Data Protection and Privacy Policy
In line with GDPR recommendations, this policy was updated in May 2018
Who I am and what I do
I, Elisabeth (Lis) Hughes, specialise in delivering counselling therapy to clients, either though self referral or via organisations, and clinical supervision for other counselling professionals. Although I do need to collect and hold certain personal data in order to deliver my services, I am committed to protecting and respecting client privacy. This policy provides an overview of how I comply with data protection legislation and the basis on which any personal data I collect from you, or you provide to me, will be processed. I am registered with the ICO as a Data Controller.
How I obtain personal information
If you contact me, whether by telephone, email, website, or other means, I will keep a record of that correspondence. I may ask you to complete various questionnaires (if you come via an EAP) and other forms that I use to assess your needs when we first meet and which will inform how I tailor my services. I may keep records of any meetings and sessions in the form of written notes, and occasionally with permission, audio recordings. I may receive correspondence from you or other healthcare professionals relating to our work. I may make note of information about you during sessions or use creative/artistic methods during the course of therapy. I may also produce notes, assessments, letters or reports outside of sessions.
What personal information I collect and how I use it
The information I hold on you falls into two categories, Personal Data and Special Category Data. Although I need to hold both categories of information in order to deliver my services to you, I will ask for your explicit written consent to my holding Special Category data when we contract at the start of therapy work.
Contact Information
I hold contact information that you have provided to me which is used to contact you about the delivery of services. This information includes:
· First name and Surname
· Date of birth
· Postal address
· Email address
If you are a supervision client, and you have agreed that I may do so, I may use this information to send you details of services that may be of use to you. If you are a personal therapy client, then I will not send you any correspondence that does not directly relate to your case unless you have specially requested that I do so. Wherever possible I will always respect your preferred method of communication if you have stated one. This contact information is held separately to any other data to maintain your privacy.
General Information, Familial relationships and Special Category Data
The following data is held separately to your Contact Information and is anonymised as much as possible.
I hold general information that you have provided to me and which I use to manage the delivery of my services. Some of this information also enables me to comply with my legal or regulatory obligations. This information may include:
· The individual or organisation that referred you to me
· A record of appointment dates and attendance
· General and admin correspondence, and
· Information on the type and location of sessions.
During your assessment session I will ask about your family and network of support and may make a note of this in my assessment record. If I require consent from a parent or guardian to deliver services to you, then I will need to hold contact and general information about those individuals, as well as ask them to sign consent for services when we contract at assessment stage.
Due to the nature of my services I may need to process data relating to your physical and mental health. The GDPR deem data concerning health as a Special Category of data which means that I must have specific reasons for processing this data. The reasons relate to the type of service that I deliver to you and I will obtain your informed consent to hold such data when we contract that the beginning of our work. This information may include:
· Your reason for referral/self-referral
· The name and contact details of your GP
· The name and contact details of other healthcare professionals who may be involved in your case
· Significant mental and physical health details, including medication
· Completed questionnaires (EAP clients)
· Correspondence from or to you about your case
· Correspondence from or to other healthcare professionals about your case
· Correspondence from third parties about possible referrals
· Mobile communications (including emails, texts) from you or about your case
· Voicemail messages from you or others about your case
· Writing, drawing, diagrams or other items or objects that have produced as part of the therapeutic work
· Completed consent/contract form
· Session notes
· Audio recordings of sessions.
Payment Information
I am required to hold information on payments received for my financial records. For clients who pay by cash/cheque then the amount is recorded in my log book by date and time of session, which then can then be linked to my record of session notes if required. For clients who pay by BACS then the only information I see in my records is: Payee name and reference, and the date and amount of the transaction.
Who I share your data with
I may share your Personal Data with selected third parties that help me deliver my services. I will never share your Special Category data with these organisations. I may share your Special Category Data with other healthcare professionals involved in your case, but only with your permission. All counsellors are required to undergo formal clinical supervision. As part of these sessions it may be necessary to discuss your Personal or Special Category Data with the supervisor who will be a qualified healthcare professional operating under terms of confidentiality.
Your rights under data protection legislation
You have various rights under the relevant data protection legislation. If you wish to exercise any of these rights, then please contact me via email at lishughescounselling@protonmail.com
Subject access
You have a right to see what information I hold about you. Any access request may be subject to a fee to meet my costs in providing you with details of the information I hold about you.
Rectification
You have the right to ask me to correct any personal data I have about you that is wrong. If you feel this is the case, then please let me know.
Erasure
You have the right to ask me to erase any information I hold about you. However, this right may be limited by my need to comply with statutory or regulatory requirements for retaining data within this field of work.
Communications
You have the right to ask me not to contact you. This may be for specific purposes or you may not wish to be contacted at all. Obviously, I will need permission to contact you if you are an active client so that I can continue to deliver the agreed services to you. I will endeavour to contact you by the method agreed at initial assessment stage.
How I keep your data secure
The personal data I hold on you is stored either physically or electronically. All physical data is secured in locked storage when not in use. All electronic media is secured by separate hard drives, password access and where possible by encryption. In the unlikely event of data being lost or compromised I will tell you what has happened unless you have stated that you do not wish to be contacted by me.
Data retention and destruction
I do not keep information about you longer than is necessary. The length of time I keep your data is determined by statutory or regulatory requirements. I delete or destroy all personal data when it is no longer required, and currently maintain and retain records according to standard industry practice (7 years, or 7 years after your 18th birthday).
How to contact me
If you would like any further information then please get in touch
by email at: lishughescounselling@protonmail.com
or telephone on: 07935817223