Under the general data protection regulations (GDPR), I am committed to protect the privacy and security of your personal information. As a client of Sarah Porter Counselling I am required by law to inform you about how I process and keep your data safe. Your personal information that I retain is:
- Your full name and address
- Your phone number and email address
- Your date of birth
- Your GPS name and address
- An emergency contact number
- Background information that may include family history, medication, dependents and partner
- Session notes.
Your contact details are held for one year after the end of the therapeutic contract. I am obliged to keep your client notes for 7 years, as a requirement for my insurance provider, and these are kept in a separate locked cabinet to your personal details and then securely anonymised.
Right to access
You have the right to ask for access to or a copy of your personal data.
You have the right to any incorrect information to be corrected by me.
You have the right to be informed, meaning I tell you how I may use your data or any changes to this.
Right to erasure
You have the right to ask me to erase any information I hold about you. This includes your personal information that is no longer relevant to its original purpose.
You have the right to withdraw consent to the collection and processing of your data. In all cases and when considering such a request, these rights are obligatory unless it is information that I have a legal obligation to retain.
Use made of the information
I will use your contact details to enable me to contact you about your counselling enquiry, or to notify of any changes in either mine or your availability.
As part of my commitment to providing a professional service, I regularly attend supervision.
My supervisor is bound by the same ethical agreements as myself and to protect your identity I will only use the initial of your first name.
Disclosure of your personal information
As my therapeutic contract states, your sessions are confidential. There may be times when I have a duty to disclose your personal data. This includes if you were to be at risk of harm to yourself or others or to comply with legal obligations, such asinvolvment with terrorism or if I were to be subpoenaed to court.
In the event of a data breach
I have a legal obligation to report a data breach to you and the information commissioner's office (ICO) within 72 hours