Privacy Statement, Gary Parsons Counselling
When you trust me with your personal data, I, Gary Parsons, take my responsibility to protect it very seriously. I respect privacy, and your rights to control your personal data. With that in mind, I want to be clear about the data I collect, why I collect it, how it is stored and what happens to it when we stop meeting. I do not and will not sell your data to third parties.
I am registered with the Information Commissioner’s Office under registration number ZA253759. This is checkable by clicking HERE.
Please take a little time to understand my practices regarding how your personal data is managed, in line with current data protection law, which now as of May 2018 incorporates General Data Protection Regulation (GDPR). It's relevant to anyone who uses my services, as data subjects, I refer to all these individuals as "customers", or "you" in this privacy notice.
Please be aware that my website, and social media channels may contain links to third party websites that are not covered by this Privacy Notice. When you correspond with any third parties referenced, my Privacy Notice will not cover your interactions with them. With that in mind, I ask you to consider the privacy statements of other websites and applications, to make sure you understand their individual practices.
Your personal information is kept private and stored securely until it is no longer required or has no use, as detailed below.
As the sole person responsible for data processing I ensure that data is processed in accordance with relevant privacy regulations, and that reasonable measures are taken to protect data from individuals or organisations who should not have access to it, by making use of good practice, technology and organisational safety measures.
If you are a 3rd Party or acting on the behalf of an individual, referring them to my services (such as an EAP work) providing personal data via email or phone, doing so confirms you are in compliance with current data protection legislation and sharing information with their full consent, and that you have directed the individual to this Policy (Gary Parsons Counselling Privacy Statement 2018) which they are satisfied with and understand, liability will not be accepted for your failure to ensure this. Referring agents providing data in this way will be described as ‘3rd parties’ in this policy, which relates specifically to the agreement between you as an individual and myself.
The sole purpose of collecting your data is to provide you with Counselling, offered by myself. I do so to comply with GDPR regulations (Regulation (EU) 2016/679).
Who "I" am
Under the Regulation (EU) 2016/679 of the European Parliament with regards to the processing of personal data and on the free movement of such data - known as General Data Protection Regulation (GDPR) - I need to provide you with certain information about us as a 'data controller'.
I am Gary Parsons, you will know me as Gary Parsons Counselling.
Types of personal information I collect & it’s use
3rd Parties share information based on your prior agreement with them.
I may collect and process the following data about you, this can be via
Name, Address, Date of Birth
Email Address (with permission to contact or not)
Telephone or Mobile Phone Number (with permission to send text message or not, answer message or not) expressly for arranging counselling sessions via a dedicated work email or work mobile phone.
Electronic communication is not necessarily secure from your end of the transaction - not sharing sensitive information and deleting emails when they have served their purpose is good practice from a client perspective.
GP Practice details and registered GP name
Medical conditions relevant to the Counselling service provided.
Prescribed medications taken relevant to the Counselling service provided.
Storage of personal data
Prior to an initial meeting and Counselling Agreement
Data supplied prior to engaging in services for the purposes of arranging appointments is stored electronically via encrypted HD drive and password protected enquiry document. No Phone numbers or emails are stored once read – information is transferred to enquiry form and deleted from email accounts or phone records. If an initial appointment is not made within 31 days any information supplied is deleted.
Following an initial meeting and Counselling Agreement Counselling
Upon our initial meeting, Data supplied will be recorded upon an Initial Assessment form. This paper copy is retained for 5 years following the ending of our sessions (as required by my insurer, Holistic), and is stored in an archive section within a lockable filing system separate from any clinical notes, within my own home.
Information from the Paper Initial Assessment form is transferred to a secure online client management system which is ISO 27001:2013 accredited, which is an internationally recognised information security management standard ensuring a business has stringent processes in place to ensure data confidentiality. Information stored electronically will be retained for 5 years (as required by my insurer, Holistic), following the ending of our sessions.
Mobile phone numbers which are stored on a dedicated password protected work mobile under your client code which is non-identifying, are retained for the duration of the period we are working together – upon ending our counselling agreement mobile numbers are deleted from my mobile and retained only via secure online client management system for the above mentioned 5 years.
