It is important to me that you feel comfortable with the way I handle your personal information. Please let me know if you have any questions about this Privacy Notice - I will be happy to discuss it with you.
How I use your personal data
I am committed to protecting your personal information. Personal data I hold about you includes your name, contact details and date of birth. I will use non-sensitive personal data to (i) register you as a new client, (ii) manage payment, (iii) collect and recover monies owed and manage my relationship with you. My legal ground for processing this data is performance of a contract with you and in relation to recovering monies owed, protecting my legitimate interests.
I may also hold sensitive personal data about you, that is, information such as racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health information (including your doctor’s details) or information about your sex life/sexual orientation. I will use any sensitive personal data I obtain during our relationship for the purpose of providing my service to you, my professional development and in complying with relevant legal obligations as described in this Privacy Notice. For example, I keep brief notes recording the themes of our sessions, your client number and the date and time of your session. This is necessary to meet my professional obligations including the requirements of my insurer and BACP. My legal ground for processing this data is your explicit consent.
The content of our sessions is confidential, except as described in this notice. The exceptions to confidentiality are: (i) if I believe you or someone else to be at risk I might want to inform your doctor/other health care professionals, social services or the police. I would normally discuss this with you first; (ii) I am required to have regular supervision to support me in my work. I refer to clients by first name only and my supervisor is also bound by confidentiality rules; (iii) in exceptional circumstances some criminal laws require me to break confidentiality without informing you; (iv) I am sometimes required to write about and reflect on my clinical work - names and identifying information is removed; (v) I may be required to disclose information in the course of a police investigation or in court; (vi) I have a named therapeutic executor who, in the case of my illness or death would have access to your contact details.
I may have to share your personal data with (i) service providers who provide IT and system administration support; (ii) professional advisors including lawyers, bankers, auditors and insurers (iii) HMRC and other regulatory authorities. I require third parties to whom I transfer your data to respect the security of your personal data and to treat it in accordance with the law.
Cookies are small pieces of data that websites store on a device. Cookies can improve your visitors’ browsing experience because they help websites remember preferences and understand how people use different features. I use analytics and performance cookies to collect information about how visitors interact with my website.
Data retention and security
I will only keep your personal data for as long as necessary to fulfill the purposes for which I collected it. After this time it will be deleted or shredded. I may retain your data to satisfy any legal, accounting, or reporting requirements; so for example, for insurance and tax purposes I need to keep certain information about you (including session notes) for 7 years after you cease to be a client.
I have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. All of my third party providers are businesses based with EEA or who are registered with the EU-US Privacy Shield. Clinical management systems to which I subscribe meet UK data protection requirements. Electronic information not uploaded to a clinical management system is stored on my password protected computer on an encrypted disk. Hard copy documents are scanned, uploaded and shredded or stored in a locked box. Voicemails left on my mobile phone are protected by a pass-code. Please let me know if you want more information about this.
I need to keep your personal data up to date and accurate. If there are any changes (such as a change of address) please let me know.
You may request that I inform you of the data I hold about you and how I process it (a Subject Access Request). I will not charge a fee for this (unless the request is repeated in which case I may charge a reasonable fee or decline to respond). In most cases, I will reply within one month. I will notify you of any delay and will in any case reply within 3 months. If you wish to make a Subject Access Request, please send the request to Louise Morris, Hedge End, Little Green Lane, Farnham, Surrey GU9 8TE or email talk@louisemorriscounselling. You are able to exercise certain rights in relation to your personal data and in some circumstances can ask for data to be deleted. These are set out in more detail at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/. If for some reason you are not happy with any aspect of how I collect and use your data, you have the right to complain to the Information Commissioner’s Office (www.ico.org.uk). I should be grateful if you would contact me first if you do have a complaint so that I can try to resolve it for you.