Privacy Notice

Elena Larina-Bates Counselling and Psychotherapy Sole Trader

Email address psychotherapywithelena@protonemail.com

Telephone number: 07513268130

I am an Accredited Member of the BACP, British Association of Counselling and Psychotherapy

I am registered with the ICO, reference no: ZB323296

This Privacy Information explains how I use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

The personal data that I use is set out in Part 5, below.

Under the GDPR, you have the following rights, which I will always work to uphold:

a) The right to be informed about my collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact me to find out more or to ask any questions using the details in Part 12.

b) The right to access the personal data I hold about you. Part 10 will tell you how to do this.

c) The right to have your personal data rectified if any of your personal data held by me is inaccurate or incomplete. Please contact me using the details in Part 12 to find out more.

d) The right to be forgotten, i.e. the right to ask me to delete or otherwise dispose of any of your personal data that I have. Please contact me using the details in Part 12 to find out more.

e) The right to restrict (i.e. prevent) the processing of your personal data.

f) The right to object to me using your personal data for a particular purpose or purposes.

g) The right to data portability. This means that, if you have provided personal data to me directly, I am using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask me for a copy of that personal data to re-use with another service or business in many cases.

h) Rights relating to automated decision-making and profiling. I do not use your personal data in this way.

For more information about my use of your personal data or exercising your rights as outlined above, please contact me using the details provided in Part 12.

You can read more about your rights at ico.org.uk/your-data-matters or your local Citizens Advice Bureau.

If you have any complaint about how I handle your personal data please do not hesitate to get in touch with me by writing or emailing to the contact details given in Part 12. I would welcome any suggestions for improving my data protection procedures. If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk.

I may collect some or all of the following personal data (this may vary according to your relationship with me: your name, date of birth, address, email address, telephone number, information about your mental health and personal life, reasons for seeking counselling, your availability, emergency contact, GP details.

The UK GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. If you have had counselling with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information. If you are currently having counselling or if you are in contact with me to consider counselling, I will process your personal data where it is necessary for the performance of our contract. The UK GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is that it is for provision of health treatment (in this case counselling) and necessary for a contract with a health professional (in this case, a contract between me and you).

I will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods:

• 5 years, after which time your files and any documents relating to you will be electronically deleted permanently or shredded

• In the event of my death, my supervisor will be responsible for the disposal of all documentation relating to you.

If after our first consultation you decide not to go ahead with counselling sessions with me at this time, I will erase all the information you gave me after 2 weeks.

I will only store or use your personal data in the UK. This means that it will be fully protected under the GDPR.

I will keep a record of your personal data, i.e. your name, address, email and telephone contact details, dates attended and brief notes to help the counselling agreement run smoothly and serve to aid memory about the work, as is standard professional practice. These details are kept securely in a lockable cabinet and\or on the secure cloud-based encrypted practice managing software during the work for maximum of five years following ending counselling, after which they are destroyed securely. If you want me to delete your information sooner than this, please tell me.

Your GP details are held so that they may be contacted in the event that you are considered to be at risk.

Details of someone you wish to be an emergency contact are held in case anything happens to you within our session, such as serious illness and it is considered that someone needs to be contacted to support you beyond the session. It is important that this person is someone that is aware that you are having counselling as this will become apparent if I need to contact them.

For security reasons I do not retain text messages beyond their need, for example, as a reference for a session cancellation and so these are deleted once acknowledged and the conversation has concluded. If there is additional detail relevant to the work contained in a text message or email from yourself, this will be noted in the file notes if necessary. Likewise, any email correspondence will be deleted after the conversation is concluded. In any case, after your counselling has ended, all digital communication will be checked as deleted within one month.

I will not share any of your personal data with any third parties for any purposes, subject to one important exception. In some limited circumstances, I may be legally required to share certain personal data, which might include yours, if I am involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

If any of your personal data is required by a third party, as described above, I will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights.

The BACP requires a commitment to working ethically, therefore as a member, I take being trustworthy as a serious ethical commitment and adhere to the BACP Ethical Framework for the Counselling Professions which requires me to undertake professional supervision with another experienced counsellor/therapist qualified in this process. This process is for my professional practice. Wherever possible, identifiable details are not shared in the supervision process. During supervision sessions, your privacy and confidentiality will be protected by only referring to you by your first name. Any other details relating to your therapy will be anonymised as much as possible. Confidentiality extends to this supervision and with the same exceptions in law and to protect from harm.

Sometimes your personal data may get shared with third parties, for example, where you pay by bank transfer, your details will be shown as a transaction on a statement. I have done everything I can to check that such third parties are also data protection compliant.

If you want to know what personal data I have about you, you can ask me for details of that personal data and for a copy of it (where any such personal data is held) and to object to the use of your personal data in some circumstances. This is known as a “subject access request”. All subject access requests should be made in writing and sent to the email in Part 12. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover my administrative costs in responding. I will respond to your subject access request within 30 days of receiving it. Normally, I aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date I receive your request. You will be kept fully informed of my progress.

If I do hold information about you I will:

• give you a description of it and where it came from.

• tell you why I am holding its, tell you how long I will store your data and how I made this decision.

• tell you who it could be disclosed to.

• let you have a copy of the information in an intelligible form. You can also ask me at any time to correct any mistakes or amend the personal information I hold about you.

I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept secure.

My devices (phone, laptop) are password protected and not left unattended in the presence of others. My email is encrypted. Security software is used to protect all devices and is regularly updated. All paperwork is locked in a cabinet and only myself and my Therapeutic Will Executor have access. Upon my death or serious illness incapacitating me, this person will have instructions to find your personal contact details to contact you.

If there is believed to be a personal data breach, the risk will be assessed and in the event that I believe you, the client, to be or likely to be adversely affected then I will report it to the Information Commissioner’s Office and my professional indemnity insurer and will follow their guidance.

To contact me about anything to do with your personal data and data protection, including to make a subject access request, please use the following details

Email address: psychotherapywithelena@protonmail.com

Telephone number: 07513268130

Due to any further development of my website, changes to Government Regulations or the implementation of new technologies, this Policy will be reviewed. I reserve the right to change this Data Protection information at any time with effect for the future. The revised Policy will be posted to this page so that you are always aware of the information I collect, how I use it and under what circumstances I disclose it. I therefore recommend you read the current Data Protection information again from time to time.