Privacy Policy

Privacy Policy

Overview

Within my clinical practice, I am committed to maintaining the trust and confidence of anyone inquiring about or using my services. You can be confident that your personal information will be protected and will only be used for the purpose it was given. I adhere to current data protection legislation including the General Data Protection Regulation (GDPR), The Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.


This notice tells you how I will look after your personal information when you visit my website or engage with my services. It tells you about your rights to privacy and how the law protects you. I am happy to answer any questions you might have about my data protection policy.


‘Data controller’ is the term used to describe the person/ organisation that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is me. I am registered, under the Data Protection Act (1988), with the Information Commissioner’s Office.

Telephone number:

My lawful basis for holding and using your personal information

GDPR states that I must have a lawful basis for processing your personal data and there are different lawful bases depending on the stage at which I am processing your data. The GDPR also ensures I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is that it is either:


  • For the provision of health treatment (therapy) and necessary for a contract with a health professional (in this case, a contract between me and you)
  • For the development and provision of services (training and business).


If you are in contact with me to consider therapy, or are currently in therapy with me, I will process your personal data where it is necessary for the performance of our contract. If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information.

Why do I collect your information?

I keep records in order to:


  • Enable me to contact you
  • To help me in recollection of your circumstances
  • To comply with my professional body guidelines
  • To help me to clarify the progress and direction of our work together. 

Types of date I will collect and how they are stored

Digital records

Email details


  • Your email address will be in my email account contacts list
  • Emails sent to me, either via website, counselling directory or directly, are deleted after one calendar year, or sooner if they are responded to and the matter is considered closed.


Telephone number



  • The number/s given by you will be stored within my phone contacts on a passcode protected mobile without surname. This will be deleted once we have agreed to end our work together.

Paper records

  • These are stored separately from case notes in a locked filing cabinet.
  • They include contact details given: usually name, address, email contact, telephone number and GP details. These also include information on family and support structures, medications prescribed and non-prescribed, eating and sleeping patterns, brief mental health history of self and immediate family and goals for therapy.
  • These will be destroyed by shredding ten years after the end of the therapy relationship. If you return as a client within ten years, the date for shredding historical notes will be re-set to the date of the end of most recent episode of therapy.


Case notes



  • Brief notes based on the themes brought to the session.
  • They are stored with a number and stored separate from other documents that might identify you and in a locked cabinet.
  • These will be destroyed by shredding ten years after the end of the therapy relationship.

Disclosure of information to others

During the course of the therapy, it is my aim that any information disclosed to others is done in a collaborative way, ideally by clients themselves, by supporting them to do so in relation to the protection of self and others.


In rare circumstance, I may need to contact a nominated support person or GP about your situation if I feel you are in serious present danger through harm to yourself.


Under safeguarding principles, I would contact relevant authorities, namely police or social services (or support you to do so), if I became aware of an issue related to the current safety of a child or vulnerable adult or imminent, serious danger to another individual.


Under the law, I would need to contact police if I become aware of activities related to terrorism or serious crime, such as fraud or money laundering. This is because I am duty bound under the law, just as any member of the public would be if they were aware of such information.



Access to your personal information


You have the right to see, receive a copy of and amend any information I hold on you. To do so, please make your request by email to: info@janettewelshpsychotherapy.co.uk and I will aim to arrange this within 21 working days. I would encourage a discussion first to explore the impact on the therapeutic relationship, and where possible, we will discuss the information shared within a session.

Complaints

If you have any complaint about how I handle your personal data, please do not hesitate to contact me. I would welcome your suggestions that may improve my data protection procedures.


If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK.


For more information go to www.ico.org.uk/make-a-complaint

Share by: