Jules Haley – Counsellor and qualified online therapist, Walthamstow, East London, E17
Under the General Data Protection Regulation (GDPR) 2018, I am required by law to inform you about what personal information (data) I collect and hold about you, why I collect this information, how I process and keep safe this data, how long it is stored for and your rights over your personal data.
Security and Data Protection
Jules Haley Counselling has a legitimate interest in processing personal data to provide counselling services.I make every effort to keep all personal information confidential. Your personal information is stored securely and confidentially, and I am bound by the British Association for Counselling and Psychotherapy’s Ethical Framework for the Counselling Professions.
I regularly see a confidential clinical supervisor to support my work. I have full professional insurance and have a current Enhanced Disclosure and Barring Service (DBS) check. I am a registered Data Controller and Data Processor and abide by the regulations imposed by such procedures. My Information Commissioners Office registration number is: ZA498588. If I discover there has been a breach of your personal information, I will tell you as soon as possible and inform the ICO if necessary.
If we are working online there may be limits to the security and confidentiality of our sessions, dependant on the encryption of the online platform we use. I use Zoom (pro) and Vsee for online work and Protonmail for email counselling. Please ensure you use encryption and security in your computer / phone and emails. I use WriteUpp record keeping software which is ISO27001 certified and GDPR compliant and uses two-factor authentication login and data encryption to keep records safe.
Personal information I hold
You have the right to know what personal information I hold, why I hold it, how it is stored, who has access to it, and for how long I hold it. I will keep the following personal information so that I can work safely and professionally with you, in line with the guidelines of the British Association for Counselling and Psychotherapy (BACP).
- Your name, address, gender and pronouns, date of birth – I keep this information in paper form in a locked filing cabinet and in WriteUpp. Only I will see this information. I will keep this personal information for seven years from the end of our work together and after that time it is destroyed. This is required by my professional liability insurer and by my professional organisation (BACP). The Appropriate Person in my clinical will has your name, phone number and email address kept securely so that you could be contacted in case I became suddenly ill or other emergency. They will destroy the personal information when you and I finish our work.
- Your phone number and email address – I keep this information in paper form in a locked filing cabinet separate from your session notes, in WriteUpp, my computer and in my mobile phone. My phone is locked with a passcode when I am not using it. Your email address is held in my Gmail account. Neither my computer nor my mobile are shared with anyone else. This information is needed in case I have to contact you (for example for rescheduling sessions or sending an invoice). I also keep your email address in case we agree to work therapeutically via email, either as a regular arrangement or just occasionally. I will delete this personal information from WriteUpp and paperform after 7 years from the end of our work together.
- Emergency contact’s name and phone number – I keep this information in paper form in a locked filing cabinet along with your name and contact details and in WriteUpp. It is unlikely that I would ever use this information, but I hold it in case I become concerned for your welfare and I cannot get hold of you. You and I may agree together on some other reason that I might contact this person, based on your best welfare. When we finish working together, I will delete this personal information after seven years. Only I will see this information.
- Relevant medical information – I keep this personal information in paper form in a locked filing cabinet along with your name and contact details and in WriteUpp. It may be relevant to keep or share certain medical information if you have any health conditions such as seizures, diabetes, etc which may impact a session, or you have any allergies that I should be aware of. Only I will see this information and I will delete this personal information when we finish working together after seven years.
- Session notes – notes may include dates and times of attendance and brief notes on important themes from the session. I do not keep detailed session notes. I keep brief session notes electronically in WriteUpp. The notes will be destroyed seven years after our work finishes. If you would like me to retain them for a longer period, please discuss this with me. Only I will see this information.
- Payment information and invoices – I make a note of payments you have made and invoices on a financial spreadsheet for my business. I am required by law to retain certain financial information for tax purposes. I keep financial information for 7 years as advised by HMRC. Payment by BACS or cash will be processed by my bank, transactions may be viewed by employees of the bank and tax HMRC. When payment is made via BACS, your account name or reference (or the name of the person who is paying) may show up on my online or paper bank statements. You have the right to discuss alternative payment options with me.
- My emails/texts to you, and yours to me – I will delete emails / texts after I have noted the contents (for example, emails around scheduling). Electronic correspondence will also be held by the corresponding app (Gmail, Phone’s SMS, WhatsApp). I may keep emails/texts if I consider them necessary to our work. I will delete emails/texts when our work ends, and only I will see the information.
- Website –My website is hosted WordPress, who adhere to the requirements of GDPR. None of your personal information is stored on my website, other than to momentarily collect and send it to my Gmail account for the purposes of our initial contact.
All information disclosed during counselling is confidential. However, there are legal exceptions. For example, if you reveal a threat of harm to yourself or to others, or information relating to terrorism, money laundering or harm of a child, or if a court order is received and a legal obligation arises. In such a situation, the law may require that I share your personal information without your knowledge.If your health is in jeopardy (provided I have your consent) I may share your contact information and relevant medical information with an emergency healthcare service (e.g. ambulance).
Your Rights under GDPR
- To be informed what personal information I hold (i.e. this document).
- To see the personal information I hold about you (free of charge for the initial request). This will be within 30 days in electronic format.
- To rectify any inaccurate or incomplete personal information.
- To withdraw consent to me using your personal information.
- To request your personal information be erased. Though I can decline if the information is needed for me to practice lawfully and competently
- To receive the personal information which you previously provided, and the right to transfer that information to another party.
For the purposes of the General Data Protection Regulation (GDPR) 2018, the personal information “controller” is Jules Haley – Jules Haley Counselling. If you have any other questions, please ask me.