A herd of 5 horses galloping along the shoreline on a beach.

Introduction

Your privacy is very important to me and you can be confident that your personal information will be kept safe and secure. It will only be used for the purpose it was given to me. I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. 

I aim to be transparent about the way I process your personal data. This privacy notice tells you what I will do with your personal information from initial contact to after your therapy/coaching has ended, including: 

• Why I am able to process your information and what purpose I am processing it for 

• Whether you have to provide it to me 

• How long I store it for 

• Whether there are other recipients of your personal information 

• Your data protection rights

‘Data controller’ is the term used to describe the person/organisation that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is me. I am registered with the Information Commissioner’s Office: the registration number is ZA897162. I am happy to chat through any questions you might have about my data protection policy.

My phone number is: 07725077374. My email address is: hello@jendaviesowen.co.uk


My lawful basis for holding and using your personal information

The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. I have explained these below: 

·  Past clients: I use legitimate interest as my lawful basis for holding and using your personal information. 

·  Initial enquiries and current clients: I process your personal data where it is necessary for the performance of our contract. 

·  Sensitive personal information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is that it is for provision of health treatment (in this case counselling) and necessary for the contract between us.


How do I use your information?

Any information I hold about you is used for the following purposes:

·   To provide you with the professional service requested from me.

·   To administer my service, including the arrangement of appointments, and handling session payments.

·   At your request, to contact you electronically or by telephone about service information


Website

My website is hosted by SiteGround and managed by WordPress, who adhere to the requirements of GDPR. If you fill in a form on our website, that data will be temporarily stored on the web host before being sent to us. None of your personal information is stored on my website, other than to momentarily collect and send it to my SiteGround email account for the purposes of our initial contact. Every effort has been made to ensure a safe and secure form to email me through my client contact form. 


Cookies

A cookie is a small simple file that is sent along with pages of this website and stored by your browser on the hard drive of your computer or another device. The information stored therein may be returned to our servers or to the servers of the relevant third parties during a subsequent visit. Like most websites I use cookies to help the site work more efficiently. Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie will be stored by a web browser and will remain valid until its set expiry date unless deleted by the user before the expiry date. A session cookie will expire at the end of the user session when the web browser is closed. Cookies can be used by web servers to identify and track users as they navigate different pages on a website and identify returning users.


Permitting the use of cookies

By using this website while the browser settings that you’re using to view this website are adjusted to accept cookies, you consent to cookies being stored in accordance with this policy. You can change your internet browser settings to accept or decline cookies on your device or manage how your browser handles them.


External links

I may provide links to websites of other organisations, or include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. I encourage you to read the privacy notices on other websites you visit.


Initial contact

When you contact me with an enquiry, I will collect information to help me satisfy your enquiry. This will include name, phone number, email address, home address, date of birth and emergency contact information. I collect this information for arranging sessions, invoicing, and in case of emergencies. If you decide not to proceed I will ensure all your personal data is deleted within 12 months (incase you decide to return within this timeframe). If you would like me to delete this information sooner, just let me know.


While you are accessing counselling

Confidentiality

Rest assured that everything you discuss with me is confidential. That confidentiality will only be broken in extreme circumstances and I will always try to speak to you about this first, unless there are safeguarding issues that prevent this: 

·   If I think that you or someone else is at significant risk of serious harm

·   If a child safeguarding issue has been raised

·   If you provide specified details about a serious crime, past or planned, (for example, murder, drug trafficking, money laundering, terrorism)

·  If am legally compelled by a court of law.

Personal details

I will keep a record of your personal details to help the counselling services run smoothly. This includes your name, date of birth, contact details, GP and emergency contact details, background information relevant to the counselling process, medical and health information relevant to the counselling process and session notes. These details are kept in the strictest confidence, stored securely (see data security) and not shared with any third party.

Session notes

I take brief session notes as an aide memoire to therapeutic work and a record of attendance. I will also keep written record of matters in direct relation to your safety or the safety others, or information related to suicide risk, child protection, domestic abuse, or other violent crime, or should I ever need to account for my clinical decisions and/or respond to complaints. This information is kept in the strictest confidence and stored securely, except in certain circumstances which I explain in my confidentiality policy.

Email/SMS

For security reasons, I do not retain general text messages or emails for more than 12 months. If there is relevant information contained in a text message/email I will note the contents and store any attachments securely on a password protected electronic device and this will be deleted after a maximum of seven years after counselling has ended.  


After counselling has ended

Once counselling has ended your records will be kept for five years after we finish working together (in case we recommence work in this time, the notes are required in a court of law, or to support the ethics board if a complaint is raised). In the case of clients under 18, records are kept for up to five years after the client turns 18 (up to the age of 25). After this time, they will be securely destroyed.


