Penny Glazebrook Counselling & Psychotherapy
I aim to be fully compliant with current GPDR legislation and to let you know how I use and protect the data you’ve given me. GDPR replaces the previous Data Protection Act. I wish to be transparent with regard to the processes I have in place. Identifiable information, if shared, will only be used in accordance with this privacy statement. I follow the guidance from my governing body UKCP and my insurers Howden.
As a private practitioner, I’m considered the data processor and controller in my practice. As the data controller, I process some of your personal data. During the assessment process information such as next of kin, family members and medication are gathered and held. This is anonymised, coded and securely stored. No one but me can access this information.
Data processing means obtaining, recording or holding information. The definition is very wide, and most of what I do involves a degree of processing. I process the personal data I have collected as controller. I maintain records of personal data and processing activities and hold responsibility should there be a breach.
This is a primary concern and is separate to other terms and conditions. As my client, you can withdraw consent at any time. I hope to offer you choice and control. As a therapist who occasionally uses creative interventions, I want to ensure you know that any drawings or art done in sessions is yours. I will store this material safely and dispose of it in a timely manner. I will never use any of your data/artworks for writing, publishing, research or training purposes.
I have weekly ongoing supervision to support and ensure my practice is safe. When I share client material or images this is always done confidentially, protecting your identity. Nobody but me has access to any of your data. I will keep this process under review and refresh it if anything changes.
I do not keep process notes. When I decide to do so I shred and dispose of this confidential material asap, often after supervision. I keep minimal content notes which I hold for 7 years. After this time frame, they’re disposed of securely. You have the right to see the information I hold about you should you wish to. You have a right to change any information which you consider to be incorrect. You can also ask me to delete all/any of the information that I hold. There are however some details I need to keep due to legal and professional obligations.
I promise to keep all sensitive data safely. All my client notes are handwritten and I keep all sensitive data in a locked filing unit. I dispose of data by shredding. I dispose of emails on a weekly basis. While we work together I will store your name and phone number on my iPhone. I only contact you in response to you or concerning appointments. When we discontinue working I will delete your number. I do not engage with clients through any social media.
In the event of a complaint
Please contact me directly. And if we cannot resolve this you could then seek guidance for GDPR Compliance at https://gdpr.co.uk
In the event of a sudden cessation of practice e.g. through an accident or death, I have appointed a professional executor who will manage things on my behalf. This is arranged for your welfare as my client and every step is taken to ensure GDPR standards are met.