Privacy & General Data Protection Regulation (GDPR) Policy

This policy is available for download as a pdf here.

The following outlines key information regarding the collection, storage and use of your personal information by

How is your Personal Information Gathered?

  • Information that you provide via my website; various therapy directories such as BACP, Counselling Directory, Psychology Today, or by phone to request further information about my services.
  • If you contact me by email, phone or text message, records of the correspondence may be kept.
  • The pre-counselling Client information sheet.
  • Clinical scoring questionnaires such as PHQ/GAD-7.
  • Brief session notes.
  • Use of inbuilt online conferencing recording tools and hand-held digital voice recorder.

What Personal Information is stored?

  • Personal information such as name, date of Birth, address, phone number(s) and email address.
  • Details of your GP and next of kin with consent to contact if agreed.
  • Background information that might be relevant to counselling.
  • Signed contract(s), GPDR Consent and if agreed to, Consent to record.
  • Clinical records and case notes. This may include sensitive ‘Special Category’ data such as information relating to your physical health, mental health, sexuality and sex-life.
  • If consented to, audio recordings of sessions.

Where is your personal data stored ?

  • All personal data that is collect from you are held securely in digital form on encrypted, password protected devices (Smart Phone / Tablet / Computer); or in Secure ISO 27001:2013³ accredited and / or HIPAA compliant cloud based services.
  • Paper copies of forms and notes are cross-cut shredded after digitising (scanning or transcribing)
  • Brief session notes are anonymised using your initials and are stored on password protected, encrypted hard drives or folders.
  • Whilst we are working together, your phone number is stored in a password protected, encrypted smartphone using your first name and surname initial.

³ Iso 27001:2013 is the International Information Security Standard

⁴ HIPAA is a US act that stipulates how personally identifiable maintained by healthcare industries should be protected from fraud and theft

Uses made of the Information

  • Your contact details are used provide you with information about the service(s) you request from me; to allow you to tell me about changes in your availability and to notify you about changes to my availability
  • Clinical scoring questionnaires may be used to gain an initial assessment and to track progress over time.
  • Clinical Session notes are used to track topics, themes and issues as they arise during the sessions. As well as being a requirement of the (BACP), they support the provision of the best clinical care to you.
  • Audio recordings of sessions (if any) are used for reflection and review and the ongoing professional development of your counsellor. They do not form part of the clinical record.
  • Anonymised information (extracts from clinical notes, clinical scoring questionnaires, audio extracts) may be shared with a supervisor for objective review and feedback.

How long is your personal Information kept?

  • Your client details form, contact details and brief session notes will be retained for as long as we are working together.
  • Clinical session notes and client details will be retained for a further six (6) years after we end, which is a requirement of my professional indemnity insurance.
  • After this time your client details form, contact details, and session notes will be securely erased from all devices and any cloud-based services.
  • Administrative text messages and emails will be deleted within 7 days of being actioned.
  • Audio recordings of our sessions, if any, will be securely erased no later than 4 weeks after they were made.

Disclosure of your Personal Information

Your counsellor at is a registered member of the BACP (British Association for Counselling and Psychotherapy) and the Association for Counselling and Therapy Online (ACTO). As such I am bound to follow the professional and ethical standards maintained by them including those around confidentiality and privacy. Everything that is discussed with your counsellor, whether in person, by phone or by online video-chat is confidential and will not discussed or revealed to anyone else.

The only exceptions to this policy are:

  • In the event of my unexpected incapacity or death, your personal contact information will be disclosed to the clinical executors of my professional will so they can contact you. Any personal Information held on you by will be deleted at this time.
  • If your counsellor becomes aware of an intent to harm yourself or another person, they will need to inform the relevant authorities. Wherever possible, you will be involved in this process.
  • Where there is a legal requirement to disclose information. This may be where there has been a court order, or where the law requires it – such as in cases of terrorism, drug trafficking, or child protection. In these instances, information will be disclosed without notification.
  • Anonymised information (extracts from clinical notes, clinical instruments, audio extracts) may be shared with a supervisor for objective review and feedback.

Periodic Review

This privacy and General Data Protection Regulations (GPDR) policy will be reviewed at least once per calendar year. Any changes will be communicated with 4 weeks’ notice.

Your Rights with Regards to your Personal Information

The GPDR assigns you certain rights with regards to your personal data:

Right to Access

You have the right to make a subject access request in respect of the personal information held by on you. These requests can be made verbally or in writing. If make a request in writing, please send it Requests will be fulfilled within one calendar month of receipt.

I may decide to show clinical records to you only whilst we are together in session.

Right to Rectification

You have the right to have data that I hold about your amended or changed where it is inaccurate of incomplete.

Right to Erasure

You have the right to ask me to erase any information that I hold about you. This includes your personal information that is no longer relevant to original purposes, or if you wish to withdraw consent. In all cases and when considering such requests, these rights are obligatory unless it’s information that I have a legal obligation to retain.

Data Portability

You have the right to ask me for the data that I keep electronically, so that you may provide it to a third party. You can also ask me to provide it directly to another organisation. In either case I will provide the data in a way that makes it possible to be easily used by the third party

Last updated: December 2020

©2024 MattBrooksCounselling - powered by WebHealer

MattBrooksCounseling is a trading name of 416 Consulting Limited