top of page

Privacy Policy

Privacy policy document

The privacy of my clients is very important to me and as such I am committed to the responsible and secure use of data and complying with the terms of the UK General Data Protection Regulation (UK GDPR). I am also registered with the UK Information Commissioner's Office.

 

I have several legal reasons for processing personal information:

  • Legitimate interest: I need to process personal information to provide counselling and psychotherapy services

  • Contract: I cannot fulfil my contracted services without holding information which I need to liaise with clients (e.g. contact details)

  • Legal obligation: I need to hold certain pieces of information for tax, insurance and safeguarding purposes

​

The purpose of this policy statement is to let you know what personal information Dom James Counselling & Psychotherapy collects and holds, why this information is collected, how long it is stored for, and your rights in accordance with current data protection regulations.
The information given below is correct at time of writing.

​

1.  The type of information I collect

​

1.1 I collect personal information from potential clients when they enquire about my counselling

and psychotherapy services and to set up an initial appointment. This includes contact details, availability and other relevant personal information needed to respond to enquiries. 


1.2 If you decide not to proceed with accessing my services, I will ensure all your personal details

are deleted within three months of your last contact with me. If you would like this information deleted sooner, please let me know.


1.3 Once any client stops accessing my services, all data regarding their counselling and psychotherapy is archived and stored securely in line with retention guidelines from my insurance company, my professional body and HMRC (usually no longer than 6 years) and then destroyed. Data is kept as a legal duty to fulfil my professional responsibility to retain records in case of legal proceedings and/or complaints for which documentation is required, and this also gives me a reference in case you decide to return to therapy in the future.


1.4 I currently collect and process information including:


•    Name
•    Date of Birth
•    Address
•    Contact details (phone number/email address)
•    Working status/occupation(s)
•    GP contact details
•    Emergency contact details
•    Social support and home/family circumstances
•    Risk assessment details
•    Weekly availability


I may also collect and process ‘special category data’ including:


•    Personal history (including physical and mental health)
•    Medication and substance use history
•    Gender identity
•    Sexuality
•    Ethnicity
 

2.  My use of this information

​

2.1 Your data will only be used to provide you with my services and to give you information relating to my services. 


2.2 I will not share your details with any other person or organisation without your knowledge and permission. Exemptions for this clause can be found in the counselling and psychotherapy agreement and these include safeguarding, acts of terrorism, money laundering, drug trafficking, and risk of serious harm. In addition, I may share your information with your GP or your local mental health crisis team in case of emergency and I may be required to share certain items of data if my taxes are audited by HMRC.


2.3 A breach of confidentiality is when a person shares information with another in circumstances where it is reasonable to expect that the information will be kept confidential. Clients will be informed promptly of any suspected breaches.

 

3.  Data collection, security and storage

 

3.1 Most of the information I hold comes direct from my clients through verbal and written communication during referral and assessment processes and during the course of therapy.


3.2 When someone visits my website, I collect some data indirectly such as standard internet log information and details of visitor behaviour patterns using a third-party service (Wix.com). I collect these statistics to analyse visitor traffic and improve the visibility of my website. This information is only processed in a way that does not directly identify visitors. I do not make, and do not allow Wix.com to make, any attempt to find out the identities of those visiting my website. Like most websites, cookies are also collected to help the site work more efficiently.


3.3 I take my responsibility regarding data security very seriously and as such I will take all reasonable precautions to prevent the loss, misuse, or alteration of any details you give to me.


3.4 The collected information outlined above is kept on a secure, GDPR-compliant online system called Zanda which has both password protection and two-factor authentication (2FA). I use a laptop to access this system which only I have access to. A backup of the information is kept on an encrypted, password-protected USB drive. I also keep brief notes about counselling and psychotherapy sessions, but these are kept separately from client contact details.


3.5 Communications in connection with my services may be sent by email. For ease of use and compatibility, communications will not be sent in an encrypted form unless you require it and give me permission to communicate with you in that way. Email, unless encrypted, is not a fully secure means of communication. While I aim to keep my systems protected against viruses and other harmful effects, I cannot bear responsibility for all communications being virus-free.


3.6 Some pieces of information such as your email address and contact numbers are stored on my smart phone and email account. Both are locked with passwords/PINs and contact numbers are assigned to client codes rather than using personally identifiable details. 
 

4.  Your data protection rights

​

4.1 Under data protection law, clients have certain rights regarding the processing and use of their personal information including:

​

  • The right of access: you have the right to ask me for copies of your personal information.

  • The right to rectification: you have the right to ask me to rectify personal information you think is inaccurate. You also have the right to ask me to complete information you think is incomplete.

  • The right to erasure: you have the right to ask me to erase your personal information in certain circumstances.

  • The right to restriction of processing: you have the right to ask me to restrict the processing of your personal information in certain circumstances.

  • The right to object to processing: you have the right to object to the processing of your personal information in certain circumstances.

  • The right to data portability: you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

​

4.2 You are not required to pay any charge for exercising your rights. If you make a request, I have one month to respond to you. Please contact me using the details found below if you wish to make a request.

 

5.  How to complain

 

5.1 If you have any concerns about my use of your personal information, you can get in touch with me using the above contact details. I will do all I can to resolve any concerns you may have.


5.2 If, for any reason, I cannot resolve the issues you have and/or you are unhappy with how I have used your data, you may choose to complain to the Information Commissioner’s Office (ICO) directly.
Their contact details are:


Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF


Helpline number: 0303 123 1113
Website: https://www.ico.org.uk

 

6.  Further information

 

For more information, please see the links below:
ICO: https://ico.org.uk/for-the-public/
Zanda: https://zandahealth.com/privacy-policy/
Wix: https://www.wix.com/about/privacy

bottom of page