I comply with GDPR guidelines to ensure that your personal information is kept private, held securely, and processed in the way that you have agreed to, to protect your rights as a consumer.
People often worry about sharing private information, thoughts, feelings or painful memories. I will treat everything you tell me as strictly confidential between you and me. Trust is crucial in fostering the therapeutic process. I will provide you with a safe space, where you can talk about anything you may wish to explore, in a non-judgmental, open friendly and understanding manner. To keep our work confidential, please note that if we bump into each other in a public place, I will not say hello or talk to you unless you initiate it.
Limits of confidentiality
I will treat everything you say during sessions as confidential, within limits. I have no mandatory obligation to share what you tell me with other agencies, except for information requested by British law. This includes information related to terrorism, drug trafficking, money laundering and female genital mutilation. In the unlikely event that I was issued with a police warrant, court order, or request for access to personal data made under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, I must provide this information. In such circumstances, I will work with you to make appropriate disclosures.
Other than what is required by law, if I have safeguarding or welfare concerns about you or any vulnerable individual, under my “Duty of Care” I have an obligation to inform the relevant authorities. I reserve the right to contact your GP or inform appropriate agencies. In any event, I will let you know about my intention and wherever possible seek your consent. I will not give any personal details beyond what we are working on. Any information will be shared electronically, encrypted and password protected.
Good therapeutic practice in the UK requires that therapists, regardless of their experience, attend regular supervision with a qualified practitioner. This is to ensure I am doing my job effectively and that I have the right support. I may discuss elements of our sessions with my supervisor. However I will not share any details that may identify you. My supervisor also treats personal information as confidential.
Data use policy
I comply with GDPR guidelines, to ensure that your personal information is kept private, held securely, and processed in the way that you have agreed to, to protect your rights as a consumer.
What personal information do I keep?
I keep some information that might identify you, for example your name, gender, date of birth, postal and email address, telephone number. I keep additional information about your GP, important others, your reason for seeking my service, therapeutic goal, whether you have a specific condition, mental health history, history of current issue, session notes written after our sessions, text messages and emails we exchange. This information will be anonymized and held separately from information that can identify you.
Why do I record this information?
I keep your personal information solely for the purposes of therapy and working in a safe effective manner with you. It enables me recall our discussions and trace your progress.
How do I keep this information and for how long?
I store information electronically, in anonymized form, on a computer that is password protected.
Hardcopy documents are all stored in a secure location and no one else has access.
Text messages: my work phone is secured with a pin code.
Emails: my email account requires a user name and password.
Email attachments: any attachment containing your personal information will be password protected and a password will be sent to you by text message.
Electronic documents: any electronic documents, e.g. a letter to your GP, or invoice, will be password protected and stored on a password protected computer if they contain personal or sensitive information.
According to United Kingdom Council of Psychotherapists’ (UKCP), I must hold your information for 7 years after our final session. In the case of a child under 18, I must hold information until their 25th birthday, unless they are 17 when treatment ends and then I must keep it until their 26th birthday. Therefore, all records will be deleted in the January after the above retention time. This is in line with NHS regulations for holding data. I will securely delete electronic records, on any device used to store them, and once the device comes to the end of its life. You are entitled to request to see any personal information I keep.
Withdrawing your consent for me to keep your personal information
Under the GDPR guidelines, you can make a request, in writing, for all your records to be deleted. In this case all your paper records would be shredded with a cross shredding machine and any electronic data such as emails or text messages would be permanently deleted from the devices they are stored on. I will only save your request for deletion. Exceptions include cases where deleting information would compromise any ongoing statutory process. If you have any further questions about my confidentiality and data policy, please ask me.