My aim is to be fully compliant with current GDPR legislation and let my clients know how I use and protect the data they have given me. I wish to be transparent with the process I have in place. I follow guidance from the associations I am registered with, and my insurers.

I am registered with the ICO (Information Commissioners Office): ZB286054.

What I collect: name, address, email address, telephone number, GP/emergency details, date of birth, gender, ethnicity, religion, sexual orientation, medical and mental health information.

What I do with the information I gather: internal record keeping, assess the therapeutic needs, to contact clients to manage sessions, for safeguarding/emergency, to send receipts and/or invoices.

I keep brief, factual, clinical notes outlining the date and main themes of our counselling session. These do not contain any names or identifying information.

I endeavour to keep all sensitive data safely on a laptop, that is only used by me. This involves anonymising, using passwords and encrypted documents. I keep any sensitive paper records in a locked file cabinet.

No one but me, can access this information, except in the event of sudden cessation of my practice (through accident, serious illness, or death) when my supervisor will access my clients’ contact details to inform them about the situation.

A client can make a subject access request in respect of their personal information held by me by making a request in writing. Once I receive the written request, I will respond within 14 days.

A client may also request that inaccurate personal data is amended.

I might share data if required by law, or if ordered to by a court, or if a client tells me about risk of serious harm to themselves or someone else.

I have clinical supervision where I talk about my work, but I only use a client's first name. Supervision is also confidential.

My insurer requires me to keep counselling session notes and client personal information for a period of seven years. After this time, data will be destroyed.

During my work with a client, I will store the number and email address with initials only. Once the work is finished, I will delete the client’s number and email address from my contacts.

All payments and invoices are stored on my laptop. They are regularly shared with my accountant and might be shared with HMRC if I am audited.