Data Protection Policy

Data protection policy and GDPR

Data protection policy and GDPR

Under GDPR, we need to tell you what data we collect about you and what we intend to do with it. This data protection policy sets out how we collect, process and protect your data.

If there is any specific data that you do not want us to keep, please let us know. However, this may affect our ability to offer you an appropriate counselling service.

The legal basis on which we collect your data

When you use our website or otherwise provide data informally, the data is collected and processed based on your having given Consent. You can withdraw your consent at any time, and we will delete your data.

When you start counselling or book an event, we enter a contract to deliver a service. Data is then collected and processed on the basis on Contract.

How we obtain your data

In most cases, the data we process is obtained directly from yourself. If a third party referred you, they might have given us some information about you. The information would typically include your name, contact details and your relationship to the referrer. However, we have no control over the information they supply. Additionally, when you use our website, we receive some information, such as your IP address and browser details.

The data we keep and how we use it

Here we list the data we might keep about you. It is impossible to have a comprehensive list, and we do not keep all this information for every client. We only record, and save the information we need.

Name, age and date of birth: this helps us get to know you and identify you.

Relationship status, partner’s name and age and how long you been in this relationship: this information helps us understand your current domestic situation.

Address, email address, phone number(s): We need this information to contact you.

Doctor and emergency contact details: We have a duty of care towards you and, sometimes, might need an emergency contact. We also might need to contact your GP if, for example, you were at risk of serious harm. Except in the most exceptional circumstances, we would contact no one without your prior knowledge and consent.

Employment, living situation and support: We use this information as part of our client assessment process, helping us deliver the best service.

School/employer/agency details: We collect this information where a third-party is paying so we can invoice them for the work we do.

Parents, siblings and children: We often need to know something of your background as part of the assessment process.

Broader familial information: Sometimes, we need more extensive family information. This information is necessary to understand the client’s world and, potentially, for child/vulnerable adult protection purposes.

Assessment forms/scores: We might use assessments as an audit of the effectiveness of our work as part of the assessment process.

Session notes: Counsellors keep brief, factual notes as a record of your work together.

Recordings of sessions: Sometimes, we might record a session as a record of our work together or for use in clinical supervision and professional development.

Correspondence: We might store copies of any communication as part of your clinical notes.

Referral information: We need to keep third-party referral details for invoicing purposes. We might use some referral information as part of your initial assessment.

Appointment/attendance/fees: Appointment, attendance and payment details are required for scheduling, reporting, invoicing and accounting purposes.

CCTV: We have CCTV protecting the premises. We rarely access the recordings. We do not use facial recognition.

IP address and metadata: When you use our website, we receive and process your IP address and data about your device and web browser. We need this information to deliver the website. For further details, see our Privacy Policy.

Cookies: Cookies are used to make parts of our website work and for website tracking and analytics. Full details are in our Cookie Policy.

Web forms: When you submit a form on our website, the details are sent to us by email. Google processes our emails through its GSuite package.

Sharing your data

We will never sell your data or use it for any purpose we have not agreed.

We might share your essential contact details and appointment times within our organisation so we can contact you in an emergency.

We might also share information:

  • if you disclose information related to terror or terrorist activities
  • if you or anyone you identify to us is at serious risk of significant harm
  • in clinical supervision
  • as explicitly directed by a court order or coroner request
  • according to your explicit, written instruction
  • to invoice for our work (reference and attendance information only)
  • in a discharge/progress report, if required, and with your consent

We would only share the minimum necessary information. Where possible, we would get your explicit consent before sharing any data.

How we will store your data

We store all physical documents in a locked filing cabinet and electronic records in an encrypted computer system.

How long we store your data and how we dispose of it

We keep session notes and contact details seven years after our last contact (or seven years after you turn 18, whichever is longer). We destroy any audio, video and similar recordings after three months.

We destroy all records by physical or electronic shredding or similar methods of secure destruction.

Data access

You may request access to any data we hold about you. Please make any request in writing to Counselling Matters, 26 Waterloo Road, Waterloo, Liverpool, L22 1RF or using our contact page.

We will respond to any valid request within 28 days of receipt.