- 1 General Data Protection Regulation (GDPR) Statement.
- 1.1 Personal Data I will Collect.
- 1.2 How I will store your Personal Data.
- 1.3 How I may Process/Share your Personal Data.
- 1.4 Your Rights.
- 1.5 Request to be "Forgotten".
- 1.6 Got a Question? Don't Hold Back…
Personal Data I will Collect.
- Gender (birth gender, or your corrected identity, whichever you prefer).
- Date of Birth.
- Relationships & Progeny.
- Telephone/SMS number (plus permission to send SMS & leave voice message).
- Email address.
- Counselling History.
- Medical conditions relevant to counselling.
- Prescribed medication, relevant to counselling.
How I will store your Personal Data.
- Paper: written notes (described below).
- Smartphone: I will store your contact data (Name, mobile #, email address) in a plain-text note app that backs up to my private Google Drive. This allows me to contact you in case of emergencies, but keeps from revealing this data to other applications (i.e. not using a Contacts app).
- Email/SMS/WhatsApp: your email address and correspondence will be stored in my email account (currently GMail) by nature of you contacting me. Your telephone number may be stored in my SMS or WhatsApp app should we exchange messages this way. Electronic correspondence will also be held by the corresponding app (Gmail, Phone's SMS, WhatsApp).
- Website: none of your personal data is stored on my website, other than to momentarily collect & send it to my Gmail account for the purposes of our initial contact, after which is automatically erased.
A note about GMail (Outlook etc) and Electronic Messaging Systems - free electronic email & messaging services (Gmail, Outlook, Facebook, WhatsApp etc) regularly read incoming & outgoing messages electronically. One of the reasons for this is that the service gains knowledge about the messaging user for the purposes of selling advertising to other companies. To put it plainly: if you email me about the topic of, say, your sexuality using your GMail address it's very likely sexuality will be associated with your email account... which will possibly attract associated advertising topics wherever you're logged in with that same account (eg Google.com).Best advice I can give is (a) to read the terms of service your free messaging provider and (b) to be cautious in what data you include when communicating electronically.
- Contact Sheet
- Assessment Record
- GDPR Agreement
- Client Code (linking documents)
- Brief Session Notes*
- Contact name & telephone
Consultation.I seek a monthly consultation with another therapist qualified in this process. The consultation process is for my practice (rather than seeking instruction on working with you). In order to protect your privacy, my consultant will not know you personally nor professionally. I will refer to you by your first name, and I may refer to your data verbally when it's helpful to my professional processes.*Session summaries are my aide mémoire to assist me in my consultation processes; they are my property.
Therapeutic Will.Your name and contact details will be shared with my Therapeutic Executor. This is so that you will be contacted on the event of my death, should you still be in therapy with me.
Emergencies.If your health is in jeopardy (provided I have your consent) I may share your contact data with an emergency healthcare service (e.g. Mental Health Crisis Team).If I have become aware of your intent to cause harm to another person/organisation (e.g. terrorism), the law may require that I inform an authority without seeking your permission. In such a situation, the law may require that I share your personal data without your knowledge (known as: whistle-blowing).
Erasing your Data.When we have finished working together, I will erase electronic copies of your data & correspondence within one month.I will hold onto your written/printed data for up to seven years past the end of our working together. This is so that I have a reference of our work in situations such as you returning to counselling in the future. After this time has passed, I will destroy the written/printed data.
Your Rights.You have the following rights...
- To be informed about what data you are giving me which I will record / have recorded (i.e. to be given this document).
- To see the data you have given me about yourself** (free of charge for the initial request only).
- To rectify any inaccurate or incomplete personal data about you**.
- To withdraw consent to me using your personal data about you**.
- To request your personal data be erased** (however I have the exception right to decline your request whilst the data is required for me to practice lawfully & under insurance (around 7 years) - see example titled "Healthcare Provider" - ICO.org.uk ).
Request to be "Forgotten".This section references information from https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/The right (to have all data erased) does not apply to all lawful bases and may be refused in some circumstances.
- The UK GDPR introduces a right for individuals to have personal data erased (the right to erasure is also known as ‘the right to be forgotten’).
- The right is not absolute and only applies in certain circumstances.
- to comply with a legal obligation.
- for the establishment, exercise or defence of legal claims.
- if the processing is necessary for the purposes of preventative or occupational medicine; for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services. This only applies where the data is being processed by or under the responsibility of a professional subject to a legal obligation of professional secrecy (e.g. a health professional - see example under: ICO.org.uk).
- A healthcare provider (e.g. a counsellor) receives a request from a previous patient to erase all of their personal data.
- The provider’s liability insurance requires them to retain patient records in case of complaints or legal claims.
- The organisation (e.g. the counsellor) can refuse the request to erase the individual’s data, as they are processing the data for the establishment, exercise or defence of legal claims.
In short:Whilst GDPR gives you the right to request that you be forgotten after our counselling work is no longer taking place, GDPR gives me the obligation to decline the request due to my insurance provider requiring I keep notes/records on file for up to seven years due to the potential for case complaints or legal claims. After seven years have passed, following the end of our work, I will destroy all notes and records of our work.
Got a Question? Don't Hold Back…
If you have a question about Dean Richardson's counselling services in Waterlooville, or just want to ask a question, maybe about making your first appointment, feel free to drop Dean a message any time…