This notice describes what personal data I collect from you and how I store and process it as part of the counselling service provided by Nicola McEvoy Counselling. In the course of my practice I will collect, process and store personal data as a data controller.
I would like to reassure you that I adhere to all laws and procedures in relation to the General Data Protection Regulation (GDPR), (EU) 2016/679, Data Protection Act 2018 or other applicable data privacy legislation and will only use your personal data to provide you with the specific service or services you explicitly agree to. I am registered with the Information Commissioners Office (ICO) and my registration number is ZBO46880
What information do I collect?
I collect your personal details including, name, contact details including address, telephone numbers and email addresses and your date of birth. I may also request information on your availability, therapeutic issues and any other details that I consider relevant to processing your request.
In the consultation appointment and/or the first session, I will ask about your current circumstances including social, medical and psychological. I may also ask about your background and family history.
Personal data is also contained in invoices, accounting returns and tax returns and related information.
I collect this information via my website contact page and advertising directories, and from our initial consultation and screening questionnaire.
With your consent, I collect the name of an emergency contact and also I collect your GP details and any other relevant information from health professionals.
How I use your data
To process bookings and confirm therapy sessions with me and to notify you about cancellations and other changes
To provide you with products and service
To notify you about changes to my policies and website
To provide customer care and respond to your requests
To send you any relevant information that we have previously agreed on.
To comply with my contractual obligations
I may use your information to create invoices for health insurance companies, but I will anonymise information where possible using a unique code that will be generated especially for you.
How I store your data
I will take notes when I speak to you and these will be both on paper and electronic. I store all paper information in a locked cabinet and only I have access to it. All electronic information is stored on a password protected computer and only I have access to it. All information will be kept for 7 years to comply with my insurance company. After this time all information will be shredded and deleted. I may not be able to delete your data before this time due to legal and/or accountancy obligations.
All clients are given a unique code which is used on all sensitive information to ensure that if there is a data breach clients cannot be identified. Identifiable information is kept separately from client notes.
Although I take measures to protect your data, information can be intercepted and breaches can occur. If there is a data breach, I will follow the regulations set out in Article 33 of the GDPR. This includes notifying the ICO of the nature and consequences of the breach within 72 hours, and any measures I have taken to address it, unless the personal data breach is unlikely to result in high risk to your rights and freedoms. I will also notify you without undue delay if the breach is likely to result in a high risk to your rights and freedoms.
Exceptions to confidentiality
If I believe you or another person is at risk of being harmed e.g. if I am concerned that you are in serious danger of attempting or completing suicide, in imminent danger or temporarily unable to take responsibility for your actions, I would advise the relevant emergency authorities and/or your doctor and/or your nominated emergency contact.
Any decision to break confidentiality would not be taken lightly. I will usually consult with a colleague, my clinical supervisor and where possible, advise you as well. You have an ethical and legal right to know the importance of and/or see what is being said about you if you wish and I will make every effort to include you in the process except in circumstances where it would harm you or others to inform you (e.g. child protection situations, mental incapacity, terrorism).
Compliance with law: I may share your information if required to do so by law.
Who has access to your personal data?
I do not disclose any information you provide to any third parties other than as follows:
- I may consult with other professionals involved in your therapy, only with your explicit signed consent.
- I may discuss our work in a general way with my clinical supervisor and supervision group in order to maintain high standards of practice. I will never use names or personally identifiable details.
- Your name may be contained in financial records and in my online diary. It is possible that third parties may have access to those records, for example, an accountant, tax adviser, legal adviser or administrative assistant.
- I may be required to disclose some of your personal data to your health insurance company. For instance, if I invoice your health insurance company directly in respect of your treatment, I may be required to provide certain information including your Contact Information, appointment and attendance dates, progress notices and the applicable consultation or treatment fee.
- The right to access: You may request a copy of your clinical file for free at any time by emailing me. Your records are identifiable, retrievable and intelligible as per GDPR requirements. I will comply within 30 days.
- The right to rectification: You may update any of the information I hold for you at any time. I will amend them immediately.
- The right to erasure: You may request that I erase your data. I will comply within 30 days unless I cannot for legal reasons.
- The right to restrict processing: You may request that I restrict how I process your data. I will comply within 30 days unless I cannot for legal reasons.
- The right to object to processing: You may object to me processing your data. I will comply within 30 days unless I cannot for legal reasons.
- The right to data portability: Your data is retrievable and may be able to be moved if necessary.
- The right to complain to a supervisory authority: If you believe I have contravened the GDPR, you may contact the ICO.
- The right to withdraw consent: You may withdraw your consent for me to hold your information. I will comply immediately unless I cannot for legal reasons.
- The right to request information about the existence of automated decision-making, including profiling.
- The right to be notified if your personal data is rectified or erased, or processing is restricted, in accordance with the above.
If you are not satisfied with my response to any complaints or queries you can raise a complaint with the Information Commissioner’s Office (ICO)
Information Commissioner’s Office (ICO)
Telephone No: 0303 123 1113
- A cookie is a piece of data stored locally on your computer or mobile device and contains information about your activities on the internet. The information in a cookie does not contain any personally identifiable information you submit to my website.
- Once you close your browser, my access to the cookie terminates. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. To change your browser settings, you should go to your advanced preferences.
- If you choose not to accept the cookies, this will not affect your access to the majority of information available on my website. However, certain online services may not be available.
Changes to this policy
I may edit this policy from time to time and will notify you if any substantial changes are made.