Serenity Counselling Privacy Policy

            Serenity Counselling Privacy Policy                             

Introducton

Your privacy is very important to me, and you can be confident that your personal
Information will be kept safe and secure and will only be used for the purpose it was given to me.

I adhere to current data protec8on legisla8on, including the General Data Protec8on
Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018, and the Privacy and
Electronic Communications (EC Directive) Regulations 2003.

• This privacy notice tells you what I will do with your personal information from the initial
• point of contact through to aRer your therapy has ended, including:• Why I am able to process your information and what purpose I am processing it for
• Whether you have to provide it to me
• How long do I store it for
• Whether there are other recipients of your personal information
• Whether I intend to transfer it to another country
• Whether I do automated decision-making or profiling, and
• Your data protection rights.

‘Data controller’ is the term used to describe the person/organisation that collects and
stores and has responsibility for people’s personal data. In this instance, the data controller
is me.

I am registered with the Information Commissioner’s Office,
Registration Number: ZA406350.

I am happy to talk through any questions you might have about my data protection policy,
and you can contact me via email Admin@SerenityCounselling1.co.uk. For further
information about this policy or any aspect of our data protection, please contact me:

My postal address is: 92 Causeway End Road, Lisburn, BT28 2ED

My email address is: Admin@SerenityCounselling1.co.uk

My telephone number is 07714399352.

My lawful basis for holding and using your personal information

The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. I have
explained these below:

• If you have had therapy with me and it has now ended, I will use legitimate interest
as my lawful basis for holding and using your personal information. Your signed
contractual agreement will confirm understanding of the Privacy Policy.
• If you are currently having therapy or if you are in contact with me to consider
therapy, I will hold and process your personal data as it is necessary for the
performance of the service offered (in this case, counselling) and is necessary for a
contract with a health professional (in this case, a contract between you and me).
• GDPR also requires me to ensure that I look after any sensitive personal information
that you may disclose to me appropriately. This type of information is called ‘special
category personal information’. This data is collected when needed to ensure that
you receive a safe and professional service. The lawful basis for my processing any
special categories of personal information is by consent to provide an appropriate
treatment plan. E.g., Psychometric questionnaires.

How I use your information

Initial contact
When you contact me with an enquiry about my counselling services, I will collect
information to help me satisfy your enquiry. This will include such details as name, address,
date of birth, presenting issues, next of kin, emergency contact details and will be clear on
the assessment form. This will include physical, emotional welfare and relevant historic
informa8on which will assist me in your counselling process.

Alternatively, your GP or other health professional may send me your details when making a
referral, or a parent or trusted individual may give me your details when making an
enquiry on your behalf.

If the client is a child or young person (aged 16 or under), the person with parental
Responsibility may complete the assessment form in consultation with the client and provide the information required. A parental responsibility contract and consent form will be signed
by the same person, including parental consent for the retaining and storing of the child or
young person’s data in accordance with this policy.

If you decide not to proceed, I will ensure all your personal data is deleted or shredded
within two weeks of the date you inform me you do not want to proceed. Where I have
knowledge of a safeguarding issue, or legal action or a concern, I reserve the right to hold
the record until that reason no longer exists.

While you are accessing counselling

Be assured that everything you discuss with me is confidental.

That confidentality will only be broken if there is risk to yourself or others, or you disclose
something to me which has potential for risk or requires monitoring, clearly stated on the agreement signed at the outset. I will always speak to you about this first unless you cannot
be contacted, e.g. a child in session and an immediate concern or a vulnerable person.

I will keep a record of your personal details to help the counselling services run smoothly.
These details are kept securely and encrypted digitally on OneDrive or in paper form in a
locked cabinet and are not shared with any third party. Clinical supervision is part of a
necessary requirement to practce but cases are brought anonymously. The session notes
are coded. The building is alarm-controlled and serviced regularly, as evidenced by
certfication.

