Your privacy is an important priority. I am committed as both a data processor and a data controller to always being a good custodian of all personal data of both any individual who contacts me and/or engages in a counselling relationship with me or my colleagues at East Surrey Counselling Group either for their self or their child or counsellors who contact me with a view to beginning a supervisory relationship.
I aim to handle personal data in a responsible, transparent manner and secure it with industry standard administrative, technical and physical safeguards.
I am registered with the Information Commissioner’s Office (ICO) and follow their guidelines.
Under the GDPR 2018 law I need client and supervisees signed consent to the holding of personal data for the duration of our contract and my note taking. I therefore discuss this with each supervisee or client (and parents if appropriate) in our first meeting whilst discussing the written contracts I provide, all of which seek new clients, their parents (if under 18) and supervisees signed consent to these processes.
However please note by contacting me by email and/or telephone to ask about my services you are allowing me access to personal data (e.g. telephone numbers, email addresses and names) about yourself and/or your child which will be stored securely in a locked filing cabinet, within my home, until our first meeting. If we do not proceed to an initial meeting then these details/communications will be destroyed.
The legal basis for the ongoing holding of personal data is to allow me to contact my clients or supervisees, if necessary, primarily to cancel sessions due to illness or unforeseen circumstances (by text or phone call) or to contact those who have missed sessions.
All personal data is kept securely in a locked filing cabinet within my home and destroyed upon completion of our work.
All notes and correspondence are kept for 7 years, from the date of the last counselling or supervision session in the case of adults and until children reach the age of 25 in a second locked filing cabinet within my home.
Communications received from any source regarding any client or supervisee are securely stored as part of my note, as above.
I will never pass your information to a third party, without your consent, unless I am required to do so in law, as part of my duty to protect a child, vulnerable adult or the public or where I am required to do so by any court or law.
I am not currently using email encryption programmes so any emails you send to us and/or our replies may be vulnerable to viruses or human error. for these reasons it is best to be thoughtful about what you include in emails to me and which email addresses you choose to use with me.
Often, it is best to rely on email only for non-confidential communications like initial contact and setting up appointment times.
In an effort to keep confidential and psychological material “in the room” it is best avoided in emails unless you have discussed it with me beforehand. However, if you choose to communicate by email, be aware that all emails are retained in the logs of Internet Providers. Furthermore, they can be vulnerable to viruses and unintended forwarding for replication.
Please note in the normal cause of events only I have access to my filing cabinets. However in the event of my death or incapacity (which renders me unable to work or communicate with my clients and supervisees) my Professional Will makes provision for my Professional Executors (two fellow counsellors) to access my client and supervisees personal details with the view to contacting all to advise of my death or incapacity.
I try to meet the highest standards when collecting and using all data and take any complaints or concerns very seriously. I encourage you to let me know if you think that my collection or use or storage is unfair, misleading or inappropriate and I welcome any suggestions for improving my procedures.
If you wish to make a complaint you can contact the ICO as the statutory body which oversees data protection law.
Client rights under GDPR:
To access a copy and explanation of personal data held
To request correction or erasure, in certain circumstances
To request limiting or ceasing data processing, where applicable
To compensate for substantial damage or distress caused by data processing, where applicable.
Finally, please note: If you decide to pay for my services using I Zettle and/or directly from your bank account into my bank account you are also allowing the companies involved to see and store your transactions and personal data.
I will, as an independent controller and processor of this data, employ reasonable administrative, technical and physical measures to maintain security and confidentiality of any and all such payments and information but as the banks involved and I Zettle are also controllers and processors, when processing your information, please do see their Privacy Policies for further information.
This website provides links to other websites. I have no control over such websites and are not responsible for the content of these websites. This privacy policy does not extend to your use of such websites. You are advised to read the privacy policy or statement of other websites prior to using them.
This policy is advertised here at all times and will be updated regularly to ensure it continues to comply with the latest regulations and best practice.
Carol Belsey
4th Edition 9th February 2023