What is the General Data Protection Regulation 2018 (GDPR)
The regulation of personal data is laid out in the General Data Protection Regulation 2018 (GDPR), which is available on the ICO website http://www.ico.org.uk. In complying with these GDPR regulations I am obliged to ensure that your personal data is:
By following the GDPR I ensure that any sensitive personal information that you may disclose to me is managed appropriately. This type of information is called ‘special category personal information’. The lawful basis for my use of special categories of personal information is to provide health treatment, in this case counselling, and is therefore a necessary part of your contract with me as a health professional.
Your personal data and how I use it
When you first enquire about therapy I will collect basic personal information for contact and identification reasons. For example, I will need your contact details to be able to get in touch with you to manage appointments and to send you appointment reminder requests if you would like them.
As well as collecting and storing personal information such as name, email address, phone number, and date of birth, I will also ask for the address and name of your GP, but I would only contact your GP under specific circumstances (see the confidentiality section). I may also need you to give me information on medical conditions and prescribed medications relevant to the counselling service provided.
As a record of our counselling sessions, I will keep brief session notes on what we discuss in therapy to remind us both of the work we are doing. These will include personal and sensitive details about your life. The notes are used solely for the delivery of a therapy service to you. These notes will not have your identifying details attached to them such as name, DOB, address and so on.
Storage of personal data
I store all hardcopy personal information and session notes in a locked filing cabinet. Legally, I am required to retain these for 7 years for adults and up to the age of 21 for a child or a teenager, at which time they will be shredded. I will store your contact details and emails electronically. These will be deleted one month after your last session or, in the case of emails, printed as a hardcopy record. All text messages will be stored electronically and deleted within one month of sending.
To ensure confidentiality, all adult sessions will be conducted in accordance with the GDPR regulations. There are particular regulations covering confidentiality arrangements when working with children and teenagers which can be found ‘Working with Children and Teenager Policy.’ (link)
Irrespective of age, all session notes will remain confidential and anonymised under a case number, with the following exceptions:
When you have given your permission to share information for example, statistical data.
In cases where I am compelled to give evidence by a court of law.
If I consider there is a real possibility of harm to yourself or others, or in such instances when the information is of such a nature that confidentiality cannot be maintained for example:
In cases of terrorism, fraud or money laundering.
In all other circumstances I will seek your permission to:
Each time you visit a website Google Analytics automatically tracks information such as your geographical location, IP address, browser type, browser version, operating system, referral source, page views, length of visit, the times and dates you visit the site, navigation paths, and whether you are a new visitor or a returning visitor. When you visit http://www.new-leafcounselling.com the information collected by Google Analytics may be used to customise the website according to your interests and help improve products and services.
Juniper Counselling and Therapies uses Facebook. If you make contact via this means then Facebook’s own privacy policies need to be considered. To access these policies please click on the links below:
Online / Telephone Counselling
Juniper Counselling and Therapies uses Doxy.me. They have their own privacy terms which you can access on their website:
Links to external websites
All personal and sensitive data held by Juniper Counselling and Therapies is held securely. Electronic data stored on a computer is stored on a password protected computer, in a password protected account held on the computer. Hardcopy data is held securely in a locked cabinet with the only keyholder named as Georgina McBurney Data Controller. In the unlikely event of a data breach, I comply with the regulations set out under Article 33 of the GDPR.
Your Rights’ Controlling your personal information
You may choose to restrict the collection or use of your personal information. If you have previously agreed to using your anonymous personal information for continued professional development or marketing purposes you may change your mind at any time by writing to Georgina McBurney at firstname.lastname@example.org
You may request details of personal information which I hold about you under the General Data Protection Regulation 2018 (GDPR). If you would like a copy of any stored personal information, please email me at email@example.com. I aim to keep all personal data up to date, if you believe that any information we are holding about you is incorrect or incomplete, please let me know as soon as possible and I will correct any information found to be incorrect.
Amendments and Updates
This Privacy Notice was last updated in July 2019.
Georgina McBurney is responsible for this privacy notice and can answer any questions you may have regarding it. Please contact me at firstname.lastname@example.org
The ICO can be contacted at:
ICO website: https://ico.org.uk/global/contact-us/
ICO telephone: 0303 123 1113