Counselling by Nicola Stewart
As BACP accredited counsellor I follow ‘The Ethical Framework for the Counselling Professions’ which commits members to ‘respect our clients’ privacy and dignity’ (Good Practice, point 21). Client confidentiality and the prevention of unauthorised disclosure of information that could identify a client is therefore an obligation for all practitioners.
In light of the General Data Protection Regulation (GDPR), which came into force on 25th May 2018. I have prepared this statement for my clients, as their contractor. This statement sets out how I handle the information of my clients. I am registered with the ICO.
Description of processing
The following is a broad description of the way I process your personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices that I may have provided.
Reasons/purposes for processing information
I process personal information to enable me to provide mental health counselling, to advertise my services, to maintain my records.
Type/classes of information processed
I process information relevant to the above reasons/purposes. This information may include:
•family, lifestyle and social circumstances
•employment and education details
I also process sensitive classes of information that may include:
•physical or mental health details
•racial or ethnic origin
•religious or other beliefs of a similar nature
Who the information is processed about
I process personal information about my
Who the information may be shared with
I sometimes need to share the personal information I process with the individual them self and also with other organisations. This is only done with explicit consent. The only exception to this is if I feel my client is at risk of significant harm and I have a duty of care to share this concern with the relevant body. Where this is necessary I am required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations I may need to share some of the personal information I process with for one or more reasons.
Where necessary or required I may share information with:
•social and welfare organisations
•Local Safeguarding Children Board
On termination of my contract I will:
•return all information pertaining to the contract services
•destroy electronic files relating to client records
I confirm I am fully responsible for:
•making sure I comply with the Data Protection Act
•being trained in how to handle personal information
•When collecting personal information, I tell people how I will use it
•Having a process in place so I can respond to requests for the personal information I hold (with the exception of client notes, which are subject to confidentiality)
•Keep records of people's personal information up to date and don't keep it longer than necessary (6 years after termination of contract)
•I have measures in place to keep the personal data I hold safe and secure.
Working with children
When working with children my privacy notices are clear, and presented in plain, age-appropriate language.
I use child friendly ways of presenting privacy information, such as: diagrams, cartoons, graphics and videos, dashboards, layered and just-in-time notices, icons and symbols.
I explain to parents that the information I collect will enable me to offer counselling services to children and why I require the personal data I have asked for. I will never share this data with a third party unless the child is considered at risk, in this case I will share this information with the school's Designated Safeguarding Lead (DSL). This is explained to parents and children at the start of our work together. Data collected regarding a child referred for counselling will be held at the child's school in a secure environment and not shared with any other party without explicit consent of parents.
The contact page of my website collects the enquirers email address and enquiry type. This information is emailed to me and I will respond to enquiry. I will not pass your contact details to any third party. This website is hosted by Moonfruit (Sitemaker Software Ltd) - see their privacy statement here.
Links to other websites
Review of this Policy
I keep this Policy under regular review. This Policy was last updated in May 2018.