Data Protection for Clients

This page sets out my privacy policy as required under GDPR. It describes how I look after and use any information you may give me, either as a client, a prospective client, someone who has communicated with me about my services, or as a visitor to my website. It also describes your privacy rights.

Data Controller

As a sole trader, I (Christine Summers) am the Data Controller and Data Processor and am registered with the ICO.

I only collect personal information for proper and lawful reasons. At every stage of our relationship, your information will be processed only if it meets at least one of the following conditions.

• To fulfil my counselling agreement with you. This includes the collection of information before we enter into a explicit or implicit counselling agreement, during your counselling and after the counselling has concluded.
• To ensure I am giving you a professional and ethical service that complies with the Codes of Practice of the professional organisations I am a member of, and the requirements of my insurers.
• When it is my legal duty to collect, store, use or transfer information in order to comply with legislation or the instructions of a court of law
• When it is required to maintain my own safety, your safety or the safety of third parties.
• To enable financial transactions between us

How Information is Collected

The personal identifiable information I collect, store and use comes from our conversations, emails, texts and phonecalls. The information others may hold (e.g. the Counselling Directory or PayPal) comes from our online communication and/or from financial transactions between us.

Types of Information Held

Personally Identifiable Information held:

• Your contact information, preferred contact methods & preferred response to accidental contact
• ICE (In Case of Emergency) contact information. (NB. You do not need to gain explicit consent from your GP.)
• Socio-demographic & locational information, including age, gender, present address, employment and health
• Communication from letters, emails, texts, and phonecalls.
• Signed agreements about counselling or hypnotherapy

Anonymised information I hold-

• Case notes from sessions
• Diary appointments

Third Parties may also hold information gathered through your interactions with me. This includes,

• Information derived from the use of cookies on my website. (Note 1)
• Information derived through email, SMS, phone contact between us (Note 1)
• Information about financial transactions between us
• Information derived from the location of our phones (Note 2)

Note 1 – this is meta-data such as date, time, IP address and duration of communication, and usually does not include the content of the conversations. If you are concerned about third parties holding or accessing the meta-data or content of communication please inform me of this and we can explore the use of specialised communication applications to mitigate this. Note 2 – Modern Smartphone applications upload the location of the phone to the application server. This can result in applications such as Facebook deriving a connection between us.

Storage of information

Digital:

Contact information – Held on phone and laptop and backed up in the cloud
Emails – held on a laptop, phone and backed up on local devices.
SMS Texts -These are held on a phone and deleted monthly.
Electronic payments via PayPal.

On paper:
Address, age, occupation, health and reason for requesting sessions.
Signed agreements.
Anonymised session notes, coded and filed separately, also in locked filing cabinet.
Anonymised diary appointments.

Sharing of Information
I may share personally identifiable information with

• Statutory bodies when required to by law or instruction of a court of law
• Your emergency contacts in case of an emergency
• Statutory bodies when required to avoid harm to you, me or others
• My accrediting/ethical membership body, insurers and professional advisers in the case of you making a complaint against me
• My professional executor, in the case of my incapacity or death.
• A judge – If your information is requested by a court or you raise a legal action against me I may take legal advice, in order to clarify whether the court has jurisdiction, and whether the request meets the strict legal criteria required in such cases. In this situation I may consult a lawyer to help me make an informed decision about whether to release some or all the information I hold to the court. Personal information pertinent to the decision will be made available to the lawyer, who will be bound by a Professional Code of Conduct.

I share anonymised personal information with clinical supervisors (including specialist supervisors) in order to ensure I am operating effectively and ethically. I am required to do this by the professional organisations I belong to.

Data retention

I keep your information for a variety of lengths of time depending on how it is held

Digital Information – Basic contact information – contact information, emails, texts, messages and calendar appointments. For technical reasons this information cannot be entirely erased and could therefore remain accessible to a technically competent person until the storage device is destroyed or securely wiped and reformatted. All devices are password protected.
Paper information – Notes and paper copies of contact information, emails, created media. These will be shredded 5 years after counselling ends. Paper information gathered from an initial enquiry will be shredded after 1 year if you have not contacted me to arrange paid sessions.

Your rights

You have

• the right to access your personal information
• the right to require me to change any factual mistakes in the information I hold.
• the right to withdraw your consent to the non-essential processing of information*
• the right to request the deletion/destruction of your personal information*
• You can withdraw consent to the use of your personal information and/or request its destruction however there are limits to this right laid down in the legislation. For example you cannot demand the destruction of records of financial transactions.

For more information about your Information Privacy Rights you can contact the Information Commissioners Office through their website https://ico.org.uk/