Privacy Statement
I would like to provide you with information about the information I collect, what I use it for, with whom I share it and what rights you have. This is in response to the EU’s data privacy law, the General Data Protection Regulation (GDPR) which came into force on May 25th 2018.
Enquirers, clients and former clients
The main legal basis I use for processing enquirer’s, clients’, and former clients’ personal information is a combination of contract and legitimate interest. That is, in order for me to be able to fulfil my responsibilities as a counsellor, I will need to record personal information about you. Under an identifying code I will also take notes of ‘consultation information’, that is relevant medical information and aspects of your personal social and family history that you choose to share with me.
-
• Contact information - such as name, address, phone number, email address
• Emergency contact number and person; GP details
• Background information as part of the initial assessment and summary notes of sessions -
• From your initial inquiry I will take your email address and phone number - depending on how you have contacted me.
• At our initial consultation appointment, I will record your name, address, emergency contact number and GP details. These will be kept securely so that only I may access them. -
I will store your personal data for as long as may be required by law, or as required under any contract. If there is no legal requirement, I will retain information about you for seven years past the end of our working together. This is so that I have a reference of our work should you return, and to comply with standards of good practice.
Mobile phone and email
• If we agree to communicate by text or by email, these records are kept in the phone until they are deleted. I will hold your name and telephone number on my mobile phone until our work comes to an end and then I will delete it from my contact list.
• My mobile phone is a smart phone and could therefore also have your texts, and email and email address available on it. The phone is password protected and details are stored in ‘the cloud’ so they can be restored if my phone is lost or stolen as well as destroyed through remote deletion.
• My suggestion is that we solely use email and texting for information exchanges related to times of sessions, lateness etc and not to discuss any more personal information. If we agree on something more than that, then we would need to look at encryption applications. If you would like all emails to be encrypted, I recommend using Protonmail which is a free app that we would both need to use to ensure emails are encrypted. Texts can be encrypted and sent via signal. Both have android and apple application options. Let me know if you would like to do this.
Electronic data
• I may make some notes of our work together under an identifying code. These notes when made will be a brief factual record of the session. The notes are held in a password protected file in my password protected and encrypted computer to which no one else has access. These notes will be held for a period of three years after the cessation of counselling except where I agree with you to retain them for longer or where I believe that it is in my best professional interests to do so.
• Appointments are kept in my digital calendar with initials. It is not available to anyone else and is coded.
Bank account
• Your name will appear on my bank account statements which are password protected online.
Paper
• Any paper notes or bank statements will be kept under lock and key in a secure location. -
• I will take appropriate technical and organisational measures in line with applicable data protection laws to use appropriate measures to protect your personal data.
• This information will be retained in separate locations (keeping your name and contact details apart from the consultation notes) in password protected files, on a password protected computer which has virus protection software installed as well as being fully encrypted. I am the only person who will have access to this information unless there are circumstances where I am unable to contact you for some reason.
• Your contact details alone will be shared in exceptional circumstances with a colleague in the event that I am incapacitated so that they can contact you to explain the situation. The details of this arrangement are set out in my professional will.
• Your contact details will be used solely to contact you. Other personal data such as your name, address and/or date of birth will be used to verify your identity if there is a need to contact your G.P. or a request for access to personal data from yourself or your representative or legitimate legal instrument such as a court order. Your contact details will not be used for any other purposes.
• This personal information will be held for a period of three years after the cessation of our therapeutic relationship, except where there is a mutually agreed decision to retain it for longer or where I believe that it is in my best professional interests to do so. We will have agreed to this. -
I may make information from these notes available to legitimate third parties under the following conditions:
• Receipt of a request from you or your representative, and where the release of the notes is not judged by me as likely to cause you significant harm or harm to another person
• Where there is a specific legal requirement for me to do so
• Where there is an ethical duty for me to do, for example to avoid serious harm to yourself or another person, including the safeguarding of children or vulnerable adults.
• Your contact details alone will be shared in exceptional circumstances with my supervisor or other named agent in the event that I am incapacitated so that they can contact you to explain the situation. The details of this arrangement are set out in my professional will. -
• You have the right to ask to see any information held by me about you. To do this please either ask me, or submit a request in writing. You also have the right to ask for information that you believe to be incorrect to be rectified. I will endeavour to provide you with the information requested within four weeks.
• If I become aware of a situation where your personal information may have accidentally or maliciously been obtained by a third party I will notify you within three days. If you are concerned about the way that your information is being held please discuss this with me. If you are still unhappy you have the right to complain to the Information Commissioner's Office (ICO).
Visitors to my website and social media platforms
When someone visits my website I may use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site, so I can improve my website. This information is only processed in a way that does not identify anyone. I do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
Google Analytics Privacy Notice: https://policies.google.com/privacy/partners?hl=en-GB&gl=uk
My website is built using Sqaurespace. You can find the Squarespace Privacy Notice here: https://www.squarespace.com/privacy
Like most websites my site uses cookies to help the site work more efficiently – for more information visit www.allaboutcookies.org. My website may from time to time use cookies and log files:
for statistical analysis
to understand user behaviour
to administer the site
to tailor the information presented to a user based on their preferences,
and to improve the user experience.
Any information gathered by our use of cookies is compiled on an aggregate, anonymous basis. You can set your browser not to accept cookies, and the above website tells you how to block cookies from your browser. However, in a few cases some of my website features may not function as a result.
If you fill in a form on my website, that data will be temporarily stored on the web host before being sent to me.
Where I provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. I encourage you to read the privacy notices on the other websites you visit.
I have a presence on various social media platforms, in order to raise awareness of issues of interest and to promote my services. Currently I have a presence on Facebook, Twitter, and LinkedIn. To find out how these companies use your data and how you can control the way they use your data please refer to their privacy policies, which should be available on their websites.
Please do not use social media to communicate with me about clinical matters. Although you are welcome to “like” or “follow” these profiles, please be aware that this constitutes a public communication and may compromise your privacy. I do not add clients or former clients as “friends” or “contacts” as this could compromise professional boundaries.
If you engage with me via these platforms I will not usually collect or store your personal data. Where I am collecting personal data for future use, I will let you know and provide you with details about the intended use.
-
• The controller of your personal data is myself, Stephanie Baum. I am registered with the I Information Commissioner’s Office (ICO) (ICO registered number ZB259067)
• If you want to exercise your data subject rights or if you have any other questions concerning this Data Privacy Statement, please submit your request to me directly via stephanie@stephaniebaum.com -
I may update this Data Privacy Statement as and when necessary. Any changes to this Data Privacy Statement will become effective as of the date it is published, or as otherwise required by law. You will be advised of any updates and changes. (Last updated on: 07 February 2022).