Who I may need to share your information with

Third party recipients of personal data

I sometimes share personal data with third parties, for example, where I have contracted with a supplier to carry out specific tasks. In such cases I have carefully selected which partners I work with. I take great care to ensure that I have a contract with the third party that states what they are allowed to do with the data I share with them. I ensure that they do not use your information in any way other than the task for which they have

been contracted.

Exceptional circumstances

There are exceptional circumstances in which I would choose to disclose information about you without your prior consent, but this would only usually be for very serious reasons involving your safety or that of other people, as described in my confidentiality policy.

There are also circumstances, such as a Court order, knowledge of very serious crimes (such as, abuse, murder, terrorism, drug trafficking and money laundering), or a Coroner, when I would be obliged by law to pass on information to the authorities. The police may request your notes; however, I will speak to you first before allowing your notes to be seen. To ensure GDPR is adhered to I will also contact my insurance company and supervisor where appropriate. Under normal circumstances, written consent will be obtained from you before the information is disclosed.

Supervision

I will also need to discuss our work together with my supervisor. I undertake regular supervision so that I can provide you the best standards of care I can. In this process your identity is not revealed unless in exceptional circumstances.

Clinical Will

In the unfortunate unforeseen event of my death, or if I become suddenly ill, incapacitated, or unable to carry out therapy without warning I have a clinical will in place. This means, that if such an event arises, another qualified therapist will gain access to my current clients’ information and notes. They will then contact all my clients currently working with me and discuss referral options. I use ClinicalWill.App to manage my clinical will. Your contact details will be stored securely in the app, and my executor will be able to access these if necessary. Please see https://clinicalwill.app/dpa for their data processing agreement.

Payment information and invoices 

I make a note of payments you have made and invoices on a financial spreadsheet for my business. I am required by law to retain certain financial information for tax purposes. I keep financial information for 7 years as advised by HMRC. Payment by BACS or cash will be processed by my bank transactions may be viewed by employees of the bank and tax HMRC. When payment is made via BACS, your account name or reference (or the name of the person who is paying) may show up on my online or paper bank statements. You have the right to discuss alternative payment options with me.


Data Security: How I store your personal information securely.

Storing paper information securely 

I keep handwritten or printed information about you to a minimum to protect your data. I do not print or keep duplicate information wherever this can be prevented. All handwritten or printed information that has any personally identifying information on it about my clients is kept in a securely locked filing cabinet. 

Keeping electronic information securely stored 

All of your personal information is secured on encrypted, password protected devices. Your personal information is contained in password protected files on an encrypted computer which requires a password to access. I store personally identifiable details (e.g. name, address) in a separate password protected folder to your session notes. Encrypted back-up drives are locked away in a securely locked filing cabinet when not in use. I also use a smartphone to contact you and will store your name and contact details so that I can contact you in case of emergencies. My phone is locked and requires my fingerprint or a passcode to access. Your personal information is visible only to myself and limited access is given to the executor of my clinical will who will use this to contact my current clients in the unfortunate event I am incapacitated and unable to contact you myself.

Remote therapy

If we are working online there may be limits to the security and confidentiality of our sessions, depending on the encryption of the online platform we use. I typically use Zoom for online work unless we agree otherwise. The following link outlines Zoom’s privacy policy.  https://explore.zoom.us/en/privacy/  

Email/SMS

For security reasons, I do not retain text messages and email correspondence for longer than 12 months. If there is relevant information contained in a text message or email I will note the contents and store any attachments securely on a password protected electronic device and this will be deleted after a maximum of seven years after counselling has ended.  

My email is through my webhosting provider, SiteGround. Their privacy policy can be found at the following link (https://www.siteground.co.uk/viewtos/privacy_policy?scid=2&lang=en).  Although I take every effort to keep your data secure, 3rd party email providers may hold your email detail as data. This may be your email provider or my email provider. I suggest you use encryption and security on your computer / phone and emails, read the terms of service your free messaging provider and, are cautious in what information you include when communicating electronically.


Your rights

I try to be as open as I can be in terms of giving people access to their personal information. You can read more about your rights at ico.org.uk/your-data-matters.  

  • You have a right to access the personal information held on you. Please make a formal subject access request (free of charge for the initial request) by emailing hello@jendaviesowen.co.uk. I aim to respond to requests within one month. If it will not be possible within this timeframe, I will inform you in writing as soon as possible.  
  • You can also ask me at any time to correct any inaccurate or incomplete records I hold about you.
  • You have the right to ask me to delete your personal information, although I can decline if this information is necessary for me to practice lawfully and ethically.
  • You have the right to limit how I use your personal information or withdraw consent for me processing your personal information. 

Complaints

If you have any complaint about how I handle your personal data, please do not hesitate to get in touch with me. If you are not satisfied with my reply and want to make a formal complaint about the way I have processed your data, you can contact the ICO. For more information go to ico.org.uk/make-a-complaint. 


Changes to privacy notice

This privacy notice may be updated from time to time. Significant changes will be communicated to current clients in writing.