Email addresses are not stored by myself via email provider, or on computer or mobile devices. Reminders are sent automatically via bacpac. If personal emails are sent/received, they are deleted immediately as standard practice.
Clinical notes are not recognised under GDPR due to not containing identifiable information due to being anonymised with individual codes. Personal identifiable data relating to Client Codes is stored electronically, on an encrypted HD drive on a password protected document, separate from any clinical notes ensuring confidentiality and security is not compromised, your data is stored for 5 years following your final session.
Reasons/Grounds for storage/processing of Personal data
Grounds for storage/processing
The basis for data collection, processing and storage is both contractual and legitimate business interest. I process this information for identification purposes, to communicate details of services you have requested, ascertain suitability for services offered, to manage contact related to session bookings, payments, and to respond to you when you contact me.
I do not retain or process unnecessary data. What I retain is done so in order to provide you with Counselling services as requested.
Processing may be necessary in order for me to comply with statutory law, professional membership policies and regulations, and insurance policies and my own contractual agreement with you.
I have a legitimate business interest in doing so, which protects my ability to retain information, it being defensible, which is not overridden by rights or ability to opt out, due to the need to in circumstances of legal claim or complaint, defend myself should a dispute between us arise. Processing is necessary for the identification, action or defence of legal claims.
How might I share/process your data?
I will not share information about you unnecessarily. As we will discuss in our Counselling Agreement, particular circumstances require me by law to act, which may breach confidentiality by notifying relevant external agencies. In such cases, you will be made aware, however your permission is not required. Where possible I will endeavour to discuss this with you, unless there are defensible reasons for not doing so;
When I am required to do so by a Court order subpoena (this does not include requests from solicitors),
If you, the client infer involvement in or knowledge of, an act of terrorism, money laundering, drugs trafficking or substantial profiting from proceeds of crime.
In some cases, it may be necessary to make an exception to our confidentiality agreement – this is agreed in our Counselling Agreement contract, and explained fully at the time of accessing services;
Prevention of serious harm to the client or to others – Should I have serious concerns for your immediate wellbeing I may discuss with you sharing this information with your GP or Mental Health team (using details provided as agreed at assessment), to discuss a referral. My ethical stance is to protect life where possible – I do not require permission to contact GP or in relevant cases emergency services should I judge it defensible or in your/public interests to do so,
Should another person, a child, or vulnerable adult be at risk of harm or abuse - This can include historical, current or planned cases. The balance of public interest may outweigh the duty of confidentiality should I assess it as such.
In a medical emergency it may be necessary to share your contact information with relevant emergency services.
Should I become unable to work for reasons of illness or death and be unable to communicate to you, as required by my registered body the BACP, I have a clinical will in place. In the event of this occurrence, a system is in place where my supervisor will be able to access a current client list and their preferred contact method in order to inform you and delete any records help confidentially.
You have the right to be told about the collection and use of your personal data, and how it is processed, which is the purpose of this statement. We can discuss individual aspects in more detail when we meet and set up our Counselling Agreement.
You can submit a right of access request, which details all personal information I hold about you, this request must be submitted in writing and will be responded to in no more than 30 days.
You are also able to request data be amended data as necessary, for example name changes, if there is an error, or you want or express preferences to how your date is used, i.e. Communication, or request that it is transferred.
You can request to have your personal data erased – this means I am unable to continue to provide you a Counselling Service. This request can be declined due to reasons of legitimate interest if applicable as detailed in section 4, where the law, my insurers or professional body requires certain records to be retained.
This Privacy Notice was last updated on 14 July 2018. If it is amended, any changes will be noted here – if relevant or necessary you may be contacted via email to inform of how changes may affect you.
How to contact Gary Parsons Counselling about this privacy notice
Gary is responsible for this privacy notice and can answer any questions you may have regarding it, email at firstname.lastname@example.org.
The ICO can be contacted at:
ICO website: https://ico.org.uk/global/contact-us/
ICO telephone: 0303 123 1113