Privacy Policy
Privacy Policy
I take the data of my clients very seriously and know that you care about how your information is used and shared. I appreciate your trust to do this carefully and sensibly. This page details my privacy policy and forms part of the website terms and conditions (“Website Terms”). The General Data Protection Regulation (GDPR) is concerned with your personal data that I collect, store, and share and this policy details how I follow these regulations.
By accepting the Website Terms you are accepting and consenting to the practices described in this Privacy Policy. Chrissy Orson Psychotherapy, Coaching and Consultancy believes it is important to protect your Personal Data (as defined in the General Data Protection Regulation, 2018) and commit to giving you a personalised service that meets your needs in a way that also protects your privacy. The General Data Protection Regulation (GDPR) is concerned with your personal data that I collect, store, and share and this policy details how I follow these regulations.
Some of the Personal Data I hold about you may be ‘sensitive personal data’ within the meaning of the General Data Protection Regulation, 2018, for example, information about your health or ethnic origin.
I am registered with the Information Commissioners Office as a data controller.
Please read this Privacy Policy carefully.
Personal Data I will Collect
- Name
- Gender (birth gender, or your corrected identity, whichever you prefer).
- Age
- Date of Birth
- Relationships & Progeny
- Occupation
- Address
- Telephone/SMS/WhatsApp number (plus permission to send SMS/WhatsApp)
- Email address
- Therapy/Coaching history
- Medical conditions relevant to therapy or coaching
- Prescribed medication, relevant to therapy or coaching
- Presenting difficulties
When Information is Collected
There are a few occasions when I might collect information from you. These include when:
- You first call or email us to make an enquiry about services, or to make an appointment to meet me
- You give us this information during a session
- You attend your first session and sign our Therapy Agreement or any coaching agreement
- You give us information via a contact form, comment boxes or payment facility on our website
- If you enquire through a third-party database such as Psychology Today or the BACP
- We will not collect this information from you at any other time
How will I save your Personal Data?
- Paper: written notes (described below).
- Digitally: I store some written notes within Microsoft OneDrive for Business, a cloud-based service designed with high level security features. Microsoft ensures the safety of stored data through encryption (in transit and at rest), access control (all access is through 2-factor authentication systems) and through their own GDPR compliant standards and data back-ups.
- Smartphone: I will store your basic contact data (name and mobile number) on a mobile phone solely used for business purposes and with no social media apps downloaded. This allows me to contact you for the purposes of arranging appointments or to respond to any queries via phone, SMS message or WhatsApp (as agreed by you), but keeps from revealing this data to other applications.
- Email/SMS/WhatsApp: your email address and correspondence will be stored in my email account (currently Outlook) by nature of you contacting me. Your telephone number may be stored in my SMS or WhatsApp app should we exchange messages this way. Electronic correspondence will also be held by the corresponding app (Outlook, MS Teams, Phone's SMS, WhatsApp).
- Website: none of your personal data is stored on my website, other than to momentarily collect & send it to my Outlook account for the purposes of our initial contact, after which is automatically erased. Please see our cookie policy to see which cookies we use.
- Email Circular: If you choose to sign up to my email newsletter then your email address will be stored by my Mail Chimp account for the purposes of sending the emails only.
Documents Held
- Contact Sheet
- Coaching or Therapy Agreement including GDPR Statement
- Assessment Record
- Brief Session Notes
- Record or Attendance/Missed Appointments
- Contact Name and telephone number
- Email/SMS/WhatsApp
A note about free Gmail, Outlook etc. and Electronic Messaging Systems – free electronic email & messaging services (Gmail, Outlook, Facebook, WhatsApp etc) regularly read incoming & outgoing messages electronically. One of the reasons for this is that the service gains knowledge about the messaging user for the purposes of selling advertising to other companies.
To put it plainly: if you email me about the topic of, say, your sexuality using your GMail address it may be that sexuality will be associated with your email account. This could possibly attract associated advertising topics wherever you’re logged in with that same account (eg. Google.com).
The best advice I can give is:
- to read the terms of service your free messaging provider
- to be cautious in what data you include when communicating electronically.
How Your Information is Protected
As a therapist, I am trained in the importance of maintaining confidentiality. I go to great lengths to keep all your information safe. I invest in the appropriate resources to protect your personal information from loss, misuse, unauthorised access, modification or disclosure. I make sure I manage it in accordance with our legal responsibilities under applicable data protection and GDPR regulations.
I want you to know that I will never sell or pass on your personal information to third parties for their own purposes. As all therapists are required to keep appropriate records of their client work, I might keep some brief notes of your sessions. All notes are fully anonymised and are not stored alongside any identifiable information or any information collected from you, as detailed above. Anonymised notes are kept in a locked cabinet or on a password protected secure computer in accordance with data protection laws.
How I Will Communicate with You
I will only ever communicate with you via email or text message, outside of our sessions, unless you specifically request a phone call at an agreed time. I will not ring without prior arrangement as I do not wish to put or your privacy at risk.
How Your Data is Processed
After I have received your information, there are a few ways in which I might use it to ensure the best possible service. They include:
- To help identify you when you contact me.
- To contact you to make, confirm, cancel or reschedule appointments.
- To respond to any queries or complaints that you raise.
- If I have a legal obligation to use or disclose information about you for instance, where I am ordered by a court or regulatory authority, or for the purposes of safeguarding.
