Privacy Policy

Introduction

Your privacy is very important to me. You can be confident that your personal information will be kept safe and secure and will only be used for the purposes it was given to me. I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

This privacy notice tells you what I will do with your personal information from your initial contact to after the end of your therapy. If you have questions about it, you can contact me at marsha@southwarkpsychotherapy.co.uk.

‘Data controller’ is the term used to describe the person/organisation that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is me.

‘Therapy’ is the term used throughout this document to include individual and relationship counselling and psychotherapy.

I am registered with the Information Commissioner’s Office (ICO) which is the statutory body that oversees data protection law in the UK (Registration number: ZA829291).

My postal address is: Southwark Counselling & Psychotherapy, Unit 1, 25a Blue Anchor Lane, London, SE16 3UL.

My phone number is: 07835 259 868.

My email address is: marsha@southwarkpsychotherapy.co.uk.

My lawful basis for holding and using your personal information

The GDPR states that I must have a lawful basis for processing your personal data. Depending on the stage of our relationship, my lawful basis will either be the performance of our contract, or legitimate interest as follows:

If you are in contact with me to consider therapy or are currently having therapy with me, I will process your personal data as necessary for the performance of our contract.

If you have had therapy with me and it has now ended, my lawful basis for holding and using your personal information is legitimate interest.

The GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called ‘special category personal information’. The lawful basis for me processing such data is provision of health treatment (in this case therapy) and necessary for a contract with a health professional (in this case, a contract between me and you).

You can find out more about lawful bases for processing data, and how these are applied here: ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing

How I use your information

Initial contact

When you contact me with an enquiry about my therapy services, I will collect information to help me satisfy your enquiry. This will include your name, phone number and/or email address. Alternatively, your GP or other health professional may send me your details when making a referral, or a parent or trusted individual may give me your details when making an enquiry on your behalf. If you decide not to proceed, I will ensure all your personal data is deleted within three months. If you would like me to delete this information sooner, just let me know.

While you are accessing therapy

Everything you discuss with me during therapy sessions is normally held in the strictest confidence, however there are exceptions. For example, I may need to break confidentiality if there is a threat of harm to yourself or to others, if you reveal knowledge of terrorist activity, for reasons of child protection or if a court order is received and a legal obligation arises. Wherever possible, and if it is appropriate to do so, I will speak with you first.

Information I keep on secure record includes:

Your personal information, including your name, date of birth, contact details, GP and an emergency contact if you provide one
Your signed Therapy Agreement
Background information you may provide that is relevant to your therapy
Brief, confidential case notes

When you begin therapy, I will assign you a client number. Except for your personal information and signed Therapy Agreement, all information is filed against your client number (not your name) and contains nothing that can be used to identify you.

To contact you in an emergency, I will store your preferred telephone number and email address on a SIM card which is used for therapy business only. This information is saved against your first name and surname initial.

Your contact details will be shared with my Therapeutic Executor, so they can let you know in the event of my death or incapacitation.

For security reasons I do not retain text messages for more than one week. If there is relevant information contained in a text message, I will transfer it to your electronic case notes. Likewise, any email correspondence will be deleted after one week if it is not important. If necessary, email correspondence is kept electronically. If we are in email contact, the information contained within will be accessible by my email hosting provider, Clook. Clook is ISO:27001 (Information Security Management) and ISO:9001 (Quality Management) accredited, and each team member is DBS checked. Their privacy policy is available here: clook.net/legal-documents

I use Zettle to process payments. Their Privacy Policy is available here: zettle.com/gb/legal/privacy-policy

I use Microsoft 365 to manage my business administration. Their Privacy Statement is available here: privacy.microsoft.com/en-gb/privacystatement

After therapy has ended

When we stop working together, I will keep records for one year from the date of our final contact, after which time electronic records will be erased, and paper records shredded. If you would like me to delete this information sooner, just let me know. I will keep my case notes (which do not contain identifying data) for seven years from the date of our final contact. This is a requirement of my liability insurance in case of complaints or legal claims and is a permitted exception to your right to erasure.

Your rights

Under the GDPR, you have the following rights:

To know what information I hold (see above)
To see the information I hold about you, free of charge
To rectify any inaccurate or incomplete personal information
To withdraw consent for me to use your personal information (please be aware, this will mean we can no longer work together)
To request your personal information be erased (I can decline while the information is needed for me to practice lawfully and competently)

If you are unhappy with how I handle your personal data please contact me in writing or by email using the contact details above. I welcome any suggestions for improving my data protection procedures.

If you want to make a formal complaint about the way I have processed your personal data you can contact the ICO. See ico.org.uk/make-a-complaint for more information.

Visitors to the Southwark Counselling & Psychotherapy website

When someone visits the Southwark Counselling & Psychotherapy website, I use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. Neither I nor Google Analytics attempt to find out the identities of those visiting my website.

I use legitimate interest as my lawful basis for holding and using your personal information in this way when you visit my website.

I use Google Analytics so that I can continually improve my service to you. Their Privacy Policy is available here: policies.google.com/privacy

I use WordPress as the content management system for my website. Their Privacy Policy is available here: wordpress.org/about/privacy

Like most websites southwarkpsychotherapy.co.uk uses cookies to help the site work more efficiently. Find out more here: southwarkpsychotherapy.co.uk/cookie-policy

No user-specific data is collected by me or any third party. If you fill in a form on my website, that data will be temporarily stored on the web host before being sent to me.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_DNRB1V7LQE	2 years	This cookie is installed by Google Analytics.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.