SALMA ALI COUNSELLING
PRIVACY POLICY
In order to provide you with the best service possible I need to hold your personal contact details and records of your sessions. This privacy notice tells you what I will do with your personal information from initial point of contact through to after therapy has ended.
This policy outlines your rights, and my obligations to you, with regard to the recording and storage of your personal information. In this privacy policy I will let you know what information I need to collect from you before we begin therapy, and what information I need to collect from you during sessions. I will also set out how I will look after your personal information, for how long I will store it, and who I will share it with.
I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. I also adhere to the ethical guidelines regarding protecting client privacy and confidentiality set by the British Association for Counselling and Psychotherapy (BACP).
​
The GDPR states:
​
The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information. If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract. The GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately.
The General Data Protection Regulation (GDPR) require that all organisations that store personal information about people may only do so provided that the information is:
-
Processed lawfully, fairly and in a transparent manner.
-
Collected for specified, explicit and legitimate purposes.
-
Adequate, relevant and limited to what is necessary; accurate and, where necessary.
-
Kept up to date; kept in a form that permits identification of information subjects for no longer than is necessary for the purposes for which the personal information
-
Processed in a manner that ensures appropriate security of the personal information
Why do I need to process your personal information?
I need to process your personal information in order to fulfil my contractual obligations to you as a psychotherapist, for example to assess whether I am able to offer you psychotherapy in the first place, and then to deliver effective psychotherapy to you if therapy commences. Your personal information helps guide both my assessment process, and my clinical decision-making during psychotherapy.
I will store your personal information both electronically. Personal information is stored electronically on devices that are password and/or fingerprint I.D. protected, and in files that are further password protected and only accessible by me. Names and contact details are stored separately to other personal information (anonymised format).
At the end of our counselling agreement all session notes will be archived electronically on a password protected drive for a period of 5 years.
Consultation stage:
When you contact me to book your first appointment I will collect some brief information to help me to process your enquiry. I will ask you over the telephone to provide me with the following information: name, telephone number, address, availability, the psychological issues that you would like to address, and symptoms.
This information is requested so that you could be informed if I was unable to attend an appointment due to unforeseen circumstances. If you do not want to be contacted under any circumstances you do not need to provide a contact method.
If you decide not to proceed at this stage your personal data is deleted immediately.
​
Who will my personal information be shared with?
Some of your personal information may be shared with your G.P., or other healthcare professional, under certain exceptional circumstances. These include the requirements of a court of law, the threat of serious physical harm to you or to others, or during regular consultations with my professional supervisor.
Confidentiality will only be broken if there are legal or ethical obligations to disclose, for example, if you disclose abuse/neglect of a child or vulnerable adult, or say something else that implies serious harm to yourself or others, or if a court of law requires me to disclose information.
Complaints:
If you have any complaints about how I handle your personal data, please do not hesitate to get in touch by emailing. If you want to make a formal complaint about the way your personal information has been processed you can contact the ICO which is the statutory body that oversees data protection law in the UK. Helpline number: 0303 123 1113.ICO | Website: https://www.ico.org.uk.
For more information go to ico.org.uk/make-a-complaint.