Welcome to my website
Welcome to my website
This policy is in line with UK legislation and guidance for Data Protection.
I am unable to provide counselling services to individuals outside of the UK to ensure I am working to the legal framework at all times.
The law requires me to tell you about your rights and my obligations to you in regards to the processing and control of your personal data. I do this now, by requesting that you read the information provided at www.knowyourprivacyrights.org
I am registered with the Information Commissioner's Office (ICO) as the Data Controller for Tracy’s Counselling Service. Reference number: ZA550738
If you are unhappy with any aspect around how I handle your information, then you can raise this with the ICO and/or the BACP. My BACP registration number is 379281.
The lawful bases for processing personal data are set out in Article 6 of the GDPR and are embedded within the DPA 2018.
It is my responsibility to be transparent with clients, which bases may apply and the law demands that at least one of these must apply whenever I process personal data. The 6 bases are:
(a) Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
HOW THIS APPLIES TO YOU:
(A) Consent: Under the EU regulations (GDPR), you have to give me explicit consent to collect your personal data; such as your name, address, email and mobile number, date of birth. I require this information to carry out my work and to enable us to form a contract from which to work together. When you respond to my website you are providing consent for GoDaddy website host, to send this to me. I will then clarify and seek explicit consent to gather this, when I respond to this. This will also be embedded in the counselling agreement form and assessment paperwork. You may withdraw your consent at any time by writing to me at my registered office or by e-mail at firstname.lastname@example.org If you do so, I shall not be able to provide my services further.
(B) Contract: Information I collect from you is for the purpose of providing a service and developing a contract, so base B applies here. I only request the minimum I need to work safely and ethically. When I am collecting this for face to face counselling I do this over the phone initially using your personal number provided, using my business phone. It is important that you consider your privacy prior to agreeing to share information with me in this way. If there is anything you feel is of a sensitive nature then you can indicate you would prefer to share this at the assessment session if this is face to face. Where we are operating as an online counselling service, I use an encrypted email service (Protonmail) to ensure the personal information recorded by you and received by me electronically is held securely. This is detailed within the client agreement forms in more detail depending on the nature of the service being provided.
NB: Bases C, D, E and F may become applicable if there was a need to breach confidentiality depending on the nature of the concern. I would need to ensure these applied to enable confidentiality to be broken.
I am required to store it for a period of time after our work has terminated, in case of complaints or legal issues. This is in line with guidance from my Insurer and from the BACP. Information will be held for 5 years. Once this is no longer required it can then be destroyed as confidential waste by shredding.
Your personal data and summarises of our sessions will be kept in my sole use locked filing cabinet, that only I access. My sessional notes are held separately from my client notes, which will not contain any identifiable personal information.
All my electronic devices are password protected, as is my Vsee account, and security and virus software is updated on a regular basis. For online webcam meetings Zoom platform is used as this provides the best level of security for our privacy.
I am unable to reply to any ‘friends’ requests from clients or follow you, in order to protect us both, keeping our work boundaries and confidentiality secure.
Information relating to your method of payment:
Access to your personal information:
This can be requested by contacting me using the secure Proton Mail account email@example.com
NB: In view of Brexit there may be changes around the use/processing of Data that could lead to changes in this privacy notice going forward. Currently this notice is applicable as the Data Protection Act 2018 remains relevant in English law and I continue to use the safeguards within the GDPR regulations for now, as I have been doing while we were part of the EU. I will update this notice and subsequent client agreements, when this Brexit process has confirmed the expectations on providers of services of Counselling or my Insurers or professional bodies provide any relevant guidance. 06/01/2021.