Roslyn Byfield Counselling Privacy Notice
The General Data Protection Regulation (GDPR), which applies to all EU states, replaces the Data Protection Act and came into effect on 25 May 2018. In aiming to protect EU citizens from privacy and data breaches, GDPR recognises the marked changes in data handling in recent years, especially through the increase in digital processing and social media use.
GDPR significantly strengthens individuals’ rights regarding their personal data and obliges data controllers (the people or organisations recording and processing your data) to be transparent, explicit and accountable about how they handle your data. Enhanced accountability means data controllers need to: identify the lawful basis for processing your personal data; maintain records of all processing; have measures for ensuring security of this data; clarify limits to confidentiality and time limits for destruction; make provision for complaint, redress and compensation; and demonstrate compliance with this legislation.
How I use your data and circumstances under which I share it
GDPR lawful basis for processing personal data: legitimate interests.
I am committed to ensuring that your privacy is protected. I use your personal data (name, address, phone number, email address) to enable me to provide my service to you, to maintain accounts and records, and to contact you when necessary. Contact data is housed in a manual card file in a secure location at my home; in my email system (PC and smartphone, anonymised as far as possible so that you cannot be identified from the phone number). These details are deleted/shredded at the end of our work together. Your data is shared with no one except my clinical executor (a trusted colleague who, in line with good clinical practice, now mandated by most professional bodies, undertakes to inform and support my clients should I suddenly be unable to work). The one exception to this is contacting your GP if I become concerned about your safety or that of others, though in practice this is extremely rare.
In a secure location I keep anonymised notes of the initial assessment and subsequent sessions, and these are retained for 6 years, as required for insurance purposes, and then destroyed. The notes contain no personally identifiable data.
You have the right: to be informed; see the data I hold on you (free of charge for the initial request) and to receive a response within one calendar month; to withdraw consent to its use; to change any information that I hold about you that is incorrect; to ask me to delete information that I hold about you, which I will do except for that which I have a legal obligation to keep. NB: ICO states that these are not all absolute rights, some not applicable to certain categories of lawful basis used. (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights).
Please ask me if you are uncertain about anything or if you wish to complain about my handling of your data. If you are not satisfied, you can contact The Information Commissioner’s Office, which governs data protection in the UK. You can find out more at: https://ico.org.uk/.
ICO Security Number for Roslyn Byfield Counselling: CSN0486401