top of page

 

Client Privacy Policy

​

In May 2018 the Data Protection Act was replaced by the General Data Protection Regulations (GDPR). The changes to the Data Protection Act are aimed at ensuring your personal, confidential, and sometimes sensitive data, is held privately and securely.

​

Why do I hold your data?

​

I only collect data that is necessary for our therapeutic relationship and to ensure that I can contact you and your designated emergency contact person if required. I will write minimal notes after each session which will be stored safety and anonymously as outlined below. You have the right under the Data Protection Act to see your notes.

​

How do I collect your data?

​

All information I will have on file for you will have been provided to me by you. Any information provided to me by a third party will be done with your permission only. There are third party services that collect anonymous information when you visit my website. This is to let me know how many visitors visit my website, which country they are from and how they are utilising it.

​

How will your data be stored? 

​

Personal data that is stored digitally, such as name and address, will be password or passcode protected. Notes that I make after each session will be anonymised and stored separately from the personal data in a separate digital file and/or a locked filing cabinet held behind a locked door. In all cases, personal information is kept separate from anonymised therapeutic notes.

​

How long will I hold your information for? 

​

Records will be stored securely for 7 years after the last interaction with an adult client and up to the age of 25 for a child under 18 when last seen. This is in line with my professional insurance requirements.

​

What if you would like your data to be destroyed before this date? 

​

Under GDPR rules, you can request the deletion of any of your records at any time and I will comply. To do this, please contact me on counselling@ellenvintner.org​. I would have to save your request for deletion but would not save any other data.

​

Can you request a copy of the information held by me? 

​

You may request details of personal information held about you under the General Data Protection Regulations (2018), and I will comply within 30 days. If you believe that any information I am holding on you is incorrect or incomplete, then please email me as soon as possible at the above address. I will promptly correct any information found to be incorrect.

 

When would I share your data?

​

If you or someone else was at serious risk of harm, then I may need to break confidentiality. This would lead me to sharing information with an approved body such as your GP.  I would discuss this with you first to explain my concerns and any actions that may be necessary to keep you or someone else safe. This is in line with the initial contract I will have shared with you at the same time as providing you with this policy.

When working with a person under the age of 18, then I would need to break confidentiality under the same conditions as for an adult. This would also apply if I had a safeguarding concern. In this case I would initially inform the parent or guardian of the young person. The only exception to this would be if speaking to the parent would put the child in danger, in which case I would report to an appropriate body to keep the child safe.

I would also need to break our confidentiality agreement if you inferred knowledge or involvement in harm to a child or vulnerable adult.

If you needed immediate emergency medical assistance, then some limited personal data may need to be shared to keep you safe. If your behaviour required me to call the police as a matter of emergency, then this may also require me to disclose limited personal details. I will always try and speak to you first unless prevented from doing so by the emergency nature of the incident or if I was prevented from doing so legally.

There are limited occasions where I would be legally required to break confidentiality without your permission prior to disclosure including if I was subject to a Court Order, or if you disclosed Acts of Terrorism, Money Laundering, People Trafficking or Drug Trafficking (this does NOT include the recreational use of drugs).

In the event of my incapacitation or death, I maintain a Therapeutic Will with instructions for an Executor to inform you of my status. The Executor will be an appropriate psychologist or counselling professional who will be authorized to access my files in accordance with of my Professional Will so that you can be informed of my absence. This will only occur if I am subject to a significant unplanned absence from practice.

​

Are our discussions within the counselling sessions confidential? 

​

Our discussions are confidential within the parameters set out above. I attend monthly clinical supervision, to ensure that I am always working in your best interest. During supervision your anonymity will always be protected.

​

What if you see me outside of a counselling session? 

​

I will not acknowledge you unless you choose to acknowledge me first.

​

Will I discuss information about you with another health or social care professional? 

​

Only with your written consent. 

 

Who is the Data Controller and what is their ICO registration number? 

​

The data controller is Ellen Vintner and the ICO registration number is C1333709. Questions, comments, and requests regarding this privacy policy are welcomed and should be addressed to counselling@ellenvintner.org

​

bottom of page