Privacy Policy

This Privacy Policy is broken down into 3 sections:

1. What data do I hold and how, why and length of time do I hold it.

2. Your rights in relation to your data – Data Breaches – Complaints

3. Processing Data

Definitions:

“data controller” means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed

“data processor”, in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.

“processing”, in relation to information or data means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data,

 including—

a) organisation, adaptation or alteration of the information or data,

b) retrieval, consultation or use of the information or data,

c) disclosure of the information or data by transmission, dissemination or otherwise

making available, or

d) alignment, combination, blocking, erasure or destruction of the information or

data

Abi Hendra is a registered / member with the following organisations: is both a Controller and Processor and is registered with the ICO (Information Commissioners Office); is a member with WPP.

Updated 25 May 2018

Section 1

What data do I hold and how, why and length of time do I hold it?

Data How? Why? How long for?
Initial point of contact details Either on my private business phone or on my Hotmail account (held under Microsoft terms and conditions) In order to asses and respond to your request As of the 25th May, 2018 initial contact information that does not develop into a contract is held for 3-12 months. If we do contract please see below.
Contract Original paper cope is kept in a securely locked cabinet. Legal requirement 5 years after the last session
Clinical notes Locked filing cabinet. Kept aiding any ongoing work. 5 years after the last session
Supervision Recorded within my clinical notes as appropriate. I am required to report to a supervisor I am required to report to a supervisor under UKCP Standards 5 years after the last session
Opt out form Locked filing cabinet Legal requirement 5 years after the last session

Please note that under GDPR the data I hold is considered sensitive data.

Section 2

Your rights in relation to your data – Data Breaches – Complaints

Your rights in relation to your data

The first section of this policy informs you of what data I hold.

As a client, you may request a copy of the information.

Due to counselling being contractual work the work is kept up to 5 years at which point it will be destroyed.

An Opt out form will need to be completed in the first session (or after if you started prior to 25th May 2018).

Clinical Executor – I am required to have a Clinical Executor in case of emergencies. They do not hold your data. A Clinical Executor will only have access to data in the event of emergencies where I am not able to contact you myself or in the event of my death in order to contact you.

GDPR and Confidentiality is exempt under the following laws in therapy The Children Act 1989, Prevention of Terrorism Act 2003, and Mental Health Act, 1983 and subsequent acts

Data Breach

Currently installing an extra layer of security to mitigate a Data Breach – I am currently making all Clinical notes electronic in order to store them on an encrypted USB which is locked away. In the event of a data breach I will be contacting you to let you know and the ICO.

Complaints

In the event of a complaint, I would encourage you to contact me and see if we can resolve the matter.

 If this is not successful you can contact the following

Welsh Psychotherapy Partners

http://www.welshpsychotherapy.org.uk

Section 3

Data Processing

Provider Why might they hold your data Privacy policy
Tesco mobile If you call or text me https://www.tescomobile.com/about-us/terms-and-conditions/general/privacy-and-cookies-policy
Hotmail / Microsoft If you email me https://privacy.microsoft.com/en-GB/
WordPress If you use my website to contact me https://en.support.wordpress.com/your-site-and-the-gdpr/
Google ad words express Clicked on an advert on ,m.Google.my website uses cookies. https://policies.google.com/privacy https://policies.google.com/terms
Co-operative Bank If you pay by bank transfer https://www.co-operativebank.co.uk/global/privacy-and-cookies
Quickbooks Accounts To process my business accounts https://quickbooks.intuit.com/eu/privacy-policy/
HMRC HMRC has the right to audit any business http://www.business.hsbc.com/privacy-policy
Holistic Insurance In the event of a complaint and / or that I need legal advice – the sharing of data will be as required only http://www.holisticinsurance.co.uk/about/
Welsh Psychotherapy Partnership In the event of a complaint and / or that I need legal advice – the sharing of data will be as required only http://www.welshpsychotherapy.org.uk/

N.B This Policy can and will be updated as the owner sees fit. This includes but is not limited to improving transparency