Privacy Statement and Agreement
Pursuant of General Data Protection Regulations (GDPR) May 2018
DATA CONTROLLER: LOUISE SQUIRES
1. I, LOUISE SQUIRES am collecting your name, home address, and email and telephone contact number for the purposes of identifying you, and enabling me to make contact with you both routinely and non-routinely, for example, in urgent or emergency situations, by telephone, text or email, or in less likely circumstances, by post.
2. I will NOT share your data with any other individuals, agencies, or organisations unless I have a legitimate concern for either your own or someone else’s safety and wellbeing. In the rare circumstances that disclosure might become necessary, or be legally required – and this could include the criminal justice agencies, such as the police – I will always endeavour to inform you of my intention to do so and wherever practicable, involve you in the decision to disclose. In certain circumstances you may instruct me to share some of all of your clinical records with another agency. Should this be the case I will approach you to sign a Consent to Third Party Disclosure authorisation form before doing so and involve you in the review of any records held about you, before making the disclosure.
3. In the event that I am taken seriously ill or have a serious accident and am therefore incapacitated and therefore prevented from making contact with you, or if I die during the course of your therapy episode, a nominated colleague and supervisor will be instructed to access my client register (name, email address and telephone number only). My colleague/supervisor is then permitted by me to contact you to explain my personal situation and to discuss any ongoing support needed. You are at liberty to decline any support offered by them.
4.The contact details collected at initial assessment, and any other client notes I hold are stored safely and confidentially under lock and key. No other person has routine access rights to my file or individual clinical records with the exception of the circumstances detailed in 3, above.
5. Unless specific erasure of your records are formally requested by you, all records pertaining to you that are held by Louise Squires will be retained securely for a maximum of 7 years following the ending of the therapy relationship. This is a requirement of my insuring body.
6. Telephone numbers and any text or app-based conversations between me as the ‘data controller’ and you as the ‘data subject’ will be maintained only for the period that we are working together therapeutically, and for 6 months thereafter, following which I will delete any numbers and messages between us. My mobile devices are password protected.
7. Emails generated between us, including the initial contact form, will be maintained only for the period that we are working together therapeutically, and for 6 months thereafter, following which I will delete the correspondence.
8. This Privacy Statement and Agreement is available for you to read on my website. The Therapy Contract and Informed Consent Form contains a summary of this Privacy Statement and will be provided back to you once you denote your understanding and agreement by signing the form. By signing the Informed Consent form you are also denoting your Agreement to the terms and conditions contained within Louise Squires Therapy Contract and terms and conditions.
9. Below is a summary of rights, General Data Protection Regulations (GDPR)
10. The EU GDPR comes into force on 25 May 2018. The Regulations apply to all European states, including the UK. The additional Regulations to the Data Protection Act 1998 will be overseen in the UK by the Information Commissioner’s Office (ICO)
11. The GDPR will affect how counsellors, psychotherapists and counselling and psychotherapy services (the ‘data controllers’) store and use sensitive, personal client data (the ‘data subjects’) and the client’s rights to access and request erasure of their data.
This includes information about a client’s:
- Racial or ethnic origin
- Political opinion
- Religious belief or belief of a similar nature
- Physical or mental health condition
- Sex life
- Criminality, alleged or proven
- Criminal proceedings, their disposal and sentencing
- Genetic data, and
Personal data relating to criminal convictions and offences are not included, but similar, additional safeguards apply to their processing.
12. Rights of you, the client. The recording and use of sensitive personal data require your explicit consent. Louise uses a separate Therapy Contract and Informed Consent form whereby you will be provided with an opportunity to formally confirm your understanding of your legal rights as the ‘data subject’
13. The right of erasure. Under GDPR you the client can ask for your personal data held by Louise Squires to be erased and to prevent further processing:
- Where the personal data are no longer necessary for the purpose for which they were originally collected/processed.
- When you withdraw your consent to records being made and held.
- When you object to the processing and there is no overriding legitimate interest for Louise Squires to continue the processing of your data.
- If you believe that your personal data is or has been unlawfully processed by Louise Squires –in breach of GDPR.
- Where erasure is required as a legal obligation.
- Where your personal data is processed in relation to the offer of online services to a child
Louise Squires can refuse to comply with your request for erasure where your personal data is held:
- To exercise the right of freedom of expression and information
- To comply with a legal obligation (to retain it) or in the public interest, or the exercise of official authority
- For public health purposes that are in the public interest
- For archiving purposes in the public interest, scientific research, historical research or statistical purposes, or
- In the exercise or defence of legal claims.
There are additional requirements when the request for erasure relates to children’s personal data. This is because a child may not have been fully aware of the risks involved in the processing at the time of consent being secured.
14. Your right to data portability. Under the GDPR you can request and reuse your personal data for your own purposes across other services. If Louise receives a request from you to transfer your personal data, she will provide it in a structured, commonly used and machine-readable form, free of any charge to you.
15. Your right of access. You will have the right to request to see the information that is being held about you, whether these are electronic or manually stored records. Your request should be made to Louise Squires in writing and you should expect to be given access within a calendar month of your request being acknowledged, free of any charge to you. If you believe any record held about you to be incorrect or inaccurate in any way then you can ask for it to be corrected by Louise Squires. If there is a disagreement between us about the accuracy of any records that Louise holds about you then an additional note will be added to the record to acknowledge your objections to what it recorded about you.
If you have any concerns about how I have handled your data, you can complain to the Information Commissioners Office:
My ICO registration number is ZA380081