This policy is in line with UK legislation and guidance for Data Protection.
I am unable to provide counselling services to individuals outside of the UK; to ensure I am working to the legal framework at all times.
The law requires me to tell you about your rights and my obligations to you in regards to the processing and control of your personal data. I do this now, by requesting that you read the information provided at www.knowyourprivacyrights.org
I am registered with the Information Commissioner's Office (ICO) as the Data Controller for Tracy’s Counselling Service. Reference number: ZA550738
If you are unhappy with any aspect around how I handle your information, then you can raise this with the ICO and/or the BACP. My BACP registration number is 379281.
The lawful bases for processing personal data are set out in Article 6 of the UK GDPR and are embedded within the DPA 2018.
It is my responsibility to be transparent with clients about which bases may apply and the law demands that at least one of these must apply whenever I process personal data.
The 6 bases are:
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data, which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
HOW THIS APPLIES TO YOU:
(A) Consent: Under the UK GDPR regulations, you have to give me explicit consent to collect your personal data; such as your name, address, email, mobile number and date of birth. I require this information to carry out my work and to enable us to form a contract from which to work together. When you respond to my website by sending a message, you are providing consent for GoDaddy website host, to send this to me. I will then clarify and seek explicit consent to gather more information, when I respond to you. This process is embedded in the counselling agreement form that you will be asked to sign electronically, using the software within WriteUpp Practice Management System. I also gather consent when contracting with you about contact in between sessions for the purposes of providing information about appointments such as reminders, confirmation and/or changes that may be needed.
This also applies to consent for inclusion in my client list, that is shared with Make My Clinical Will in the event of my death; or if I were to become incapacitated while we are working together.
This also provides consent for your data to be held in a secure 'cloud' within WriteUpp, while our work together is active and then stored securely by Make Your Clinical Will when this is activated, to ensure notes are held for the required 7 years from the final session. This is the recommended time my Insurer 'Howden' now recommends; in case a complaint against Tracy Paine/Tracys Counselling Service.
Information about WriteUpp can be accessed here:
Information about my Clinical Will service can be found here:
You may withdraw your consent at any time by writing to me at my registered office or by e-mail at firstname.lastname@example.org If you do so, I shall not be able to provide my services further.
(B) Contract: Information I collect from you is for the purpose of providing a service and developing a contract, so base B applies here. I only request the minimum I need to work safely and ethically. When I am collecting this, I do this over the phone initially, using your personal number provided, using my business phone, which is for my sole use and is secured with my PIN and face recognition software. As noted above the formal contracting takes place using WriteUpp Practice Management System software. It is important that you consider your privacy prior to agreeing to share information with me in this way. If there is anything you feel is of a sensitive nature, then you can indicate you would prefer to share this at the assessment session. Where we have communications outside of WriteUpp, I use an encrypted email service (Protonmail) to ensure that any information recorded by you and received by me electronically is held securely. This is detailed within the client agreement forms in more detail depending on the nature of the service being provided.
NB: Bases C, D, E and F may become applicable if there was a need to breach confidentiality depending on the nature of the concern. I would need to ensure these applied to enable confidentiality to be broken.
I am required to store it for a period of time after our work has terminated, in case of complaints or legal issues. This is in line with guidance from my Insurer Howden and from the BACP. Information will be held for 7yrs. Once this is no longer required it can then be destroyed as confidential waste by shredding this electronically. Any downloads of the assessment paperwork on my designated work laptop are shredded using MacAfee virus guard, once I have printed these off if needed for use. My laptop and work phone are only used by me and these are password protected and face recognition software is used to protect privacy.
Your personal data and summarises of our sessions will be held securely on my WriteUpp cloud.
All my electronic devices are password protected, as is my Signal account, and security and virus software is updated on a regular basis. For online webcam meetings Zoom platform is used as this provides the best level of security for our privacy.
I am unable to reply to any ‘friends’ requests from clients or follow you, in order to protect us both, keeping our work boundaries and confidentiality secure.
Information relating to your method of payment:
The preferred method of payment for all my counselling services and supervision is using bank transfer to my business account, where your name will be visible in my statements and accounts: which include my QuickBooks account managed by my accountant.
Access to your personal information:
This can be requested by contacting me using the secure Proton Mail account email@example.com