

Please note that I am not liable for any potential issues this may cause to any of your devices from this third party website.

Email

I use Google email service. Any correspondence received by me or sent to you via info@hebroncounselling.co.uk  is held on Gmail email servers. Access to my email is via password security and is not shared.

Website

My website is used to advertise my services only, no personal information is gathered or stored on the hosting platform.

Social media

I do not knowingly communicate with clients through social media.