I will keep written notes of each session; these are kept for 5 years and are stored in a locked
cabinet in a locked room. Online communication is two-factor protected. For security
reasons, I ensure my telephone is security updated, password protected and password
changed regularly. WhatsApp is encrypted. Video sessions are conducted using VSee, which
is encrypted – they are not digitally recorded.

If there is relevant information contained in a text or encrypted WhatsApp message, I will
ensure that this information is not shared, and the work telephone is safely monitored at all
times. No other party will have access to this except the secretary of the Practice.

Likewise, any email correspondence is held securely on one drive with two-factor security.

After counselling has ended

Once counselling has ended, all your records will be kept for 5 years from the end of our
contact with each other, in keeping with professional insurance requirements and
professional guidelines. Paper records are then securely destroyed. Digital records are
deleted permanently. Where I have knowledge of a safeguarding issue or legal action, I
reserve the right to hold the record until that reason no longer exists.

Third-party recipients of personal data – referrals – e.g., Agencies or Insurance Companies

I sometimes share personal data with third parties, for example, where I have contracted
with a referrer to carry out specific tasks. In such cases, I have carefully selected which
partners I work with. I request that the third party is compliant with data protection
requirements.

Your Rights

I try to be as open as I can be in terms of giving people access to their personal information.

You have a right to ask me to limit how I use your personal information, or to stop
processing your personal information. You also have a right to ask for a copy of any
information that I hold about you, by way of a subject access request. In the interests of best practice, counselling may have to end if processing is requested to be restricted.

If you attended as a couple or as a family, where others have shared personal information in
the sessions, then consent MUST be granted from the other parties before copies of
Information is shared.

You also have the right to ask me to delete your personal information. I reserve the right to
Reject any such request which would be declined because of the relevance of this work.
There is also a requirement to retain client records in order to fulfil professional insurance
and professional indemnity. The information is not erased in the interests of the client’s
welfare. If consent is requested to be withdrawn, counselling will not continue as the service
cannot be provided effec8vely. This is explained under the right for the provider to not erase information.

You can read more about your rights at https://ico.org.uk/for-the-public/

• If I do hold information about you, I will:• give you a description of it and where it came from.
• tell you why I am holding it, and tell you how long I will store your data
• Tell you who it could be disclosed to.
• Share with you a copy of the information if requested.

You can also ask me at any 8me to correct any genuine mistakes there may be in the
personal information I hold about you. The rationale is discussed transparently, and both
parties must be in agreement.

To make a request for any personal information I may hold about you, please put the request in writing, addressing it to Admin@SerenityCounselling1.co.uk A period of no more than – 4 weeks is required for this request to be fulfilled.
If you have any complaints about how I handle your personal data, please do not hesitate to
Get in touch with me firstly by writing or emailing to the contact details given above and
hopefully this can be resolved at the local level.

However, if this is not resolved and you want to make a formal complaint about the way I
have processed your personal informa8on you can contact the ICO, which is the statutory
body that oversees data protection law in the UK. For more informa8on go to
hjps://ico.org.uk/make-a-complaint.

Data Security

I take the security of the data I hold about you very seriously, and as such, I take every effort
to make sure it is kept secure. I use two factor authen8ca8on, OneDrive and have
appropriate locked facilities in a purpose-built building.

Visitors to my website

My website does not offer the facility for the submission of personal information. The
website is hosted by 123Reg. When someone visits my website, I use Google Analytics to
collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This
information is only processed in a way that does not identify anyone. I do not make, and do
not allow Google to make, any attempt to find out the iden88es of those visiting my
website.

I use legitimate interests as my lawful basis for holding and using your personal information
in order to assist you fully and formulate an individual treatment plan.

I use Google Analytics so that I can continuously improve my service to you. You can read
Google Analy8cs privacy no8ce here: https://policies.google.com/technologies/partner-sites

I use WordPress as the content management system for our website – find out about
WordPress and data protec8on here: https://en-gb.wordpress.org/about/privacy/