The type of personal information we collect
We currently collect and process the following information:
Personal identifiers, contacts and characteristics (for example, full names, residential and business addresses, date of birth, gender, telephone numbers, email addresses, insurance company or bank account details, details of key contact such as general practitioners, schools, or employers, among other information).
Special category or sensitive data (for example, race, ethnic origin, religion, sexual orientation, physical and mental health information, medical history, criminal convictions or offences, among other information).
Other kinds of data (for example, neuropsychological test data, measure or questionnaire data, among other information).
How we get the personal information and why we have it
Personal and sensitive information is collected from or first point of contact (referral letters, telephone calls, e-mails, etc.) and during our first and subsequent contacts (consent and information sharing forms, risk assessment forms, questionnaires, emails, and conversations in person or on the telephone). Relevant information from other agencies that are working with you may also be kept.
Most of the personal information we process is provided to us directly by you for one of the following reasons:
To facilitate contact with you.
To keep case notes on assessment and process paperwork.
We may also receive personal information indirectly, from the following sources in the following scenarios:
Information provided by your healthcare providers (e.g. General Practitioner, health professional, insurance company) with your prior knowledge or at your request.
We use the information that you have given us in order to provide you with therapeutic support.
We may share this information with other organisations (such as your General Practitioner) with your prior knowledge, at your request, or if any of the exceptions to confidentiality above are met. We may also share this information with agencies or organisations as required to recoup financial loss (for example, where sessions are unpaid). Your details may also be shared with a trusted person in case of illness or emergency where I am unable to contact you myself.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
We have a contractual obligation to provide you with a service (for example, storing personal information to contact you, sharing your initials during case discussion in supervision).
We have a legal obligation (for example, passing your information to a third party for accounting within the UK).
We have a legitimate interest (for example, we must run our practice and protect our interests).
How we store your personal information
Your information is securely stored in one of two ways. Unless otherwise in use or in transit, any written notes and information are kept in locked storage guarded against fire, flood, and theft at the address given above. Any digital notes and information (including backups) are stored on a secure data storage cloud behind two factor authentication.
We keep your information for eight years. We will then dispose of your information by destroying written notes through shredding and deleting all copies (and backups) of digital data containing your personal information.
Your data protection rights
Under data protection law, you have rights including:
Your right to be informed – You have the right to understand how your data is collected and why (which is detailed within this document).
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to have inaccurate personal data rectified.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Any data you request will first be reviewed together in session before a copy is made available to you. Please contact us at At One Counselling and Hypnotherapy, 39 High Street, Bristol, BS16 5HD if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at At One Counselling and Hypnotherapy, 39 High Street, Bristol, BS16 5HD.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address: Helpline number: 0303 123 1113
Information Commissioner’s Office ICO website: https://www.ico.org.uk