Who I am
Information Commissioners Office (ICO) registration reference: ZA130895
Data controller and processor: Charlotte Hughes
Data subjects: Clients
What personal data I collect and why
This policy is written with the intention of providing transparent information regarding how Charlotte Hughes and hughescounselling.co.uk process personal data. To find out more about General Data Protection Regulations (GDPR) and your rights, please go to https://ico.org.uk/for-the-public/ or https://ico.org.uk/global/contact-us/ Charlotte Hughes provides personal counselling to individuals and couples by private contract with clients. This contract stipulates the expectations of both parties in regards to confidentiality and provision of counselling.
Data collection points
Enquiries to Charlotte Hughes Counselling are received via a number of channels; in person, telephone, text or email. Initial enquiries usually contain some personal information such as names, emails and telephone numbers. Emails are received via: marketing on the Counselling Directory/ Psychology Today, BACP Directory websites, or direct contact independent of these methods. Other data is collected at initial meetings and following each counselling session. Any client data collected and/or retained by Charlotte Hughes Counselling (including personal information) is solely processed in order to make relevant contact with and provide counselling services to clients.
- Full name
- Date of birth
- Home address
- Telephone number
- GP name and address
- Emergency contact name and telephone number and/or email address (where relevant)
- Email address
Other information collected/processed regarding clients;
- Brief electronic session notes made in anonymised form, identifiable only by unique client codes.
- Anonymised monitoring information, identifiable by unique client codes
- Text messages
Third party data collection & processing
The counselling directory and the BACP find a therapist provide robust information regarding their privacy policies and any processing of personal data to all users which can be found at https://www.counselling-directory.org.uk/privacy.html or at https://www.bacp.co.uk/privacy-notice/
Data storage, retention & disposal
Charlotte Hughes Counselling store paper records, including personal information in a locked filing cabinet and electronic information in password protected and encrypted format (including email, telephone numbers and text). Telephone numbers and anonymised, with those and any text messages being held on password protected professional mobile phones. Session/counselling notes are held separately from personal and identifying information in anonymised format. Data is held for a maximum of 5 years after client’s last contact with Charlotte Hughes Counselling and Training, in line with insurance requirements and GDPR. After this time, data is then disposed of securely and confidentially.
It is rare that any personal information would be shared. As BACP registered counsellors, anonymised client information is shared with professional supervisors (a requirement of registration) in order to maximise service provision to clients. Personal information will not be shared with any other party without prior client consent, with the exception where Charlotte Hughes Counselling believe that not sharing the information would result in the risk of harm to clients or any other person or if there is a legal requirement to do so.
In the event that Charlotte Hughes is in some way incapacitated, all records will be destroyed confidentially by the supervisor. Every effort will be made to ensure current clients are informed of this action.
All clients proceeding with counselling are required to consent in writing to both the parameters of counselling and data collection within a detailed counselling agreement. This agreement sets out elements of the counselling contract with a detailed privacy statement prior to a section where personal data is collected.
Where another type of third party is involved, unless we gather personal information pertaining to themselves, they will not be required to provide their consent, any information shared regarding the client (other than attendance information) will be subject to clients’ providing consent.
Access to personal data and requests to erase, limit use or amend personal data
As clients consent to and provide personal information, they are informed that they can request access this information at any time and provided with details as to where they can learn more about their rights in relation to GDPR. No charges will be made for accessing personal information and the personal information will be provided at the earliest possible time. Clients also have the right to request that data is erased, limited or amended and the right to be compensated for any harm caused by incorrectly processing personal information.
Where there has been a breech to GDPR policy, for example data has been shared with a third party without consent or data has not been destroyed in a timely manner, the breech will be reported to the ICO within 72 hours.
This policy is written with the intention of providing transparent information regarding how Charlotte Hughes Counselling, control and process personal data. If you have any queries regarding this policy, please contact me using the contact methods listed. To find out more about General Data Protection Regulations (GDPR) and your rights, please go to https://ico.org.uk/for-the-public/ or https://ico.org.uk/global/contact-us/