
Privacy Notice
Counselling Professional Body
I follow the Codes of Ethics and Practice of the British Association of Counselling & Psychotherapy (“BACP”). A copy of the code can be accessed here: https://www.bacp.co.uk/events-and-resources/ethics-and-standards/ethical-framework-for-the-counselling-professions/
Client personal information: GDPR
Your personal information is stored securely and confidentially, either electronically, using codes with password protection or in paper format which is stored in a locked cabinet, coded for protection. The data collected is used to enable effective communication during the therapeutic process, it is used in a safe and ethical manner in accordance with the BACP Ethical Framework and the EU General Data Protection Regulations (GDPR) 2018. I will only store any personal information which is relevant to the therapeutic relationship.
Confidentiality
It may become necessary to share your data with a third party if I feel you, or someone else is at risk of significant harm including children and vulnerable adults. Unless the risk is imminent, this will be discussed with you before appropriate disclosure. I would only do this in extreme circumstances and would try to discuss it with you first before taking any action.
I have a legal obligation to break confidentiality in compliance with a court order, drug trafficking, money laundering or acts of terrorism.
From time to time I will discuss our work with my clinical supervisor. This is standard practice for psychotherapists at all levels of experience and it supports me to work as well as I can with you. My clinical supervisor is bound by the same confidential and ethical practice as I am.
Personal information I hold
You have the right to know what personal information I hold, why I hold it, how it is stored, who has access to it, and for how long I hold it. I will keep the following personal information so that I can work safely and professionally with you, in line with the guidelines of the BACP.
1. Your name, address and pronouns – I keep this information password protected, only I will see this information. These are kept separate from your clinical notes. I will keep this personal information for five years. After that time it is destroyed. This is required by my professional liability insurer and by my professional organisation (BACP).
2. Your phone number and email address - This information is needed in case I have to contact you (for example for rescheduling sessions or sending an invoice). I also keep your email address in case we agree to work therapeutically via email, either as a regular arrangement or occasionally. I will delete emails once I have read them, unless necessary to keep for a period of time (examples could be if I am on holiday or sick and unable to check emails). I may add what I perceive as relevant information from emails to your clinical notes for our therapeutic work. I may access emails on my mobile phone which is locked with a passcode (and has finger print i.d.) when I am not using it. Your email address is held in my Protonmail account, which is password protected. When reading or writing emails on my Macintosh computer, I use a password to be able to access it. I will keep your email address and telephone number stored in a password protected computer file document, separate to your clinical notes, where a unique code is used to identify you. If I save your telephone number into my mobile telephone, I will use your unique client code in order to maintain confidentiality.
3. Emergency contact name and phone number – I keep this information password protected with your name and contact details. It is unlikely that I would ever use this information, but I offer to hold it in case I become concerned for your welfare and I cannot contact you. You and I may agree together for some other reason that I might contact this person, based on your best welfare. When we finish working together, I will delete this personal information. Only I will see this information.
4. Relevant medical information/GP details (if you choose, or if discussed in sessions) – I keep this personal information in password protected electronic form or paper form along with your name and contact details. It may be relevant to keep or share certain medical information if you have any health conditions such as seizures, diabetes, etc which may impact a session, or you have any allergies that I should be aware of. Only I will see this information and I will delete this personal information when we finish working together.
5. Clinical session notes – notes may include dates and times of attendance and brief notes on important themes from the session. I do not keep detailed session notes. I keep these brief session notes in hardcopy which is store in a locked filing cabinet. I may reflect on my own experience, which is confidential to me. Your name or other identifying details are not kept with your session notes; only a code is used. Notes are used to remind me of important points I want to be sure to remember and/or to discuss in supervision. The notes will be destroyed five years after our work finishes. Only I will see this information.
6. Sharing and receiving of signed documents via email - please password protect documents that need signing between us.
Email 1.) send the document(s) in an email attachment password protected
Email 2.) include the password(s) for the document(s) separate from the email containing the documents
Please do not send me the password protected documents and passwords in the same email.
