PRIVACY POLICY

 

Your privacy is very important to me and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me.

Third party privacy statement
Your information does not get shared with anyone else within my private practice, as I manage my practice myself, and operate my business as an independent ''sole trader''.

From the moment you get in touch with me I will never try to obtain information about you from any third party without your knowledge and consent.

I will never share your information with any third party - unless you have explicitly told me that you would like me to, in order to help you get good support or healthcare.

I am required to have regular supervision with another professional therapist as part of my ongoing accreditation with the British Association of Counselling and Psychotherapy (BACP). I never disclose any personally identifying information about my clients within supervision.

There are only three lawful exceptions where I do not need your consent to share information to a third party: child protection, court order and risk to life.

The lawful basis for processing your data
I only use information about you in ways that are core or legally essential for me to fulfil my role as an effective, safe, ethical and responsive counsellor

I never keep or use your information in non-essential ways. For example: as a matter of principle, I do not have any social media linked to my website and I do not send newsletters or marketing campaigns.

Under GDPR regulations 2018, I am what is known as the 'data controller' and also the 'data processor', and I have specific responsibilities and requirements, accompanying these roles to protect your privacy.

My business is registered with the Information Commissioners Office, the UK authority for upholding data protection, (www.ico.org.uk). I am bound by their policies with regards your privacy, as well as the BACP code of professional practice.

Disclaimer: Your role in protecting your own privacy
I make every effort to ensure that my clients' personal information is held securely and to safeguard against unauthorised access, whether I receive it via my website, emails, text, over Zoom or phone or in person. At the same time, in agreeing to my privacy policy:

1. You acknowledge that the privacy of your communications and personal information can never be completely guaranteed when it is being transmitted over the internet.

2. You acknowledge and agree that you share information via the internet at your own risk.

3. You agree to take responsibility for your own role in safeguarding your data privacy in the email address you choose to use and whether or not you choose to password protect information you send to me.

A note about GMail (Outlook etc) and Electronic Messaging Systems - free electronic email & messaging services (Gmail, Outlook, Facebook, WhatsApp etc) regularly read incoming & outgoing messages electronically. One of the reasons for this is that the service gains knowledge about the messaging user for the purposes of selling advertising to other companies. To put it plainly: if you email me about the topic of, say, your sexuality using your GMail address it's very likely sexuality will be associated with your email account... which will possibly attract associated advertising topics wherever you're logged in with that same account (eg Google.com).

Best advice I can give is (a) to read the terms of service your free messaging provider and (b) to be cautious in what data you include when communicating electronically.

How do I obtain information about you?
I obtain information from:

  • What you choose to share with me when you first contact me via my website's contact form, or when you phone or email me to make an enquiry.

  • What you choose to share with me - information you send me by email and over the phone (text or voice message)

  • Sessions we have together in person face to face, by phone and online (zoom)

  • Your health insurance company or healthcare provider, if relevant, and with your consent

  • If we agree to work together, I will of course want to get to know you, your needs, aims and life context so we can work really well together, with a good, shared understanding.

Your privacy when you first get in touch
I'll only keep your contact information if I have the capacity to respond and be of help to you.

My website's contact form
If you get in touch via my contact form, you've got options to choose what information you wish to share with me.

Your information is not stored anywhere on my website platform - I've disabled that option, so your contact form goes directly through to me via email.

About your initial free phone consultation
If you make initial contact with me over the phone, or choose a free telephone consultation, you can choose how much you would like to share with me at this stage. The purpose of your initial free telephone consultation is about the practicalities: to find out if our schedules are mutually workable, for you to ask any questions about my approach, and for me to provide you with some information about the ways in which I could assist. However, having a simple overview of your current issues, and what you want from sessions, can be helpful to ascertain if I am best placed to work with you.

What type of information do I collect about you?
I will collect the following personal information from you if we decide to work together, because, as a registered healthcare practitioner, I would be reasonably expected to have this in case of an emergency:

Personal Information

  • Your name and contact details

  • Who should be contacted in case of an emergency (e.g. next of kin)

  • GP address

If health insurance is funding your sessions I also need your name, DOB, address, plus your membership and authorisation codes to pass security checks with your health insurance company.

