Your privacy is very important to me and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me. I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. This privacy notice tells you what I will do with your personal information from initial point of contact through to after your therapy has ended, including:
What is personal information
Why I am able to process your information and what purpose I am processing it for
Whether you have to provide it to me
How long I store it for
Whether there are other recipients of your personal information (3rd party)
Your data protection rights.
I am happy to chat through any questions you might have about my data protection policy and you can contact me via email at email@example.com.
I also adhere to the ethical guidelines regarding protecting client privacy and confidentiality set by the British Association for Counselling and Psychotherapy (BACP).
‘Data controller’ is the term used to describe the person/ organisation that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is me. I am registered with the Information Commissioner’s Office [Insert registration number]. My postal address is: 160 Ravensbourne Avenue, Shortlands, Bromley. BR2 0AY. My phone number is: 07903 722341. My email address is: firstname.lastname@example.org
In order to provide you with the best service possible I need to hold your personal contact details and records of your therapy sessions. This privacy notice tells you what I will do with your personal information from initial point of contact through to after therapy has ended. Your privacy is very important to me and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me.
What is personal information?
The Data Protection Act 1998 (DPA) defines personal information as any information that can be used to identify a living individual. Individuals can be identified by various means including their name, address, telephone number or email address for example.
Why do you want to process my personal information?
I need to process your personal information in order to fulfil my contractual obligations to you as a therapist, for example to assess whether I am able to offer you therapy in the first place, and then to deliver effective therapy to you if therapy commences. Your personal information helps guide both my assessment process, and my decision-making during therapy. I will also use the information that I collect about you in order to develop a better therapy service. My contractual obligations to you as a therapist are the lawful basis for my processing of your personal information.
I will never use your personal data for any purposes other than the administration of the therapy service that I am providing to you i.e. to arrange, cancel and rearrange appointments. I will only retain your personal information for as long as is necessary. This is in line with guidance from the Information Commissioner’s Office.
How I use your personal information
Initial contact. When you contact me with an enquiry about my counselling services I will collect information. This will include your name so that I can book the appointment and also a contact method, for example an email address or phone number.
Alternatively, your GP or other health professional may send me your details when making a referral or a parent or trusted individual may give me your details when making an enquiry on your behalf. If you decide not to proceed I will ensure all your personal data is deleted within 3 months. If you would like me to delete this information sooner, just let me know
While you are accessing therapy: Your email address or phone number will be used to provide you with confirmation of your appointment times if you have given consent for this. Your email address and telephone number will only be used to contact you regarding appointment times unless we have agreed that I will also use your email address to email you information that is relevant to your therapy sessions.
At the beginning of your first appointment I will ask you to complete a personal details form containing your name, address, date of birth, contact information and also contact information for your GP. Please be aware that I will not routinely contact your GP to inform your GP of your attendance as your attendance is confidential. To fulfil my duty of care towards you while also maintaining your confidentiality I will only contact your GP if it is necessary and should these circumstances arise I would discuss this with you wherever possible before contacting your GP.
Rest assured that what is said in our sessions will be kept confidential. I am an Member of the British Association of Counselling & Psychotherapy (BACP) and I abide by their professional code of ethics. Confidentiality will only be broken if there are legal or ethical obligations to disclose, for example, if you disclose abuse/neglect of a child or vulnerable adult, or say something else that implies serious harm to yourself or others, or if a court of law requires me to disclose information.
In the event that confidentiality must be broken I will always try to speak to you about this first, unless there are safeguarding issues that prevent this.
Counsellors are required to have regular supervision support so I may discuss our work with my supervisor. This would be done without identifying you and my supervisor is a counsellor who also abides by the BACP’s code of ethics regarding confidentiality.
I keep brief notes of our therapy sessions for the purpose of assisting our work together. The notes help me to keep track of the issues that we are working on and they are for my use only. The notes do not include any personal details that could be used to identify you and they are stored electronically on a secure database, password protected and only accessible by myself.
After therapy has ended: There are reasons why counsellors are required to keep records after therapy has ended. For example, in the case of financial transactions personal information must be retained for as long as legally required in respect of tax or accounting purposes. Retaining your therapy notes ensures that I can continue to offer you an efficient service if you make contact after therapy has ended.
How long will you store my personal information?
According to the GDPR, your personal information should be stored for no longer than is necessary. In practical terms, I will usually store your information for a minimum of 7 years following the termination of your treatment. However, I may need to store your information for longer than this, for instance in order to defend myself in a claim situation, or to comply with my insurance terms and conditions.
