Counselling professional body - I follow the code of Ethics and Practice of the British Assosication of Counselling and Psychotherapy ("BACP").
Client personal information: GDPR
Your personal information is stored securely and confidentially, either electronically, using codes with password protection or in paper format which is stored in a locked cabinet, coded for protection. The data collected is used to enable effective communication during the therapeutic process, it is used in a safe and ethical manner in accordance with the BACP Ethical Framework and the EU General Data Protection Regulations (GDPR) 2018. I will only store any personal information which is relevant to the therapeutic relationship.
Confidentiality - It may become necessary to share your data with a third party if I feel you, or someone else is at risk of significant harm including children and vulnerable adults. Unless the risk is imminent, this will be discussed with you before appropriate disclosure. I would only do this in extreme circumstances and would try to discuss it with you first before taking any action. I have a legal obligation to break confidentiality in compliance with a court order, drug trafficking, money laundering or acts of terrorism. From time to time I will discuss our work with my clinical supervisor. This is standard practice for psychotherapists at all levels of experience and it supports me to work as well as I can with you. My clinical supervisor is bound by the same confidential and ethical practice as I am.
Personal information I hold - You have the right to know what personal information I hold, why I hold it, how it is stored, who has access to it, and for how long I hold it. I will keep the following personal information so that I can work safely and professionally with you, in line with the guidelines of the BACP. .
1. Your name, address and pronouns – I keep this information password protected, only I will see this information. These are kept separate from your clinical notes. I will keep this personal information for five years. After that time it is destroyed. This is required by my professional liability insurer and by my professional organisation (BACP).
2. Your phone number and email address - This information is needed in case I have to contact you (for example for rescheduling sessions or sending an invoice). I also keep your email address in case we agree to work therapeutically via email, either as a regular arrangement or occasionally. I will delete emails once I have read them, unless necessary to keep for a period of time (examples could be if I am on holiday or sick and unable to check emails). I may add what I perceive as relevant information from emails to your clinical notes for our therapeutic work. I may access emails on my mobile phone which is locked with a passcode (and has finger print i.d.) when I am not using it. Your email address is held in my Gmail account, which is password protected. When reading or writing emails on my Macintosh computer, I use a password to be able to access it. I will keep your email address and telephone number stored in a password protected computer file document, separate to your clinical notes, where a unique code is used to identify you. If I save your telephone number into my mobile telephone, I will use your unique client code in order to maintain confidentiality.
“When possible, Gmail protects your info by automatically encrypting your emails, which turns them into a code during delivery. This security tool is called Transport Layer Security (TLS) and helps prevent others from reading your emails.” (Gmail, October 2019
3. Emergency contact name and phone number (if you choose) – I keep this information password protected with your name and contact details. It is unlikely that I would ever use this information, but I offer to hold it in case I become concerned for your welfare and I cannot contact you. You and I may agree together for some other reason that I might contact this person, based on your best welfare. When we finish working together, I will delete this personal information. Only I will see this information.
4. Relevant medical information (if you choose, or if discussed in sessions) – I keep this personal information in password protected electronic form or paper form along with your name and contact details. It may be relevant to keep or share certain medical information if you have any health conditions such as seizures, diabetes, etc which may impact a session, or you have any allergies that I should be aware of. Only I will see this information and I will delete this personal information when we finish working together.
5. Clinical session notes – notes may include dates and times of attendance and brief notes on important themes from the session. I do not keep detailed session notes. I keep brief session notes on my password protected computer. Your name or other identifying details are not kept with your session notes; only a code is used. Notes are used to remind me of important points I want to be sure to remember and/or to discuss in supervision. The notes will be destroyed five years after our work finishes. Only I will see this information.
6. Payment information and invoices – I make a note of payments you have made and invoices on a password-protected financial spreadsheet for my private practice. Your unique client reference code is used. Bank statements will show your name if you pay by bank transfer. I am required by law to retain certain financial information for tax purposes. I keep financial information for 7 years as advised by HMRC. Payment by BACS or cash will be processed by my bank, transactions may be viewed by employees of the bank and tax HMRC. When payment is made via BACS, your account name or reference (or the name of the person who is paying) may show up on my online or paper bank statements. You have the right to discuss alternative payment options with me.
7. My emails, texts and WhatsApp messages to you, and yours to me – I may delete emails/texts/WhatsApp messages after I have noted the contents (for example, emails around scheduling). Electronic correspondence will also be held by the corresponding app (Gmail, Phone’s SMS, WhatsApp). I may keep emails/texts/WhatsApp messages if I consider them necessary to our work. I will delete emails/texts/WhatsApp messages when our work ends and only I will see the information.
“WhatsApp's end-to-end encryption is available when you and the people you message use our app… WhatsApp's end-to-end encryption ensures only you and the person you're communicating with can read what is sent, and nobody in between, not even WhatsApp. This is because your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. For added protection, every message you send has its own unique lock and key. All of this happens automatically…” (WhatsApp, October 2019,
9. iCloud - I use a Macintosh computer, which uses iCloud, a cloud storage and cloud computing service from Apple Inc. iCloud provides the means to wirelessly back up iOS devices directly to iCloud. To view iCloud security overview please go to: To view their Privacy Governance please go to:
8. Website – my website does not contain any personal information about my clients. If you click on the email link to contact me, the website will momentarily collect and send it to my Gmail account for the purposes of our initial contact. If you choose to make contact with me on my 'Get in Touch' page this is via 'Wix Forms' 1.) an automated email with its content is sent to my Gmail email account 2.) an automated message is sent by Wix with the Form content to my Wix message Inbox. I will delete this Wix Form message after reading it. Please do not not include personal information in the Wix Form as an additional security measure. I use a personal mobile phone. Please consider this in the information you leave in the voice message. All messages will be played and deleted daily, except in holiday or sick periods.
Your Rights under GDPR:
· To be informed what personal information I hold (i.e. this document).
· To see the personal information I hold about you (free of charge for the initial request).
· To rectify any inaccurate or incomplete personal information.
· To withdraw consent to me using your personal information.
· To request your personal information be erased. Though I can decline if the information is needed for me to practice lawfully and competently.
· To receive the personal information which you previously provided, and the right to transfer that information to another party.
For the purposes of the General Personal information Protection Regulations (GDPR) 2018, the personal information “controller” is Anusia Manduk-Cheyne – or Anuisa Manduk-Cheyne Counselling. If you have any other questions regarding how your therapy client personal information GDPR is processed and handled, please do not hesitate to discuss with me.
The ICO website:
My ICO registration number: ZA545048