This policy outlines any information you provide to Shelley Hart Counselling and Therapy. The lawful basis under which your data is processed is ‘Contract’, namely a) to deliver a contractual service to you, b) Because you have asked me to do something before entering into a contract. As a sole trader, I (Shelley Hart) am the Data Controller and am registered with the Information Commissioners Office (ICO) Reference: ZB185136.
How we get your personal information and why we have it:
All of the personal information we process is provided to us directly by you for one of the following reasons:
So that I can follow up on your enquiry
So that I can contact you to book you in for an appointment
To monitor the effectiveness of my website and/or other marketing activity
Protecting your information:
My website has a valid SSL certificate. This is shown by the closed padlock to the left of the address bar on your browser. It means that when you enter your contact details on the site, there’s a secure connection between your computer and my website.
Analytics and cookies:
If you choose me for counselling, the processing of personal data is governed by the General Data Protection Regulation 2018 (GDPR). I comply with my obligations under GPDR in storing and destroying the personal data I collect. I will only share your personal data if I consider you to be a risk to yourself or others or I am requested to do so by law.
I collect and store personal data to provide you with a service of counselling and psychotherapy:
I keep a written record of; information gathered from our initial assessment session; your contact details; details of your G.P; any medication you are taking, dates of sessions attended & the themes in our work. I keep this record for a minimum of 3 years after your final appointment, after which time, unless there is a good reason to hold it longer, it will be securely destroyed.
I store any art or written work created in sessions that you want me to hold for you for the duration of our work only. After our last session, any work you do not want to take away with you will be securely destroyed.
Invoices will include your first name and the first initial of your surname; your address will be omitted. Note: when paying by BACS transfer, your full name will appear on bank statements. However, banks and accountants are bound by GDPR law to protect your data. I share financial information with my accountant, the HMRC banks and other professional services to demonstrate proof of earnings if requested. I keep financial data for the period of time required in law by HMRC, after which they are securely destroyed.
To contact you, I keep the contact details of your first name and phone number in my therapy practice phone and online work diary, which are both fingerprint and password protected. Whilst we are working together, I keep emails and texts until they have been dealt with or responded to, after which they will be deleted at regular intervals unless there is good reason to hold them longer. Following our final session, I delete personal data from my phone and work email.
You have the right to:
Request a copy of your personal data
Request that I correct any personal data found to be inaccurate
Withdraw your consent to the processing of your data at any time
Request that I transfer your data to another data controller
Request a restriction is placed on further processing
Lodge a complaint with the ICO.
Last updated 11/02/22