Privacy Policy

Crossgate Counselling & Training/ Polly Singer Privacy Policy

From 25th May 2018, under the General Data Protection Regulations (GDPR), I am required by law to inform you about how I process and keep your personal data safe. This privacy policy relates to my understanding of data protection (the collection, use and storage of personal information) and my compliance with relevant legal frameworks i.e. GDPR.

This is a ‘live’ document and may change from time to time to reflect changes in legislation or the needs of my business.

General Principles:

  • Confidentiality is a vital part of the counselling process and it is important that you feel safe and assured that your details, and the information you disclose to me is treated confidentially
  • I am committed to complying with relevant legal frameworks
  • I (Polly Singer) am registered with the Information Commissioner’s Office (ICO) as a data controller and comply with their requirements

What data do you collect?

The following outlines the data I typically collect when working with a client:

  • Full name and date of birth – This is information that enables me to identify you
  • Address, email address and phone number – This is information that enables me to contact you regarding our sessions
  • Your GP details and details for an emergency contact – This enables me to help keep you – and our work together – safe and ethical. I would use this information where I was concerned for your safety (my counselling contract outlines this in more detail)
  • Session notes: I keep brief, factual notes of sessions to aid my memory of session content
  • Payment information: Banking transactions may be viewed by the employees of the bank, my accountant and tax officers (HMRC) and your account name may show up on online or paper bank statements if a BACS payment is made
  • Emails between us
  • Invoices and receipts

Will my data be shared?

The data above will not otherwise be shared except in the following circumstances:

  • For the purposes of financial audit, HMRC may request to see the electronic payment receipt log. I need to share my bank records and payment log with my accountant for the purposes of completing my tax return
  • If I was suddenly significantly injured/incapacitated/unwell, then a fellow designated counsellor has instructions to have access to client phone numbers with first names only, in order to inform current clients of this situation
  • If I permanently lost capacity/ died, a fellow designated counsellor has instructions to access and delete all client data
  • If there was a court subpoena, these records could be requested
  • If there was a serious risk of harm to you or others

I will not sell your data on or use it for any unethical reason. I have regular supervision where I talk about my work; all data is anonymised for this purpose.

Can I request for my data to be amended or erased?

You have the right to access and rectify any part of this personal data, as well as the right to request personal data to be erased (‘the right to be forgotten’), however exceptions to this exist if there are legal reasons requiring processing of this data. Such requests can be made directly to myself via email (crossgatecounsellingsheffield@gmail.com) and I will respond within 30 days.

How will data be stored?

Data is mainly stored in paper format in a locked metal cabinet, and inaccessible to others. Your phone number may be kept on my mobile phone and texts are received onto this. Emails are received onto both my work laptop and mobile phone. Both devices are password protected. Please note it is recommended that email is used only for booking and confirming appointments, rather than including detailed personal information, unless encryption is used.

How long is data stored for and how will it be disposed of?

I will keep your session notes and brief personal details for 7 years following our final session. All emails and texts from you will be deleted as soon as they are no longer needed, and at least within 2 months of our work finishing. Payments made by BACS are automatically logged and stored by my bank. I keep financial records for 7 years and my bank will hold onto details in their systems for a further 6 years following the closure of my account with them.

What would happen if there is a data breach?

A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. I undertake to record any data breaches I am aware of, and to promptly inform the subject of the data, the ICO and other relevant authorities where appropriate.

How can I ask a question about this policy?

If you have any questions about this privacy policy or your personal data, please contact me in my capacity as Data Controller:

Polly Singer

Crossgate Counselling and Training

Tel: 07588504987

Email: crossgatecounsellingsheffield@gmail.com

If I was concerned about how my data had been stored or used, how could I register a complaint?

You have the right to lodge a complaint with the professional body to which I am accredited (BACP) and/or the Information Commissioner’s Office (ICO).

Last updated: 26 September 2020