Sam Simpson Counselling is an independent practice offering person centred counselling, supervision and training. Information about Sam Simpson Counselling can be found at: www.samsimpsoncounselling.co.uk.
UK Data Protection Law and EU General Data Protection Regulations (GDPR)
Data Protection Law lays down wide-ranging rules, backed up by criminal sanctions, for the processing of information about identifiable, living individuals. It also gives individuals certain rights in relation to personal data held about them by others. For the purpose of the Data Protection Act 1998 (the Act), I am the Data Controller for Sam Simpson Counselling. As such, I am registered with the Information Commissioner’s Office (ICO). You can view my ICO registration by visiting: https://ico.org.uk/ESDWebPages/Entry/ZA047362
My lawful basis for processing personal information
My lawful basis for processing and storing personal information is one of ‘legitimate interest’ (under article 6 of the GDPR). I cannot adequately deliver a quality service to you without processing your personal information. As it is both a necessity for my service delivery and of benefit to you, I have a legitimate interest to process and store your data.
Data relating to an individual’s health is classified as ‘Special Category Data’ under section 9 of the GDPR. The regulations specify that health professionals who are ‘legally bound to professional secrecy’ may have a lawful basis for processing this data. Counsellors are legally bound to keep client information confidential and it is under this condition that I process and store personal information.
What I collect
I may require basic information which identifies you as an individual (‘Personal Information’), such as your name, email address and phone number, in order to enable you to take advantage of particular services that I offer – for example when you send an email enquiry or become a regular client/supervisee. In keeping with the Privacy Notice through which you give consent, I will only use such Personal Information for the purposes of providing the services which you have requested, or for other purposes set out in these Terms.
I may collect the following information in verbal or written form:
- Basic personal information
- Contact information, including email address and telephone number(s)
- Company or organisation
- Information pertinent to fulfilling my services
With regard to each of your visits to my site, I do not collect any information from my visitors and the only reason that it leaves cookies (small text files) on your computer is because it has been created in WordPress.
What I do with the information I gather
I gather information for the purpose of:
- Internal record keeping
- Management and administration (e.g. accounting)
- Clinical audit to assess and improve my service
If you do not wish me to make use of your Personal Information in this way, please email firstname.lastname@example.org. You can opt out at any time by contacting me directly.
I use your information:
- To communicate with you to fulfil the contracts entered into between you and I and to provide you with the information and services that you request from me
- To operate my business efficiently, including financial records
- To notify you about changes to my service
- As part of my efforts to keep my site safe and secure
Security and Data Storage
Unfortunately, the transmission of information via the Internet is not completely secure. Although I will do my best to protect your personal data, I cannot guarantee the security of your data transmitted to my site; any transmission is at your own risk. Once I have received your information, I will use strict procedures and security features to try to prevent unauthorised access.
Personal data is held electronically in a password-protected format and/or in paper form stored in a locked filing cabinet. Personal data will be held until such time as the contract is terminated. For therapy clients, all personal information will then be retained for a further 3 years before being destroyed. For supervisees all personal information will be destroyed immediately.
Disclosure of Information
All my dealings with you and any information that I have about you is confidential except when I may have a legal obligation to share, such as terrorism, money laundering and radicalisation.
Access to Information
You can request access to the personal information that I hold about you. I will provide this except in the limited circumstances in which I am permitted not to.
You may request amendments to the personal information I hold about you that is inaccurate or out-of-date. If you request that I delete your personal information, I will take all reasonable steps to do so unless I need to keep it for legal or professional purposes.
Controlling your personal information
I will not distribute your personal information to third parties unless I have your explicit permission or am required by law to do so.
You may request details of personal information which I hold about you. On such occasions, you can email me directly via: email@example.com
Concerns or Complaints
If you believe that any information I am holding on you is incorrect or incomplete, or have any other data protection related issues or queries, please contact me as soon as possible via: firstname.lastname@example.org. I will promptly correct any information found to be incorrect.
If you are concerned that I have breached a privacy law or code binding on us, please send an email marked ‘Urgent’ to email@example.com. I aim to respond in a reasonable time (normally 48 hours). I will manage your complaint and give you additional information about how it will be handled.
You have the right to complain to the Information Commissioner’s Office (ICO) if you believe I have not handled your request in an appropriate manner. For information on contacting the ICO please see their website: www.ico.org.uk