A confidential space to explore the thoughts, feelings and challenges in your life
Privacy Notice – WebHealer Counselling
The purpose of this document is to demonstrate:·My understanding of data protection (the collection, use and storage of personal information)
My compliance with relevant legal frameworks (DPA in the UK, GDPR in the EU – see below)
WebHealer (the data controller) complies with her obligations under the General Data Protection Regulation (GDPR) by keeping personal data up to date; by storing (and destroying it) securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data. This is a ‘live’ document and may change from time to time to reflect changes in legislation, or the needs of my business (for example).
General Principles:
As a professional counsellor, I place an emphasis on my clients’ confidentiality
I am committed to complying with the letter and the spirit of the law (e.g. DPA, GDPR)
I respect that individuals have a set of moral and legal rights relating to how their personal data is processed
I am registered with the ICO and comply with their requirements.
The DPA (Data Protection Act) 1998 has been supplemented by the GDPR (General Data Protection Regulation) 2016 (enforced from 25 May 2018). These regulations cover the processing (collection, use and storage) of personal data.
The GDPR refers to ‘controllers’ and ‘processors’. For the purposes of my business (Counselling Intentions) I will hold roles of data controller and of data processor. I may also use third party intermediaries as data processors – including (but not limited to): my webhost and email providers; my webform providers; my phone company; my business bank.
How I’m collecting, using and storing data:
Third parties may send information to me using webforms. This information may be processed and held by intermediary services (e.g. Google) as well as being sent to my own business email accounts. This is consistent with the Lawful Basis of ‘Legitimate Interest’ in that a third party using a webform to contact me, knows that that information will be transmitted and stored electronically and expects that I will respond to, or otherwise action, their communication.
Accounts will be securely password-protected. Collecting and storing client notes in this way is consistent with the Lawful Basis of ‘Legitimate Interest’ – as a Counsellor I am ethically bound to keep accurate notes of my sessions. I have considered whether it is desirable to keep electronic notes (versus paper notes). I have concluded that electronic notes are at least as secure, and at least as durable, as paper notes. This is consistent with advice from the ICO.
Nevertheless I may still keep paperwork relating to my business – for example, signed copies of contracts. This is consistent with the Lawful Basis of ‘Legitimate Interest’ – I may need to provide copies of physical paperwork for example in order to support a client’s claim for insurance expenses, or, in relation to legal proceedings. As a counsellor, I am ethically bound to keep such records.
I will also process personal data relating to the Assessment of prospective clients. This includes (for example) family and medical histories, and emergency contacts/next-of-kin. This has a Lawful Basis of ‘Legitimate Interest’ in that processing of assessment data helps ensure safe, ethical and appropriate therapy. It is a professional requirement that I process such data, and I may need to refer to it at any time during or after therapy (for instance, in relation to legal proceedings). I will store such data securely, whether in electronic or paper format (or both).
I will be particularly mindful of the rights and interests of third parties such as family members and significant others, regarding whom my clients may provide personal data (such as medical history; criminality) without the knowledge or permission of those third parties. I will undertake to process (collect, use and store) only a viable minimum of such information, consistent with me discharging the Legitimate Interests detailed in this document – for example, the collecting of family members’ mental health history at the point of client Assessment, which is required in order to provide a safe, ethical and appropriate service to the client.