What are the laws that protect my personal information?
The DPA and the General Data Protection Regulation (GDPR) require that all organisations that store personal information about people may only do so provided that the information is: processed lawfully, fairly and in a transparent manner; collected for specified, explicit and legitimate purposes; adequate, relevant and limited to what is necessary; accurate and, where necessary, kept up to date; kept in a form that permits identification of information subjects for no longer than is necessary for the purposes for which the personal information are processed; and processed in a manner that ensures appropriate security of the personal information.
How will you collect my personal information?
I will collect your personal information in the following ways: via my website: www.markmahoneytherapy.com, over the telephone, in writing, and in person during our meetings. I will also store personal information on a secure database, accessible only by myself. This database is password protected.
How will you store my personal information?
I will store your personal information electronically. Personal information is stored electronically on devices that are password and/or fingerprint I.D. protected, and in files that are further password protected and only accessible by me. Names and contact details are stored separately to other personal information (anonymised format). Physical information is not stored by me. Any paper notes are always written using your first letter initial only. Any paperwork you complete is stored digitally and then the original copies are shredded.
What is ‘special category’ information, and why do you need to process this too?
Special category information is defined by the GDPR as being information that is more sensitive than other personal information, and therefore requiring of higher levels of protection. Examples of this type of information could include information about your health, race, sexuality, sex life, or religion. In order to lawfully process special category information, I am obliged to identify a specific condition for processing it under Article 9 of the GDPR and communicate this to you. With this in mind, the condition of the GDPR that I apply to the processing of your special category information is that it is ‘pursuant to contract with a health professional’. This means that, if you begin psychotherapy with me, or ask me to assess whether or not you are eligible for me to offer psychotherapy to you, then I will likely need to process some special category information about you. Usually, this is information about your mental health, and I need to process it in order to fulfil my contractual obligations to you in delivering safe, effective psychotherapy.
Visitors to my website. When someone visits my website, I use a third-party service, Google Analytics to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. I do not make, and do not allow Google Analytics to make, any attempt to find out the identities of those visiting my website. I use legitimate interest as my lawful basis for holding and using your personal information in this way when you visit my website. I use Google Analytics so that I can continually improve my service to you, You can opt out of this by clicking on this link and following the instructions. https://tools.google.com/dlpage/gaoptout/?hl=en-GB
Whether there are other recipients of your personal information (3rd party)
Your information does not get shared with anyone else within my private practice, as I manage my practice myself, and operate my business as an independent ''sole trader''.
I will never share your information with any third party - unless you have explicitly told me that you would like me to, in order to help you get good support or healthcare.
I am required to have regular supervision with another professional therapist as part of my ongoing accreditation with the British Association of Counselling and Psychotherapy (BACP). I never disclose any personally identifying information about my clients within supervision.
There are only three lawful exceptions where I do not need your consent to share information to a third party: child protection, court order and risk to life.
Your data protection rights
Can I ask for a copy of the personal information that you store about me?
Yes. The DPA gives you the right to find out what information that I store about you by requesting a copy of it. Any request that you make to obtain a copy of the personal information that I hold about you is called a ‘Subject Access Request’. You can write to me and ask for a copy of the information that I hold about you. Address your letter to: Mark Mahoney Counselling, 160 Ravensbourne Avenue, Shortlands, Bromley, BR2 0AY. I must respond to your request without delay, and usually within one month at the latest.
Can I request that you delete my personal information?
Yes. This is known in the new legislation as the Right to Erasure. You can request for your personal information to be deleted either verbally, or in writing. You can address this request to me at: : Mark Mahoney Therapy, 160 Ravensbourne Avenue, Shortlands, Bromley, BR2 0AY. I may also have the right to refuse to comply with your request, for example in order to defend myself in a claim situation, or to comply with my insurance terms and conditions, and I will let you know my response to your request within one month of receiving it.
Can I object or complain about the processing of my personal information by Mark Mahoney Therapy?
Yes. Whilst I hope that the policy outlined above will be sufficient to reassure you of the security of your personal information, should you wish to object or complain about the way that your personal information is being handled by me, then do please feel free to communicate this to me at the earliest possible opportunity. I will do my best to address your concerns and take steps to try and resolve whatever issues you may raise. You can write to me at: Mark Mahoney Therapy, 160 Ravensbourne Avenue, Shortlands, Bromley, BR2 0AY Should you wish to take the matter further, please contact the Information Commissioner’s Office on 0303 123 1123, or visit https://ico.org.uk/concerns/ for more information.