GDPR is the European Union’s new General Data Protection Regulation. It takes effect on 25th May 2018 and from that date we are required to ensure that we provide a new data protection and privacy statement to all clients. In it (amongst other things) we confirm what information we hold about you and how we are permitted to use it. For more information please visit the website of the Information Commissioner’s Office www.ico.org.uk
Under GDPR you have certain rights:
The right to be informed.
The right of access.
The right to rectification.
The right to erasure.
The right to restrict processing.
The right to data portability.
The right to object.
Under GDPR we must have a lawful basis for holidng and processing your personal data. There are different lawful bases which apply to us holding information about you.
If you are contacting us to consider therapy or are having therapy at the centre then we use the lawful basis of contract to use your information as it is necessary for the performance of our contracct.
If you have had therapy with us and it has now ended, we use legitimate interest as our lawful basis for holding and using your personal information.
The GDPR also makes sure that we look after any sensitive personal infomation that you may disclose to us appropriately. This type of information is called 'special category personal information'. The lawful basis for us processing any special categories of personal information is that it is for the provision of health treatment (in this case counselling) and necessary for a contract with a health professional (in this case a contract between your therapist and you).
Who We Are
Beverley Counselling & Psychotherapy consists of a number of experienced therapists offering counselling and psychotherapy services. Whilst all therapists work on a self employed basis they all adhere to the Centre’s policy on confidentiality and data protection. All therapists are registered individually with the ICO.
We are committed to keeping your information private. Please see our confidentiality policy for times in which we may seek to share information - we would always endeavour to talk to you about this first.
Information we collect about you and how we use it
Upon enquiring about therapy, basic personal information will be collected for contact and identification reasons. We need to keep your contact details to be able to get in touch with you to offer or alter appointments and to send appointment reminder requests if you would like them.
We collect and store personal information such as name, email address, phone number, date of birth, address and name of GP - we would only contact your GP under certain circumstances (please see separate section on Confidentiality).
We will keep notes of what we discuss in therapy, to remind us of the work we are doing when we next see you. These will include personal and sensitive details about your life. The notes are used solely for the delivery of a therapy service to you.
Under GDPR the lawful basis for we use for storing and processing your personal data is contract. This is because we are providing you with a service and we require information to be able to provide you with that service.
How we keep and use your data
We use a client management database which is GDPR compliant (Write Upp). We use this to store your personal details, make and record appointments in an online diary system, and create invoices.
We also record any contact with third parties e.g. a GP. For more information on this please see our confidentiality policy.
The information on this system is only visible to therapists within the centre.
You can opt out of cookies by choosing not to accept them from the pop-up that is displayed upon arrival to the website, or by changing your browser settings (visit your browsers FAQ page for help on this.)
We do not use any cookies that can identify an individual user via IP.
This website has an SSL certificate.
If you use the contact form on this website to make an initial enquiry this information is kept securely and in an encrypted format.
Any paper information (including contracts signed by the client) are kept in a locked filing cabinet.
Clinical notes are kept either electronically or in written form depending on how the individual therapist works. Digital notes are mainly kept in the client management database as detailed above. These are password protected and only accessible to the therapist who created them. Otherwise they will be kept on a password protected laptop which is accessible only to them.
Each therapist has a separate locked filing cabinet in the office in which they store any paper clinical notes they have. Other members of staff do not have access to these.
Therapists often use phone diaries or IPads to keep a track of appointments. These are password protected.
In accordance with insurance guidelines we keep your notes for 7 years, after which they are destroyed. If you are under 18 at the time of therapy we keep your notes for 7 years from the date you would turn 18 years old.
If you would like to amend any of the contact details we hold about you then please tell your therapist or email [email protected] and we will amend your records.
We recognise that on rare occasions our clients may wish to exercise their rights under the General Data Protection Regulation May 2018 and request a copy of any data we hold about you (a subject access request). Sometimes during counselling, information is provided by more than one individual. In these cases we will only release information if consent has been given by all of the individuals involved. If at any time you wish to exercise your right under the GDPR you should put your request in an email to [email protected] and provide evidence of your identity such as a copy of your passport or driver’s licence and proof of your address. When the centre receives your written request and evidence of identity they will respond to your request within 30 calendar days.
If you wish to transfer your records to another therapist/organisation then please put any requests in an email to [email protected]
We take your privacy seriously and will take all reasonable steps to ensure the protection of your data. In the event of a data breach we would follow GDPR guidelines and notify you and the ICO within 72 hours.
Under the GDPR guidelines you have the right to be forgotten and your information deleted. Please note that your right to be forgotten may not override the legal requirements to keep clinical notes for the mandatory periods. You can request a copy of any data held about you by submitting a subject access request as detailed above.