Privacy Notice for Rachel Burrows
This Privacy Notice was last reviewed in October 2020.
Your privacy is very important to me and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me. I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
This privacy notice tells you what I will do with your personal information from initial point of contact through to after your therapy has ended, including:
What personal information is collected
The purposes of processing your personal information
The legal basis for processing your personal information
Third party recipients of personal data
The period for which personal data is retained
Your rights to personal data
How to contact the authority if you have concerns
What personal information, ‘personal data’, is collected and for what purpose
When you contact me with an enquiry about my counselling services, I will have information to help me satisfy your enquiry. This will include at this stage: your name, preferred contact, i.e. email address or telephone number, your availability and reasons for seeking counselling.
If you decide to proceed further, then further information such as your address, emergency contact, GP details will be collected in a personal information sheet together with a signed copy of this Privacy Notice and a signed Working agreement/Contract as part of the registration process and to ensure that the arrangement and work together can be carried out. If you decide not to proceed, I will ensure all your personal data is deleted within one week of receipt of you confirming this. If you would like me to delete this information sooner, just let me know.
Once the counselling work together has begun, a record of your sessions is held separate to your personal identity details, in paper note form, which include dates attended and may include brief notes pertaining to the issues and nature of the work together.
My legal basis for holding and using (processing) your personal information
The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information. If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract. The GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is that it is for provision of health treatment (in this case counselling) and necessary for a contract with a health professional (in this case, a contract between me and you).
How I store and use and your information
Storage of your personal data
I will keep a record of your personal data, i.e. your name, address, email and telephone contact details, dates attended and brief notes to help the counselling agreement run smoothly and serve to aid memory about the work, as is standard professional practice. These details are kept securely in a lockable cabinet during the work and for maximum of six years following ending counselling, after which they are destroyed securely. If you want me to delete your information sooner than this, please tell me.
Your GP details are held so that they may contacted in the event that you are considered to be at risk.
Details of someone you wish to be an emergency contact are held in case anything happens to you within our session, such as serious illness and it is considered that someone needs to be contacted to support you beyond the session. It is important that this person is someone that is aware that you are having counselling as this will become apparent if I need to contact them.
Your telephone number is kept in a lockable cabinet as is not stored in my devices. After your phone number is used for any reason, it is deleted immediately from the device call history.
For security reasons I do not retain text messages beyond their need, for example, as a reference for a session cancellation and so these are deleted once acknowledged and the conversation has concluded. If there is additional detail relevant to the work contained in a text message or email from yourself, this will be noted in the file notes if necessary. Likewise, any email correspondence will be deleted after the conversation is concluded. In any case, after your counselling has ended, all digital communication will be checked as deleted within one month.
Any information gathered from you by electronic means is printed and kept in a lockable cabinet. It is not stored electronically and is deleted from any devices after it has served its purpose.
Use of your personal data
Your personal contact data is used for initial contact and arranging sessions.
While you are accessing counselling, rest assured that everything you discuss with me is confidential. That confidentiality will only be broken if the law requires me to. I will always try to speak to you about this first, unless there are safeguarding issues that prevent this.
There are times when it may be necessary to share your name, date of birth and address in order to safeguard you or someone in your care in an emergency situation. These are as follows:
Your name and date of birth would be shared with your GP to identify you if they are contacted in the event that you are considered to be a risk.
Your name and address may be shared with the emergency services in the event that you or someone in your care is at risk.
If it is considered necessary to contact your emergency contact your name will be shared with this person for the purposes of identifying you to them in the context of them as your named emergency contact.
The BACP requires a commitment to working ethically, therefore as a member, I take being trustworthy as a serious ethical commitment and adhere to the BACP Ethical Framework for the Counselling Professions which requires me to undertake professional supervision with another experienced counsellor/therapist qualified in this process. This process is for my professional practice. Wherever possible, identifiable details are not shared in the supervision process. During supervision sessions, your privacy and confidentiality will be protected by only referring to you by your first name. Any other details relating to your therapy will be anonymised as much as possible. Confidentiality extends to this supervision and with the same exceptions in law and to protect from harm.
Third party recipients of personal data
Sometimes your personal data may get shared with third parties, for example, where you pay by bank transfer, your details will be shown as a transaction on a statement. I have done everything I can to check that such third parties are also data protection compliant.
Your rights
I try to be as open as I can be in terms of giving people access to their personal information. You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop processing your personal information. You also have a right to ask for a copy of any information that I hold about you (with notice of 30 days) and to object to the use of your personal data in some circumstances. You can read more about your rights at ico.org.uk/your-data-matters. If I do hold information about you I will:
• give you a description of it and where it came from
• tell you why I am holding its, tell you how long I will store your data and how I made this decision
• tell you who it could be disclosed to
• let you have a copy of the information in an intelligible form. You can also ask me at any time to correct any mistakes or amend the personal information I hold about you.
To make a request for any personal information I may hold about you, please put the request in writing addressing it to Rachel Burrows RBurrows@protonmail.com
If you have any complaint about how I handle your personal data please do not hesitate to get in touch with me by writing or emailing to the contact details given above. I would welcome any suggestions for improving my data protection procedures. If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk
Data security
I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept secure.
My devices (phone, laptop) are password protected and not left unattended in the presence of others. My email is encrypted. Security software is used to protect all devices and is regularly updated. All paperwork is locked in a cabinet and only myself and my Therapeutic Will Executor have access. Upon my death or serious illness incapacitating me, this person will have instructions to find your personal contact details to contact you.
If there is believed to be a personal data breach, the risk will be assessed and in the event that I believe you, the client, to be or likely to be adversely affected then I will report it to the Information Commissioner’s Office and my professional indemnity insurer and will follow their guidance.
My contact and registration details
Name: Rachel Burrows
You can contact me by Email: RBurrows@protonmail.com or Telephone: 07927 016754
I am registered with The British Association of Counselling & Psychotherapy (BACP)
I am registered with the Information Commissioner’s Office, registration number: A8684140