Privacy and Data Protection Policy
Simon Johnston is registered with the Information Commissioner’s Office (ICO). Reg No: ZA793107
My privacy policy complies with the GDPR legislation that began on 25th May 2018. My aim is to give you peace of mind and confidence knowing that I will manage your data correctly and explain clearly how and why I use and collect your data, and your rights.
Why I need Information
I require certain information about you to provide safe and suitable therapy, while complying with professional codes of ethics and insurance purposes.
The personal information I record:
During initial consultation clients will be invited to read a number of policies, including data protection, safeguarding their relationship with me, contacting guidelines. This informed consent will be recorded within a counselling contract.
I will also ask for personal information including: Name, date of birth, telephone numbers, e-mail address, next of kin, GP details and other information relevant to our work together.
I also collect brief session notes which will be anonymised and include date, time and session number. Aside from the generic details, this information helps to establish your perception of the situation, how it is affecting you and to discuss what you would like to achieve from attending sessions.
Clients will send me emails with whatever they choose to share, which I have no control over until in my inbox.
How this information is stored:
Contact details such as telephone numbers and e-mail address will be stored electronically and backed up by a secure encrypted cloud based service.
Any paper copies of contracts will be transferred electronically and paper copies destroyed.
Session notes and personal information will be anonymised and stored separately from contact details. Stored electronically and retained for the legal requirement of 7 years, after which it will be destroyed.
All email correspondence including initial contact emails will be stored within my business email inbox. These will be not be retained and deleted or anonymised and transferred to the client records after one month of end session.
Any paper notes will be kept in in a locked filing cabinet and destroyed after being transferred to secure electronic client records.
Confidentiality:
All sessions will be conducted in confidence with date, time, session number and brief notes documented.
In accordance with the General Data Protection Regulation 2018 (GDPR), confidentiality applied to all records will be maintained and and not passed to a third party with the exception of the following.
When a client has given permission to share information, e.g. statical data or GP
In cases where I have a duty to share information regarding(but not limited to) the following:
When compelled to give evidence by the court of law.
Should it be considered there is a real possibility of harm to yourself or others in such instances where informations of such gravity that confidentiality cannot be maintained. e.g.
Safeguarding for adults
Safeguarding children
Offences involving children under the age of 18
In cases of terrorism, fraud or money laundering.
Client Consent:
I will seek client permission to:
Share any information out with the exemptions stated in the confidentiality section above.
Use their anonymous details for my continued professional development e.g. case studies, training, supervision.
Publish any marketing materials such as testimonials including those using a pseudonym.
Contact you via your preferred method and only leave a message with your consent.
At all points of my information collecting process. I inform my client why and how it will be collected, as well as how and by whom it will be stored. Clients will be asked to chose to give consent after reading my policies and when signing the counselling contract. Clients can choose to give consent to methods of collection and storage at any point. If I do not receive consent I cannot receive or store information and the client can discuss in person with me.
Security
Upon receipt of your personal data I am committed to ensure that your information is secure.
In order to prevent unauthorised access or disclosure, I have in place appropriate physical and electronic procedures to safeguard and secure the information collected online and from sessions. Including use of a Virtual Private Network, End-to-End SSL encrypted website, continually updated Anti-Virus Software, full Password protection with Two-Factor Authentication and encrypted email providers and storage.
All electronic devices which store client data use password protection with Two-Factor Authentication which only Simon Johnston of Edinburgh Counselling and Psychotherapy has access to.
I am transparent that email (in general) is never completely secure or confidential, however I have taken measures to use secure encrypted email providers. If you choose to communicate with me by email, be aware that all emails are retained in the logs of your and my Internet service providers. While it is unlikely that someone will be looking at these logs, they are, in theory, available to be read by the system administrator(s) of the Internet service provider. There is no other way I could carry out my business without the information being passed to me this way and consent is given.
Website
This privacy policy sets out how Simon Johnston uses and protects any information that you provide when you use this website.
By visiting www.therapy-edinburgh.co.uk website you accept and consent to the terms described in this privacy policy.
I am committed to ensuring that your privacy is protected. Should I ask you to provide certain information by which you can be identified when using this website; you can be assured that it will only be used in accordance with this privacy policy.
Online contact form
When you use the online contact form I may collect, use and store the following types of personal data: Name, Telephone number, E-mail address, Information relevant to your referral, Other information you choose to send me.
I use this information to understand your needs and provide you with a better service, and in particular for the following reason:
To contact you and assess your needs, answer any questions you may have.
Arrange and send confirmation of your initial session.
For cookies and analytics please see Cookie policy
Right of access
If a client asks to have access, change or delete any information I hold I will comply with any data protection and BACP guidelines.
You may choose to restrict the collection of use of your personal information in the following way:
If you have previously agreed to me using your anonymous personal information for continued professional development or marketing purposes, you may change your mind at any time by writing an e-mail at: simon@therapy-edinburgh.co.uk
I will not sell, distribute or lease your personal information to third parties unless I have your permission or is required by law to do so.
You may request details of personal information that I hold about you under the General Data Protection Regulation 2018(GDPR). If you would like a copy of any stored in formation please e-mail: simon@therapy-edinburgh.co.uk
I aim to keep all personal data up to date, if you believe that any information that I am holding about you is incorrect please e-mail as soon as possible at the above address and I will promptly correct any information found to be incorrect
Breach Notification
If data protection measures are breached I will contact the ICO, or keep records about the breach.
Accountability, Amendments and Updates
This policy will be available on my website and shared explicitly with clients during initial session.
I may amend and/or update this privacy policy from time to time without notice to the client, in which case, I will publish and use the updated version. A client must confirm I will not be liable to the client or any third party for any changes made to this privacy policy.
