Privacy Policy for Heard Today Counselling
It is hoped that if you have any concerns/ questions, or believe that I have processed your information incorrectly, that by speaking with me we can rectify this.
However, if we cannot resolve this, you're entitled to make a Data Protection Complaint with the ICO.
What information is stored?
- Your name
- Your date of birth
- Your Email/ Phone number
- Your address
- Your GPs address and phone number / email
- Next of kin/ In case of emergency contact (name, phone number and email
- (When we work remotely) The physical address where you will be during the duration of the session(s)
- Any correspondence between us Emails, text messages, typed summary of phone calls / converstions.
- Copies of client invoices
- Copies of our contract together and emails stating you agree and consent to the contract
- Assessment information This includes information such as the name, and contact information of someone to contact in an emergency, and any assessment forms that I have completed, or you have completed.
- Brief session notesThese are stored on a separate, password protected laptop in encrypted folders that only I have access to, that is kept in a locked cupboard when not in use.
How long are records kept for? & Why are you keeping records?
All records (whether electronic, or physical) are kept for a period of 5 years. Records are kept to enable me to offer counselling, to comply with requirements from my insurers/ethical body, and to fulfill other legal requirements.
Where is your data stored?
I store your data in a number of ways, in accordance with what I see fit, including...
- Physical records will be stored in a locked cabinet that only I have access to.
- Digital records are stored in encrypted folders Session notes are specifically stored on a laptop that doesn't have internet access enabled, for your security. I also use an encrypted usb that only I have the password to.
- On a mobile phone Your client code, phone number, call logs between us,and any texts between us are stored on a mobile phone that does not have internet access Only, I have access to this password protected phone.
The above are stored in a locked cabinet that only I have access to.
- On email servers Emails, and general back ups of information will be stored on my email server (Proton). It's likely that emails between us would also be stored on your email server.
- Back ups USB back ups in the same locked cabinet a secondary back up is kept at another location on USB drives that are pin locked and password protected, with only me knowing the password/ pin.
In addition to how I store your data, I use some third party software/ websites that will collect some of your personal information - By third parties During our work together, innevitably, a number of third parties will have to process your information. They will do this in accordance with their privacy policies.
Your rights under GDPR.
- The right to be informed – It is hoped that this privacy policy has made it clear what information is stored, for how long,and for what purposes. However, if you need any clarification, please don't hesitate to get in touch.
- The right of access - You have the right to request all the information I hold on you- you can do this at any time. Please do this via email to Steve@HeardToday.co.uk with the subject "SUBJECT ACCESS REQUEST"
- The right of rectification-You have the right to tell me if some personal information I hold is incorrect, at which time, I should correct this for you.
- You do not have the right to erasure as records must be kept in accordance with my ethical body, insurers, and to enable me to offer counseling to you
- You do not have the right to restrict processing again this is due to the above...
- The right to data portability - this allows individuals to retain and reuse their personal data for their own purpose.
- You do not have the right to object - this is because I am not using your information for direct marketing. Furthermore, I can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of yourself as the individual; and/or the processing is for the establishment, exercise or defence of legal claims.
- Rights of automated decision making and profiling - do not apply.
Third Parties
Third parties will process your data in accordance with their privacy policies. For security, a comprehensive list is not available here, but is available on request. Links open in a new window.
- PandaDoc Esignature company that collects online signature PandaDoc's Privacy Policy
- Proton My email provider Proton's Privacy Policy
- Zoom Video conferencing software that I use when conducting counselling sessions online. Zoom's Privacy Policy
HMRC / My Bank Your invoices may be used by HMRC/ My bank for anti-money laundering checks, and for legitimate business interest. These invoices contain your name, address, date(s) of our sessions, and price paid.A copy of my bank's privacy policy can be reviewed on receipt of payment if requried.
Living Will Your name, date of birth, contact information, and a brief summary of our work together (not full session notes) is kept on a remote server. In the event that I am seriously injured, or deceased- this third party will be contacted with log in information to enable access to this file. This is so they can contact you to make you aware of what's happening with me, and/or help you to find another counsellor.
The above list is not exhaustive, and from time to time, I may need to share your details to other third parties- either for legtimate business interest, to comply with legal obligations, or a duty of care. I will notify you when your data is shared with other third parties not listed above, unless I am legally required to keep this from you.