Information Commissioners Office (ICO) registration reference: ZB051157

Data controller and processor: Angela DePastino

Data subjects: Clients

 

This policy is written with the intention of providing transparent information regarding how Now Therapy control and process personal data.  To find out more about General Data Protection Regulations (GDPR) and your rights, please go to https://ico.org.uk/for-the-public/ or https://ico.org.uk/global/contact-us/

 

The service

Now Therapy provides personal counselling by private contract to clients. In many instances, the counselling agreement (see Counselling Agreement document) is between counsellor and client. Some counselling agreements involve a third party, for example, where parents have brought their child to counselling and fund the counselling, or where a third party such as human resources or private health care company request and fund counselling.

 

Data collection points

Enquiries to Now Therapy are received via a number of channels: in person, telephone, text or email. Initial enquiries usually contain some personal information such as names, emails and telephone numbers. Emails and messages are received via: marketing on the Counselling Directory / BACP Directory / Psychology Today Directory / Instagram and Facebook websites and/or by clicking a link or filling out a contact form on the Now Therapy website. Other data is collected at initial meetings and following each counselling session.

 

Data collection & processing, what information and why do I process it?

Any client data collected and/or retained by Now Therapy (including personal information) is solely processed in order to make relevant contact with and provide counselling services to clients.

 

Personal information collected/processed:

•Full name

•Date of birth

•Home address

•Telephone number

•Email address

•GP name and address

•Emergency contact telephone number and/or email address (where relevant)

•Parent/Carer Name and telephone number and/or email address (where relevant)

 

Other information collected/processed regarding clients:

•Brief session notes made in anonymised form, identifiable only by unique client codes

•Anonymised monitoring information, identifiable by unique client codes

•Text messages

•Emails

​

Third party data collection & processing

The Counselling Directory, BACP Directory, Psychology Today Directory, Instagram and Facebook provide robust information regarding their privacy policies and any processing of personal data to all users which can be found at:

 

•https://www.counselling-directory.org.uk/privacy.html

•https://www.bacp.co.uk/privacy-notice/, 

•https://www.psychologytoday.com/us/privacy-policy, 

•https://help.instagram.com/519522125107875

•https://en-gb.facebook.com/policy.php

​

Now Therapy’s website is hosted by Wix. Your information will be shared via Wix tools.  For more information about how and why Wix store and share information please take a look at https://www.wix.com/about/privacy

 

Data storage, retention & disposal

Now Therapy stores paper records, including personal information, in locked filing cabinets and electronic information in a password protected format/on password protected devices (including email, telephone numbers and text). Session/counselling notes are held separately from personal and identifying information in anonymised format. Data is held for a maximum of 5 years after a client’s last contact with Now Therapy, in line with insurance requirements and GDPR. After this time, data is disposed of securely and confidentially.

 

Data sharing

It is rare that any personal information would be shared. As BACP registered counsellors, anonymised client information is shared with professional supervisors (a requirement of registration) in order to maximise service provision to clients. Personal information will not be shared with any other party without prior client consent, with the exception where Now Therapy believe that not sharing the information would result in the risk of harm to clients or any other person or if there is a legal requirement to do so.

 

In the event that Angela DePastino is in some way incapacitated, all records will be destroyed confidentially by a designated colleague. Every effort will be made to ensure current clients are informed of this action.

 

Counselling agreements

All clients proceeding with counselling are required to consent to both the parameters of counselling and data collection within a detailed counselling agreement. This agreement sets out elements of the counselling contract with a detailed privacy statement prior to a section where personal data is collected.

 

For younger clients, they are required to provide consent themselves where it is deemed that they fully understand what they are consenting to. Parents are requested to provide their consent to their children entering the counselling agreement and required to consent to their own data being processed as detailed, however, this does not mean that they will be privy to any other information the client discloses during the course of counselling, in line with data-sharing above.

 

Where another type of third party is involved, unless we gather personal information pertaining to themselves, they will not be required to provide their consent, any information shared regarding the client (other than attendance information) will be subject to clients’ providing consent.

​

Access to personal data & requests to erase, limit use or amend personal data

As clients consent to and provide personal information, they are informed that they can request access this information at any time and provided with details as to where they can learn more about their rights in relation to GDPR. No charges will be made for accessing personal information and the personal information will be provided at the earliest possible time. Clients also have the right to request that data is erased, limited or amended and the right to be compensated for any harm caused by incorrectly processing personal information.

 

Data breeches

Where there has been a breech to the Now Therapy GDPR policy, for example data has been shared with a third party without consent or data has not been destroyed in a timely manner, the breech will be reported to the ICO within 72 hours.

 

This policy is written with the intention of providing transparent information regarding how Now Therapy, control and process personal data. If you have any queries regarding this policy, please contact us using the details above. To find out more about General Data Protection Regulations (GDPR) and your rights, please go to https://ico.org.uk/for-the-public/ or https://ico.org.uk/global/contact-us/