- For any other purpose to which you agree.
- I will not disclose your information to any third party except in accordance with this Privacy Policy.
Emergencies
- If your immediate health is in jeopardy, provided I have your consent, I may share your data with an emergency healthcare service such as the ambulance service or a mental health crisis team.
- If I have become aware of your intent to cause harm to another person/organisation (e.g., terrorism), the law may require that I inform an authority without seeking your permission. In such a situation, the law may require that I share your personal data without your knowledge (known as: whistleblowing).
Supervision
- I seek a monthly consultation with another therapist to support me in maintaining an ethical practice. This is something which all therapists must do as part of the ethical standards of their registered body, in my case the British Association for Counselling and Psychotherapy.
- In order to protect your privacy, my supervisor will not know you either personally or professionally. I will refer to you only by your first name and I will only refer you’re your data verbally when it’s helpful to my professional processes.
Therapeutic Will
- In accordance with the recommendations set out by the British Association of Counselling and Psychotherapy, in the event of my death or illness of sufficient severity to prevent me communicating directly with clients, your contact details will be accessed from an encrypted document by my Therapeutic Executor.
- The person undertaking this work will be bound by the confidentiality agreed between the practitioner and client, and will be a trusted colleague or a supervisor.
- The only data this person will have access to will be your contact number and forename, or that of a parent/carer where the client is under 18. Their role is to communicate with clients and support them in making alternative arrangements where this is desired and your data will solely be used to facilitate this.
Erasing Your Data
When we have finished working together, I will erase electronic copies of your correspondence within three months.
I will hold onto the records and brief notes of sessions, alongside your consent form and contact sheet for up to seven years past the end of our working together. This is so that I have a reference of our work in situations such as you returning to counselling in the future and is in line with my professional insurance requirements.
After this time has passed, I will destroy any remaining data.
Your Rights
I want to ensure that you’re in control of how I use and keep your information.
You have the right to:
- To be informed about what data I will record/have recorded (ie: to be directed to this policy)
- To be informed how your personal information will be used.
- To request a copy of the information I hold about you (please note this is your individual data only. You may not make a GDPR request for data held about your partner where there is any ongoing couples work).
- Update or amend the information I hold about you if it is incorrect.
- To withdraw consent to me using your personal data at any time.
- Ask to remove your personal information from my records (however I have the exception right to decline your request whilst the data is required for me to practice lawfully & under insurance (around 7 years) - see example titled "Healthcare Provider" -https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/right-to-erasure/).
- Request an electronic copy of your personal information be sent to you, or another organisation.
- Raise a concern or complaint about the way in which your information is being used.
If you would like access to the Personal Data that we hold about you, you can do this by emailing Chrissy Orson Psychotherapy, Coaching & Consultancy.
I aim to keep the Personal Data I hold about you accurate and up to date. If I am holding any inaccurate Personal Data about you, I will delete it or correct it promptly. You can find out more on the Information Commissioner’s Office website at https://ico.org.uk/for-the-public/Open
The Right to be Forgotten
This section references information from https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/
The right (to have all data erased) does not apply to all lawful bases and may be refused in some circumstances.
- The UK GDPR introduces a right for individuals to have personal data erased (the right to erasure is also known as “the right to be forgotten”).
- The right is not absolute and only applies in certain circumstances.
Whilst therapy clients have the right to have their personal data erased if the personal data is no longer necessary for the purpose which the therapist originally collected or processed it for, the right to erasure does not apply if processing is necessary for one of the following reasons:
- to comply with a legal obligation.
- for the establishment, exercise or defence of legal claims.
The UK GDPR, 2018 specifies two circumstances where the right to erasure will not apply to special category data:
If the processing is necessary for the purposes of preventative or occupational medicine; for the working capacity of an employee; for medical diagnosis; for the provision of health or social care; or for the management of health or social care systems or services. This only applies where the data is being processed by or under the responsibility of a professional subject to a legal obligation of professional secrecy (e.g. a health professional – see example under: ICO.org.uk (https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/right-to-erasure/)).
IN SHORT: Whilst GDPR gives you the right to request that you be forgotten after our therapeutic work is no longer taking place, GDPR gives me the obligation to decline the request due to my insurance provider requiring I keep notes/records on file for up to seven years due to the potential for case complaints or legal claims.
After seven years have passed, following the end of our work, I will destroy all notes and records of our work as detailed above.
Visiting Third-Party Websites
This website contains links to other websites that I believe may be of interest to you. This Privacy Policy only applies to our website, so if you link to another website, I recommend you read the privacy policy of that website before sharing any personal or financial data.
I do not provide any personally identifiable client Personal Data to any advertisers or third-party websites.
I exclude all liability for loss that you may incur when using any third party websites.
Cookies
Like most websites, I use ‘cookies’ to help my website function. Cookies mean that a website will remember you and can obtain an overall view of visitor habits and volumes to our website. They can make interacting with a website faster and easier.
Cookies are small text files stored on your computer by websites that you visit. They are used by most websites in order to make them work efficiently, to make controls respond properly and to provide information to owners of web sites, or third parties. The cookies stored by my site cannot be used to identify you personally.
If you want to know how to disable the use of cookies on your device, visit aboutcookies.org Please note that if you turn off the use of cookies on the website, you are likely to find your browsing experience significantly degraded, and you may not be able to use some of the products or services on my website without cookies.