I collect client personal data on the contact information form, which I will use to clients when appropriate. Names, telephone number and email address will be saved as a contact (but without identifying clients) in my mobile devices.
In addition, I am required by my professional indemnity insurance and the ethical code under which I work to keep a record of our work together. This record will include client history as self-reported, and a brief note from sessions to ensure that I am able to reflect on and evidence the work done together.
I will therefore process the personal data of clients based on their consent, and as part of a legitimate business interest to ensure that I work professionally and ethically.
I keep data which is handwritten or printed (including anything provided by clients such as notes they have made or a GP’s letter) in a locked filing cabinet in my office, which is also locked. Any digital data will be on my password protected laptop and the documents will be password encrypted.
Clients have a right to request access to their records at any time, and this will be provided within 30 days. They have a right to ask for data to be erased at any time, although in the case of session notes I have a right to maintain these to meet my ethical and professional obligations.
Any breach of these regulations can be reported to the Information Commissioner’s Office.
Data will be destroyed after 7 years following the end of our therapeutic relationship, unless an alternative is agreed with an individual client.
I will only use this information for the purpose for which it was collected and it will not be shared, unless falling within a reason to breach confidentiality as detailed in our contract.
Clients are provided with this information at an initial meeting and provided with a summary in the contract agreed with them. If they have any questions or concerns they are encouraged to ask.