Sensitive information
Given the nature of healthcare related data, some of the information you may share with me is likely to be classified as sensitive. I'm legally required to take strong measures to protect your confidentiality with any of the following sensitive information that would be important for me to know in order to help you:

  • Your mental and physical health

  • Use of alcohol, prescribed and non-prescribed drug use

  • Any criminal offences or alleged offences

If you choose to share any information with me about your relationship or sexual history or orientation, your family, lifestyle, employment, religion or cultural background, this is also respected as sensitive'.

What do I use your information for?
I may at times need to ask you about some of the above sensitive information with the specific purposes of ensuring that:

• the service I provide to you is properly responsive to your specific circumstances and needs.

• I make safe and effective clinical and therapeutic decisions

• I respond to you in the most considerate way

• we communicate openly with one another to make wise and appropriate decisions together in a teamwork approach

With regards to personal and sensitive information, I don't need to have a written record of everything you share with me. I keep my note-taking outside of sessions to a minimum, and often encourage my clients to keep their own notes of useful ideas, insights and reflections. As they relate to you and your progress, it's much more relevant and helpful that notes are written by you and stay in your possession.

There are of course some things that I must, legally, have a written record of, if it is in direct relation to your safety or the safety others, such as emergency contact information, or information related to suicide risk, child protection, domestic abuse, or other violent crime, or should I ever need to account for my clinical decisions and/or respond to complaints.

How I will store your Personal Data

Storage Methods.

  • Paper: written notes (described below).

  • Smartphone: I will store your contact data (Name, mobile number, email address) in a plain-text note app that backs up to my private Google Drive. This allows me to contact you in case of emergencies, but keeps from revealing this data to other applications (i.e., not using a Contacts app).

  • Email/SMS/WhatsApp: your email address and correspondence will be stored in my email account (currently Gmail) by nature of you contacting me. Your telephone number may be stored in my SMS or WhatsApp app should we exchange messages this way. Electronic correspondence will also be held by the corresponding app (Gmail, Phone's SMS, WhatsApp).

  • Website: none of your personal data is stored on my website, other than to momentarily collect & send it to my Gmail account for the purposes of our initial contact, after which is automatically erased.

Documents Held
Paper...

  • Contact Sheet

  • Contract/Agreement

  • Assessment Record

  • GDPR Agreement

  • Client Code (linking documents)

  • Brief Session Notes

  • Electronic...

  • Contact name & telephone

  • Email/SMS/WhatsApp

Measures I take to store your data securely
These are the measures I take to protect your data before it can be deleted or destroyed:

Storing paper information securely
I keep handwritten or printed information about you to an absolute minimum in order to protect your data.

I do not print or keep duplicate information wherever this can be prevented. For example, if you or your insurance company have sent me digital information via email, I do not then print it.

All handwritten or printed information that has any personally identifying information on it about my clients is kept in a securely locked filing cabinet.

Keeping electronic information securely stored
My devices are all password protected, with strong passwords that are all different from each other, and which I change at suitable intervals.

I do not share my devices or passwords with anyone else other than the l therapist who is the executor of my ‘Professional Will’ who has the password for my laptop. She would only use this in the unfortunate event of me being unable to work (death, serious illness etc.). At this point my executor would access my current client list and inform them of the situation.

I do not store any personally identifying information of my clients on a mobile phone, except for your number and names are coded.

How long do I store your data?
If you make an enquiry, but do not proceed to counselling sessions all personal information will be deleted after 90 days

If you attend counselling sessions all personal data will be kept for a period of 5 years from the date of your last counselling session. Counselling notes will be deleted after 5 years, but minimal personal information will be retained for a further 2 years (7 years in total) where needed to comply with HMRC.

Your right of Access
You have a right to make a written request for the details of personal information that I hold about you.
You can simply email me and I will be happy to share the records that I have for you.

Right to make a complaint
If you have any questions or concerns about the way I process personal data please contact me at janemursellcounselling@gmail.com

If you’re not satisfied with the outcome of your query, you can contact the Information Commissioner’s Office on 0303 123 1113 or visit ico.org.uk/concerns.