What is this document about?
The Data Protection Act, 2018 (DPA), controls how your personal information is used. There are restrictions about how I collect and store information – and you have a right to know – and control – how your information is handled.
Information about the DPA can be found at: https://www.gov.uk/data-protection
Under GPDR I am Registered with the ‘Information Commissioner’s Office’ (ICO) as a ‘data controller’ – Registration number: ZA271238.
Information about the ICO can be found at: https://ico.org.uk/
This document is to let you know what information I collect about clients, why I collect it, how I use and store it, who has access to it, how long I keep it and how it is destroyed.
Your rights
Under the Data Protection Act 2018, you have the right to find out what information I store about you. This includes the right to:
- be informed about how your data is being used
- access personal data
- have incorrect data updated
- have data erased
- stop or restrict the processing of your data
- data portability (allowing you to get and reuse your data for different services)
- object to how your data is processed in certain circumstances.
What Information do I collect?
I collect and ‘handle’, in different ways, the following information:
- Your name and address;
- Your phone number and email address;
- Dates and times of our meetings;
- The name and contact details of someone you know & trust who knows that you are therapy with me (a ‘Safety Contact’);
- The name and contact details of your GP (or primary doctor);
- Brief notes of our sessions;
- Emails and texts;
- Details of our financial transactions
(invoices, receipts, BACS transfers etc.).
Why do I keep this information?
- Your name and address:
- I am required to keep this by my professional body (UKCP) and insurance company.
- Your phone number and email address;
- I need this if I need to contact you between sessions.
- Dates and times of our meetings:
- This is needed to back up my memory;
- It is a requirement of my professional body and insurance company.
- Safety Contact:
- This is a matter of safety and part of my responsibility for your welfare;
- Contact with this person (who should be an adult) would only take place in an emergency – almost always only after discussion with you.
- The name and contact details of your GP (or primary doctor);
- This is a matter of safety and part of my responsibility for your welfare;
- Contact with your doctor would only take place at your request, or in an emergency, to protect your safety – and almost always only after discussion with you.
- Brief notes of our sessions:
- I need to keep notes in order to refresh my memory about our work;
- I need to keep notes in order to inform my clinical supervision;
- It is a requirement of my professional body (UKCP) and my Insurance company.
- Emails and texts:
- Emails and texts are part of the record of our out-of-session contacts, which often
frame the work.
- Emails and texts are part of the record of our out-of-session contacts, which often
- Details of our financial transactions (invoices, receipts, BACS transfers etc.):
- I am required to keep this for tax and accountancy purposes;
- We also need an accurate record of our transactions to keep our financial
agreements transparent and accurate.
How do I keep this information?
- Your name and address:
- This provided by you and is filed under lock and key, separate from other
information about your ongoing therapy.
- This provided by you and is filed under lock and key, separate from other
- Your phone number and email address:
- This is provided by you and is filed under lock and key, separate from other
information about your ongoing therapy; - Information on my phone is labelled with a code so that you cannot be identified;
- My phone is locked and protected by face I.D. and password;
- Information on computer is held in a specific password-protected file.
- This is provided by you and is filed under lock and key, separate from other
- Dates and times of our meetings:
- Recorded in my diary using a code to conceal your identity.
- Safety Contact:
- This provided by you and is filed under lock and key, separate from other information
about your ongoing therapy.
- This provided by you and is filed under lock and key, separate from other information
- The name and contact details of your GP (or primary doctor):
- This provided by you and is filed under lock and key, separate from other
information about your ongoing therapy.
- This provided by you and is filed under lock and key, separate from other
- Brief notes of our sessions:
- Session notes are kept in a file in a locked filing cabinet, using a code to conceal
your identity.
- Session notes are kept in a file in a locked filing cabinet, using a code to conceal
- Emails:
- Emails are handled through a Hushmail account – which is an end-to-end encrypted email system:
- The only people who can access Hushmail emails are me and my ‘therapeutic executors’
- Texts are on my phone which is face/password protected.
- Details of our financial transactions (invoices, receipts, BACS transfers etc.):
- Copies of invoices/receipts are kept in secure files on y computer;
- Clients are asked to use initials for BACS transactions to protect confidentiality;
- Financial records are kept securely on my bank’s website;
- Bank statements are kept in a locked filing cabinet.
Who sees this information?
- Your name and address:
- Only I will see this information.
- Your phone number and email address:
- Only I will see this information.
- Dates and times of our meetings:
- Only I will see this information.
- Safety Contact:
- Only I will see this information.
- The name and contact details of your GP (or primary doctor):
- Only I will see this information.
- Brief notes of our sessions:
- Normally only I will see this information;
- Occasionally notes are taken to supervision; my supervisor only has a first name &
generalised, non-identifiable information about clients; - Please note that in certain circumstances, therapists have the right to withhold notes
of parts of notes, subject to a court order.
- Emails and texts:
- Only I will see this information.
- Details of our financial transactions (invoices, receipts, BACS transfers etc.)
- My wife has access to the bank account; however, BACS transfers etc are
identifiable only by client initials.
- My wife has access to the bank account; however, BACS transfers etc are
Please note:
I have formulated a ‘Professional Will’ which comes into effect should I be incapacitated and unable to manage my affairs, temporarily or permanently. This ensures that responsible people will manage the informing of clients and advising on future care
How long is this information kept and how will it be destroyed?
- Your name and address:
- My
professional body and insurance company recommend that this information is kept
for seven years from the end of therapy; - At
that point it will be shredded in a secure cross-shredder.
- My
- Your phone number and email
address:- My professional body and insurance company recommend that this information is kept
for seven years from the end of therapy; - At that point it will be shredded in a secure cross-shredder.
- My professional body and insurance company recommend that this information is kept
- Dates and times of our meetings:
- My professional body and insurance company recommend that this information is kept
for seven years from the end of therapy; - Diaries
will be retained indefinitely in a locked filing cabinet.
- My professional body and insurance company recommend that this information is kept
- Safety Contact::
- This is removed at the end of therapy;
- At that point it will be shredded in a secure cross-shredder.
- The name and contact details of your GP (or primary doctor):
- My professional body and insurance company recommend that this information is kept
for seven years from the end of therapy; - At that point it will be shredded in a secure cross-shredder.
- My professional body and insurance company recommend that this information is kept
- Brief notes of our sessions:
- My professional body and insurance company recommend that this information is kept
for seven years from the end of therapy; - At that point it will be shredded in a secure cross-shredder.
- My professional body and insurance company recommend that this information is kept
- Emails and texts:
- My professional body and insurance company recommend that this information is kept
for seven years from the end of therapy; - At that point emails will be securely ‘trashed’;
- Computers to be disposed of will be securely cleared and ‘returned to factory settings’;
- Phones no longer used will be securely cleared and ‘returned to factory settings’.
- My professional body and insurance company recommend that this information is kept
- Details of our financial transactions (invoices, receipts, BACS transfers etc.)
- Banks, HMSO and financial advisory recommend that this information is kept for seven
years from the end of therapy; - At that point Bank Statements will be shredded securely.
- Banks, HMSO and financial advisory recommend that this information is kept for seven
Should you wish for further information, please do speak with me.