This privacy notice makes clear how your personal data is collected, processed and stored securely to comply with the new GDPR law of 25th May 2018. It also covers your legal rights.
It is important that you know this Privacy Notice applies only to Sarah Sugarman, Practice Owner.
This notice applies to counselling clients, or potential clients.
My name is Sarah Lisa Sugarman, and I am the Sole owner of Sarah Sugarman, Psychotherapy & Counselling (www.counsellingtherapypractice.com). As such, I am both Data Controller and Data Processor.
I am contactable at [email protected]
I ensure that only data that is 'absolutely necessary for the completion of duties' is processed and stored.
I ensure that your data is processed lawfully and fairly and in a transparent manner.
I ensure that your data is accurate and where necessary, kept up to date.
I ensure that your data is secure.
I ensure that your data is NOT kept longer than is absolutely necessary.
WHAT KIND OF DATA IS COLLECTED?
Data collected from a private individual (client or potential client):
For me to deliver the service I will need to collect your contact details. I will also record dates of attendance, location of attendance and fees paid. Additional data: You may choose to share (either verbally or in writing) data regarding your reasons for counselling, personal circumstances which may include sensitive data. IMPORTANT: I ONLY collect, process and store factual objective data. This may include sensitive data, any data you or anyone else chooses to share with me which is outside of this remit, such as subjective opinions, will not be processed and will be securely destroyed. Please note that the use of my website contact form, informs me of your IP address.
Data collected from general enquiries
I will respond appropriately to enquiries about the counselling & psychotherapy service. Should you be enquiring in writing about counselling on behalf of someone other than yourself, and share data about this person - I will securely destroy any personal data regarding the other person following my response to you. Should the person choose to take up the service, I will inform them of what I already know, via you, a 3rd party. Important: I only collect, process and store factual objective data. This may include sensitive data. Any data outside of this remit such as subjective opinions, will not be processed and will be securely destroyed. Please not that use of the website contact form informs me of your IP address.
HOW IS DATA COLLECTED?
Data is collected in the following ways:
Online contact form via the web host, PHD Interactive T/A WebHealer. The online contact form on this website is received by myself, Sarah Sugarman, only.
By phone. By Text (SMS) or In person.
Online contact form via The Counselling Directory Contact Form.
Online contact form via Psychology Today Contact Form.
By phone. By text. In person.
HOW IS DATA PROCESSED?
Counselling or Psychotherapy Clients: Your data is processed for the purpose of providing the service required. That is, what is absolutely necessary for the completion of duties", This includes
Paper: Internal record keeping of name and contact details, dates attended, fees paid, location attended. It may include reasons for counselling, health data and sensitive data should this be relevant and appropriate. This data is processed and kept in a locked file.
Electronic: Emails and invoices
IS THE DATA EVER SHARED? WHO ELSE HAS ACCESS TO THE DATA?
Counselling and Psychotherapy clients: Privacy and confidentiality in counselling is paramount. I am the only person with access to your data, unless our work is presented in Clincal Supervision. I am required to attend clinical supervision with a more experienced practitioner on a regular basis. Your name and contact data is not shared in supervision. However, it is remotely possible that you could be identifiable. My clinical supervisor is ............
In addition to the above your data will only ever be shared if I am required by UK law to do so. Examples include, your involvement in money laundering, drug trafficking, terrorism, serious harm to another, child protection or a court order.
WHAT DATA IS STORED?
My emails, hand written data of record keeping of name and contact details, dates attended, fees paid, location attended, invoicing data. In addition, reasons for seeking counselling, factual health data, factual life event history and personal circumstances, should tis be relevant and appropriate.
HOW AND WHERE IS IT STORED?
Electronic storage: This is protected using a strong password and security software.
My website has been upgraded to SSL, which allows us to connect with each other via a secure connection.
Paper Storage: This data is kept in a secure, locked file. It includes internal record keeping of name and contact details, dates attended, fees paid, location attended. It may include reasons for counselling, health data, factual personal history data and sensitive data should this be relevant and appropriate.
WHY IS IT STORED?
I keep client data in secure storage because the information is required to provide the services professionally, effectively to comply with HMRC law.
HOW LONG IS IT STORED FOR?
Data is securely disposed of when it is no longer required for the purpose for which it was collected and retained. The law states that data must be current, up to date, relevant and not kept longer than is necessary.
There are different categories of data which are stored, or retained, for different time periods:
a. Client name, date of attendance, location, fee paid, invoices - stored for 7 years for HMRC legal and auditing purposes, paper records and electronic (encrypted).
b. Client and enquiry emails - stored for 36 months - electronic records.
c.Paper records - stored for 36 months - following our last contact.
d. Invoicing data - stored for 7 years for HMRC legal and auditing purposes, electronic records.
How Is DATA DISPOSED OF?
Paper data, is disposed of via shredding.
Electronic data is deleted.
MARKETING AND INFORMED CONSENTS
There are no marketing activities to private individuals.
You have the
Right to erasure (to be forgotten)
The right to ask what is stored and why it is stored
The right to see your data, You as the subject can request to see your data. The request, called a Subject Access Request must be made in writing. Identification evidence will be necessary, there is no charge and I respond within 30 days, in accordance with the law.
Links from this website to other websites: Please be aware that I am not responsible fo the policies, dat protection or security of these linked websites.
This Privacy Notice is a live document, I will review and update if necessary.
I conduct my own Risk Assessment on a regular basis.