Client Privacy Policy

How I manage information about clients

Introduction

This document sets out my client privacy policy, which applies to all counselling and coaching clients to whom I offer services. It sets out how I manage information about clients and how I comply with my obligations under the General Data Protection Regulation (GDPR) 2018 and as a registered, accredited member of the British Association for Counselling and Psychotherapy (BACP).

This document can be downloaded as a pdf document: To be added

I have a separate policies for those using my web-site: web-privacy

and for those I supervise: supervision-privacy

Information I collect

When we first meet I ask you to complete a ‘Client Information Form’. This provides me with your contact details, the name of your GP and how you heard about the services I offer.

Beyond that, the information I hold on you will be a brief summary of my recollections and reflections following each of our sessions. Depending on what you tell me, this may include personal sensitive information, for example about your physical and mental health, sexual life, racial or ethnic origin, religious or other beliefs, offences and alleged offences perpetrated by you or upon you.

Storage of this information

I keep the ‘Client Information Form’ in its paper form in a locked filing cabinet, to which no-one else has access other than in exceptional circumstances (see “Therapeutic Will” below).

I also transfer the information on that form into the cloud data-base system I use for recording my client notes. The system I use is called ‘Bac-Pac’ and is managed by a company called Mayden. If you want more information about how their security systems work you are welcome to ask me, or to contact Mayden directly at: support@mayden.co.uk

If you email me I read the email, deal with it and then delete it. I may copy the content of the email into Bac-Pac if I feel it is relevant to our work to keep it.

If you give me any paper-based documents or pictures at any time I will either store those in a locked cabinet or scan them and store them on my client data-base.

Sharing of your information

There are only four circumstances when I may share some of your information with someone else:

1. I have supervision on all aspects of my practice, which I consider is essential to ensure that I do the best work I can with every client and it is also a requirement of the British Association of Counselling and Psychotherapy. My supervision is itself confidential and I undertake to safeguard your identity in that process. If you are concerned about being recognised in supervision I can explain how it works and to whom I go for supervision.
2. If I am concerned that there is a significant risk of harm to you or someone else I may decide that I need to breach confidentiality to reduce that risk. I am more likely to act if the person at risk is a child or appears to be a vulnerable adult. I would normally discuss my concerns with you prior to taking any action. If my concern is that you are at risk of harming yourself I will discuss with you how we minimise that risk and I may want to involve your GP.
3. Under very rare circumstances, I may be required by law to pass on information to the relevant authorities. This is the case if I believe you are involved in or are planning an act of terrorism, are involved in drug trafficking or money laundering. It can also happen if a court requires me to pass over information I am holding on a client, who is under criminal investigation or being prosecuted.
4. Because you ask me to do so. If you do ask me to provide a third party with information about you and our work together I will discuss that with you and if I agree to do so will provide you with a draft of what I propose to send, before I pass it on.

Therapeutic Will

In the case of my death, or my becoming incapacitated for an extended period, your name and contact details will be shared with my Therapeutic Executor. This is so that you can be contacted to explain what has happened, if you are seeing me at the time. Once it becomes clear that I will not be returning to practice all the paper-based client records and the contents of my client record system would be destroyed/erased.

Erasing your information

On the advice of my professional body, I keep my client notes for seven years after we have completed our work together, at which point they are destroyed/erased.

Your rights under GDPR

Under this legislation you currently have the following rights:

To be informed about what information I hold (this document).

To see the information I hold on you (free of charge for the initial request).

To rectify/correct any inaccurate or incomplete personal information.

To request that your personal information is erased/deleted/shredded. I can decline this request if the information is needed for me to practice lawfully or competently, or if there is another reason (for example a complaint or legal reason).

My devices

I do not store client information on either my computer or mobile phone. I do access my emails through both and texts through my mobile phone.

Registration with the Office of the Information Commissioner

I am registered with the Office of the Information Commissioner (OIC), registration reference number ZA080937. I will notify the OIC should a data breach occur in my systems.

If you are unhappy with how I have dealt with your information you may make a complaint to the OIC: www.ico.org.uk, phone: 0303 123 1113

If you are unsure about any aspect of this policy document, please Contact me

Steve Page/How I manage information about clients/version 1: 28th May 2018