As an additional security measure, please do not title email subjects to me with words such as ‘therapy’ or ‘counselling’. You may choose to use more generic subjects such as, ‘inquiry', ‘information request’ etc.
TIP: If you need support to understand how to password protect documents you can find this information via a search engine using terminology or words like ‘how to password protect a Word document’ (as example).
The documents will be stored on my password protected Macintosh computer and/or as hard copies and stored in a locked filing cabinet.
7. Therapeutic email/instant messaging work: anything written by myself within therapeutic email exchanges is considered confidential to me. I request you do not share my writings with anyone or on any type of platform online, in hard copy or any other format. I do not store these therapeutic exchanges.
8. Payment information and invoices – I may make a note of payments you have made and invoices on a financial spreadsheet for my private practice and also in my paper diary. Your unique client reference code is used. Bank statements will show your name if you pay by bank transfer. I am required by law to retain certain financial information for tax purposes. I keep financial information for 7 years as advised by HMRC. Payment by BACS or cash will be processed by my bank, transactions may be viewed by employees of the bank, tax HMRC and/or my accountant. When payment is made via BACS, your account name or reference (or the name of the person who is paying) may show up on my online or paper bank statements. You have the right to discuss alternative payment options with me.
9. My emails, texts and WhatsApp messages to you, and yours to me – I may delete emails/texts/WhatsApp messages after I have noted the contents (for example, emails around scheduling). Electronic correspondence will also be held by the corresponding application (Protonmail, Phone’s SMS, WhatsApp as examples). I may keep emails/texts/WhatsApp messages if I consider them necessary to our work. I will delete emails/texts/WhatsApp messages when our work ends and only I will see the information.
10. Online voice/video/instant messaging - You may choose to work with me online with voice/video/instant message, where we will use Zoom, a cloud platform using mobile devices. We may use Signal which is end-to-end encrypted, as is Zoom. Please check directly on their terms of services from time to time as they may make updates to their polices. I will not record any of our work using Zoom, Signal or any other recording systems and request that you do not either.
11. iCloud - I use a Macintosh computer, which uses iCloud, a cloud storage and cloud computing service from Apple Inc. iCloud provides the means to wirelessly back up iOS devices directly to iCloud.
12. Website – my Wix website does not contain any personal information about clients. If you click on the email link to contact me, the website will momentarily collect and send it to my Protonmail account for the purposes of our initial contact. If you choose to make contact with me on my 'Get in Touch' page this is via 'Wix Forms' 1.) an automated email with its content is sent to my Proton email account 2.) an automated message is sent by Wix with the Form content to my Wix message Inbox. I will delete this Wix Form message after reading it. Please do not not include personal information and/or sensitive information in the Wix Form as an additional security measure.
13. PayPal - If we agree to pay via PayPal personal data is collected by PayPal. Please go directly to PayPal.com for their up to date privacy statement.
14. Client feedback/testimonials - to me via my Wix website is confidential unless you tick the box consenting for me to use your client feedback/testimonial for promotional materials, including my website. Your name is not requested in the form, and will not be used in any type of promotional materials.
15. This policy may be updated from time to time, please check my website for updates.
16. I am based in the UK and governed by UK jurisdiction.
I use a personal mobile phone. Please consider this in the information you leave in the voice message. All messages will be played and deleted daily, except in holiday or sick periods.
Sharing information
Your Rights under GDPR:
· To be informed what personal information I hold (i.e. this document).
· To see the personal information I hold about you (free of charge for the initial request).
· To rectify any inaccurate or incomplete personal information.
· To withdraw consent to me using your personal information.
· To request your personal information be erased. Though I can decline if the information is needed for me to practice lawfully and competently
· To receive the personal information which you previously provided, and the right to transfer that information to another party.
Data Controller
For the purposes of the General Personal information Protection Regulations (GDPR) 2018, the personal information “controller” is Anusia Manduk-Cheyne – or Anusia Manduk-Cheyne Counselling/Noosh Manduk-Cheyne Counselling. If you have any other questions regarding how your therapy client personal information GDPR is processed and handled, please do not hesitate to discuss with me.
The ICO website: https://ico.org.uk/
My ICO registration number: ZA545048