Privacy Policy

Rachel Yates Counselling
Client personal information GDPR: Privacy Policy

Under the General Personal information Protection Regulations (GDPR) 2018 I am required by law to inform you about how I process and keep safe the personal information (data) I hold about you. I make every effort to keep all personal information confidential. Your personal information is stored securely and confidentially, and I am bound by the National Counselling Society Code of Ethics (available to view online at https://www.nationalcounsellingsociety.org/about-us/code-of-ethics/). If I discover there has been a breach of your personal information, I will tell you as soon as possible.

Personal information I hold

You have the right to know what personal information I hold, why I hold it, how it is stored, who has access to it, and for how long I hold it. I will keep the following personal information so that I can work safely and professionally with you, in line with the guidelines of the National Counselling Society (NCS).

  1. Your name, address, gender and pronouns – I keep this information in paper form in a locked filing cabinet. Only I will see this information. These are kept separate from your session notes. I will keep this personal information for seven years and after that time it is destroyed. This is required by my professional liability insurer and by my professional organisation (NCS). My supervisor has your first name and phone number kept in their locked filing cabinet, but not your surname or address. My supervisor keeps this information so that you could be contacted in case I became suddenly ill or other emergency, as required by my clinical will. My supervisor will destroy the personal information when you and I finish our work.
  2. Your phone number and email address – I keep this information in paper form in a locked filing cabinet separate from your session notes, and in my mobile phone. My mobile phone is locked with a passcode when I am not using it. Your email address is held in my Gmail account. Neither my computer nor my mobile phone are shared with anyone else. This is needed in case I have to contact you (for example for rescheduling sessions or sending an invoice). I also keep your email address in case we agree to work therapeutically via email, either as a regular arrangement or just occasionally. I will remove this personal information when we have finished our work.
  3. Emergency contact’s name and phone number (if you wish) – I keep this information in paper form in a locked filing cabinet along with your name and contact details. It is unlikely that I would ever use this information, but I hold it in case I become concerned for your welfare and I cannot get hold of you or something happens to you in the session – such as a fall. You and I may agree together on some other reason that I might contact this person, based on your best welfare. When we finish working together, I will delete this personal information. Only I will see this information.
  4. Relevant medical information – I keep this personal information in paper form in a locked filing cabinet along with your name and contact details. It may be relevant to keep or share certain medical information if you have any health conditions such as seizures, diabetes, etc which may impact a session, or you have any allergies that I should be aware of. Only I will see this information and I will delete this personal information when we finish working together.
  5. Session notes – notes may include dates and times of attendance and brief notes on important themes from the session. I do not keep detailed session notes. I keep brief session notes in paper form in a locked filing cabinet. Your name or other identifying details are not kept with your session notes; only a code is used. Notes are used to remind me of important points I want to be sure to remember and/or to discuss in supervision. When our work finishes the notes will be destroyed after three years. If you would like me to retain them for a longer period, please discuss this with me. Only I will see this information.
  6. Payment information and invoices – I make a note of payments you have made and invoices on a password-protected financial spreadsheet for my business. I am required by law to retain certain financial information for tax purposes. I keep financial information for 7 years as advised by HMRC. Payment by BACS or cash will be processed by my bank, transactions may be viewed by employees of the bank and tax HMRC. When payment is made via BACS, your account name or reference (or the name of the person who is paying) may show up on my online or paper bank statements. You have the right to discuss alternative payment options with me.
  7. My emails/texts to you, and yours to me – I may delete emails / texts after I have noted the contents (for example, emails around scheduling). Electronic correspondence will also be held by the corresponding app (Gmail, Phone’s SMS, WhatsApp). I may keep emails/texts if I consider them necessary to our work. I will delete emails/texts when our work ends, and only I will see the information.
  8. Website – none of your personal information is stored on my website, other than to momentarily collect and send it to my Gmail account for the purposes of our initial contact.

Sharing information

All information disclosed during counselling is confidential. However, there are legal exceptions. For example, if you reveal a threat of harm to yourself or to others, or information relating to terrorism or harm of a child, or if a court order is received and a legal obligation arises. In such a situation, the law may require that I share your personal information without your knowledge.

If your health is in jeopardy (provided I have your consent) I may share your contact information and relevant medical information with an emergency healthcare service (e.g. ambulance).

Your Rights under GDPR

  • To be informed what personal information I hold (i.e. this document).
  • To see the personal information I hold about you (free of charge for the initial request).
  • To rectify any inaccurate or incomplete personal information.
  • To withdraw consent to me using your personal information.
  • To request your personal information be erased. Though I can decline if the information is needed for me to practice lawfully and competently
  • To receive the personal information which you previously provided, and the right to transfer that information to another party.

For the purposes of the General Personal information Protection Regulations (GDPR) 2018, the personal information “controller” is Rachel Yates – Rachel Yates Counselling. If you have any other questions regarding how your therapy client personal information GDPR is processed and handled, please do not hesitate to discuss with me.

A printed copy of this statement will be given to you when we first meet for counselling. If we agree to continue working together, I will ask you to sign the printed copy of this statement to indicate your agreement.