I am registered with the ICO (Information Commissioners Office) which means I need to tell you what data I am collecting from you and what I intend to do with it.
What data do I keep and why do I need it?
Name and age – this is basic information that helps me get to know you
Address, email address, phone number – I use this as a way of contacting you regarding your sessions. I will mainly use the method you first contacted me on but if I can’t reach you I will try a different method.
Doctors details - If I was worried that you were at risk then I may need to contact your doctor, if I could I would tell you I was going to do this.
Session notes – Anonymised bullet point notes from sessions which are recorded to assist me to keep on track with your sessions.
Will I share your data and if I do who will I share it with and for what purpose?
It is very unlikely that I will share your data. I will not sell your data on or use your data for unethical reasons. I may have to share your data it if my session notes are subpoenaed by court, if you or anyone you tell me about is at harm or risk of harm I may have to pass this information on to your GP or the police.
I have an appointed supervisor who in the unfortunate event I can no longer work with you they will have access to your details and will get in touch with you.
How will I store your data?
The data recorded on your assessment form and anonymised session notes are kept in a locked filing cabinet, your phone number will be kept in my business mobile phone which is code protected for the duration of our work together.
How long will I store your data for and how will I dispose of it?
Session notes: will be stored securely for 6 years which is the time frame my insurance company requests to keep such data.
Initial assessment document: will be destroyed 1 month after our work finishes.
Phone number - will be deleted from my mobile phone 1 month after our work finishes.
Email - enquiry is deleted upon making contact with you and your email address will be deleted 1 month after our work has concluded.
Is this different for EAP (workplace) clients?
Your EAP may have given me more information than I would normally collect for example where you work and registration numbers. Each EAP is different so it depends on your EAP. I usually need this information when I am sending my invoice to your EAP as a way of recognising your case. This information is usually in the format of an email and I will delete this extra data once your EAP has reimbursed me for our work together.
If you are not happy with the way I use your data you can complain to ICO at www.ico.org.uk or phone them on 0303 123 1113.