Data Protection & Privacy Policy

When you contact me you are consenting to my use of your data according to this policy, so please ensure to read the below. Any personal data you provide will be held and processed in accordance with the principles set out in the Data Protection Act 2018 (UK General Data Protection Regulation).  

This policy refers to my collection, usage and storage of your data. Please consider how you will manage confidentiality on your own devices. For example, password protecting devices, removing saved logins on shared devices, and logging out or clearing your browser history after a video session. 

Personal data held

  • Identifiable information is held for the purpose of communication and in accordance with my insurance policy. Beyond your name, phone number and email address, further information is optional. Intake forms received via email are printed and kept in a locked cabinet. 

  • Emails and phone calls/texts exist on electronic devices which are password protected. 

  • Pseudonymised attendance records and brief session notes are kept on paper in a locked cabinet for the purpose of reflection, supervision, invoicing and insurance requirements. 

  • Pseudonymised financial records are kept electronically for tax purposes. Please be aware that electronic records exist for any transactions made by bank transfer, cheque or card payment. 

  • I use Microsoft Office to power my email account and electronic record-keeping, Wix for my website, SumUp for card payments, Bank of Scotland for client transactions, Surfshark VPN, Krisp noise cancelling software, and Doxy.me and Zoom for video sessions. Any collection and use of data by these companies is subject to their own privacy policies. Krisp processes voice audio data locally and this data never leaves my devices – see the Security section on their website for more information. 

  • In line with insurance requirements, personal data is kept for five years after counselling ends or our last contact after which time it is destroyed by shredding and deletion. I annually check the personal data I hold to correct any inaccuracies, and to ensure data has been deleted following its retention period. 

Sharing of data

  • For clients who are accessing The Next Chapter’s reduced fee service, pseudonymised information relating to attendance is provided to the organisation’s Director for invoicing purposes. 

  • Under normal circumstances, no information about you will be passed to anyone without your consent. This includes information about your initial enquiry and content from our sessions. 

  • In certain circumstances, I may pass on confidential information. These circumstances may include where there is an imminent risk of serious harm to you or someone else, or if I am required by law, a professional membership body such as COSCA, the Information Commissioner’s Office (ICO), HMRC or my insurance company to do so in the event of a complaint, legal action or audit. Where possible I will first ask for your consent before sharing the required information.  

  • Information on clinical supervision can be found on page 1 of this document. 

  • In the event of my incapacitation, two trusted colleagues are nominated to manage my records, contact my current clients and to support them in making alternate counselling arrangements where required. 

Your rights under GDPR legislation

  • The GDPR (implemented as the Data Protection Act 2018) provides rights for individuals such as access to information held about them. See ico.org.uk/your-data-matters/ for more information about your rights. Please contact me in advance if you would like a copy of the information held by me in my records, or to correct any inaccuracies in your information. You have the right to complain to the ICO if you are concerned that I may be mishandling your data.