Privacy Policy

Your privacy is very important to me, and you can be confident that your personal data will be kept safe and secure and will only be used for the purpose it was given to me.

I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. As a registered member of BACP (British Association of Counselling and Psychotherapy) I work in accordance with their Ethical Framework which places professional responsibility on the therapist to handle client data confidentially, safely, and ethically.

This privacy policy tells you what I will do with your personal data from initial point of contact through to after your therapy has ended, including:

• Why I can process your personal data and what purpose I am processing it for

• Whether you have to provide it to me

• How long I store it for

• Whether there are other recipients of your personal data

• Your data protection rights.

I am happy to chat through any questions you might have about my data protection policy, and you can contact me via cathy@yourhealingspace.co.uk.

‘Data controller’ is the term used to describe the person/ organisation that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is me, Cathy Cavender. I am registered with the Information Commissioner’s Office.

My postal address is: 3 Ffordd Idwal, Prestatyn, LL19 7PH.
My phone number is: 07999 442224.
My email address is: cathy@yourhealingspace.co.uk

• If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal data.

• If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract.

• The GDPR also makes sure that I look after any sensitive personal data, that you may disclose to me, appropriately. This type of data is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is that it is for provision of health treatment (in this case counselling) and necessary for a contract with a health professional (in this case, a contract between me and you)

• Initial contact

When you contact me with an enquiry about my counselling services, I will collect data to help me satisfy your enquiry. This will include your full name, telephone number and email address. If you decide not to proceed, I will ensure all your personal data is deleted within one month. If you would like me to delete this data sooner, just let me know.

At the start of counselling, I will collect personal data to facilitate my professional and ethical provision of service to you. This will include your full name, telephone number, address, email address, date of birth, GP details and a contact number for someone who knows you.

Rest assured that everything you discuss with me in counselling sessions is confidential. That confidentiality will only be broken in exceptional circumstances, for example:

• where I am concerned that there is a serious risk of harm to yourself or others

• where I reasonably believe that a child or vulnerable person is at risk

• where I feel there is a risk of a serious criminal offense being committed

• where I am compelled to do so by statute

• where my notes were requested via a court order

I will always try to speak to you about breaking of confidentiality first unless there are safeguarding or legal issues that prevent this.

You may request that I share data or consent to me sharing your data and in these cases I would ask for written authorisation. This may be the case if I make a referral, for which the data would normally include personal details and sensitive data from session notes. In all cases I will share the minimum amount of data to achieve the purpose.

I will keep notes of each session to help the counselling services run smoothly, ethically, and professionally. Paper-based personal details and session notes will be kept securely in a locked cupboard and will not be shared with any third party. Session notes will be anonymised using a coding system and a split storage system where personally identifiable records are kept separately from session notes.

For security reasons I do not retain text messages for more than one month. If there is relevant data contained in a text message this will be added to your session notes and stored in a locked cupboard.

Likewise, any email correspondence will be deleted after one month if it is not important. If necessary, I will keep a paper-based printed copy of email content with your session files in a locked cupboard.

Where payment is received by BACs your personal and financial data may appear on my bank statements and as such in my accounting records.

Once counselling has ended your records will be kept for up to 7 years from the end of our contact with each other and will then be securely destroyed.

If you want me to erase your personal data sooner than this, please let me know. I can erase your personal data so long as it does not include data that I am obliged to keep for professional, administrative, legal or security purposes

I sometimes share personal data, such as your full name and telephone number, with third parties, for example, where I have a contract for services with a professional supervisor or for use of a therapy room that requires booking in at a reception.

In such cases I have carefully selected which partners I contract with, to ensure that they do not use your personal data in any way other than the task for which they have been contracted.

I try to be as open as I can be in terms of giving people access to their personal data. You have a right to ask me to delete your personal data, to limit how I use your personal data, or to stop processing your personal data. You also have a right to ask for a copy of any data that I hold about you and to object to the use of your personal data in some circumstances. You can read more about your rights at ico.org.uk/your-data-matters.

If I do hold data about you I will:

• give you a description of it and where it came from

• tell you why I am holding it, tell you how long I will store your data and how I made this decision

• tell you who it could be disclosed to

• let you have a copy of the data in an intelligible form

You can also ask me at any time to correct any mistakes there may be in the personal data I hold about you. To make a request for any personal data I may hold about you, please put the request in writing addressing it to cathy@yourhealingspace.co.uk.

If you have any complaint about how I handle your personal data, please do not hesitate to get in touch with me by writing or emailing to the contact details given above. I would welcome any suggestions for improving my data protection procedures.

If you wish to make a formal complaint about the way I have processed your personal data you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more data go to ico.org.uk/make-a-complaint

I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept securely. I store all paperwork in a locked cupboard, and I do not store personal data or client notes on a laptop or in an online cloud.

Any emails or text messages will be deleted within one month of receipt. My laptop and mobile phone are password protected.

If you opt to allow your session notes to be part of a research study that I am conducting, then I will record research relevant extended session notes on a password protected laptop. These notes will be anonymised using a coding system. Any resulting presentation of the research, for instance in a published article, will include anonymised data.

My website address is: www.yourhealingspace.co.uk.

When someone visits my website, I use a third-party service, Google Analytics to collect standard internet log data and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This data is only processed in a way that does not identify anyone. I do not make, and do not allow Google Analytics to make, any attempt to find out the identities of those visiting my website. You can read Google Analytics privacy notice here https://policies.google.com/privacy

I use WordPress and Bricks as the content management systems for my website. No user-specific data is collected by me or any third party. If you fill in the contact form on my website, that data will be temporarily stored on the web host before being sent to me via email.

There are embedded links to other websites on my website and these take you to visit other separate websites.