Privacy Notice

Your privacy is very important to me and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me. I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. 

This privacy notice tells you what I will do with your personal information from initial point of contact through to after your therapy has ended, including: 

• Why I am able to process your information and what purpose I am processing it for 

• Whether you have to provide it to me 

• How long I store it for 

• Whether there are other recipients of your personal information 

• Whether I intend to transfer it to another country, 

• Your data protection rights.

• Whether I do automated decision-making or profiling

‘Data controller’ is the term used to describe the person/ organisation that collects and stores and has responsibility for people’s personal data. In this instance, I, Paul Gibbs am the data controller and I am responsible for the handling/processing of all data related to my business.  I am registered with the Information Commissioner’s Office C1660256. My postal address is: 2B Mather Avenue Prestwich M25 0LA My phone number is: 07404951667. My email address is: paul@paulgibbscounselling.co.ukPlease feel free to contact me with any questions you may have.     

My lawful basis for holding and using your personal information. 

The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. I have detailed these below: 

If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract. 

In the case of emergencies, I may also use vital interest as my lawful basis for processing your personal data.

If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information. 

The GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is that it is for provision of health treatment (in this case counselling) and necessary for a contract with a health professional (in this case, a contract between me and you).

How I use your information

Initial contact

When you contact me with an enquiry about my counselling services, I will collect information to help me process your enquiry. This will include your name and also contact details such as an email address or phone number. Alternatively, your GP, other health professional or an organisation such as  your employer may send me your details when making a referral or a relative or trusted individual may give me your details when making an enquiry on your behalf. If you decide not to proceed, I will ensure all your personal data is deleted within one month. If you would like me to delete this information sooner, just let me know by email.

While you are accessing counselling. 

Your email address or phone number may be used to provide you with written confirmation of your appointment times if you have given consent for this. Your email address and telephone number will only be used to contact you regarding appointment times unless we have agreed that I will also email you some resources relevant to your therapy. I will ask you to complete a personal details form which contains your name, address, date of birth, age, contact information, GP details, details of an emergency contact and details of any therapy/medication/or court proceedings. This document is then allocated a reference code which is kept securely in a locked filing cabinet that can only be accessed by me. I will keep written notes of each session, and I may also conduct assessments with you to assess your mental health and review the progress you are making. Any notes I make are anonymised and do not contain your name, but only the reference code. Notes and assessment information are kept separately from names/personal information. Any information held digitally is stored securely on a password protected device to which only I have access and all documents are password protected. All paperwork is stored in a lockable cabinet that is only accessible to me, or in the event of my death or incapacitation, my therapeutic executor.

For security reasons I do not retain text messages for more than one month. If there is relevant information contained in a text message, this will be converted to a pdf, and this will be saved on a password protected device to which only I have access.  Likewise, any email correspondence will be deleted after one month, if it is not important. If necessary, I will convert this to a pdf and this will be saved on a password protected device to which only I have access. 

After counselling has ended. 

Once counselling has ended your records will be kept for 7 years from the end of our contact with each other and are then securely destroyed. 

Confidentiality and when data may be shared

Rest assured that everything you discuss with me is confidential. That confidentiality will only be broken if:

  • Harm to self or others

If I or my supervisor believe you are in danger of harming yourself or others I may share information with your GP, the police or social care. If these circumstances arise, normally, I would discuss this with you wherever possible before contacting your GP.

  • For legal and ethical reasons:

I am required by law to share information with the authorities (which may include police, social care, National Crime Agency, HMRC ) if I believe you are going to or have committed a serious crime including terrorist activity, money laundering, drug trafficking or when I am instructed to by a court of law. 

I am ethically bound to share information with the authorities (which may include the police, social care and the safeguarding departments of the local council) in the case of the disclosure of any safeguarding issues regarding children or vulnerable adults.

  • Supervision:

I may discuss elements of our work with my clinical supervisor to ensure my practice is safe ethical and effective. Whilst supervision is a confidential process, I would not share client names or personal data in supervision.  

  • Death/Incapacitation

In the event of my death or incapacitation, secure access to client contact details would be transferred to a therapeutic executor to enable them to contact you and offer support. The therapeutic executor would also be responsible for securely destroying any client information and session notes. 

  • Emergencies

I would normally seek client consent before sharing information, but if there was a serious risk to your life, I may share some information with emergency medical services without consent.

In case of emergency, I may also contact your emergency contact. I will always try to speak to you about this first, but if you have previously consented to this, I may contact your emergency contact if you are incapacitated. 

Your Rights

You have the following rights in accordance with data protection legislation:

  • The right to be informed about the collection and the use of your personal data, via this privacy notice.
  • the right to access and receive a copy of your personal data and supplementary information
  • the right to have inaccurate personal data rectified, or completed if it is incomplete
  • the right to have personal data erased (to be forgotten) in certain circumstances
  • the right to restrict processing in certain circumstances
  • the right to data portability, which allows individuals to obtain and reuse their personal data for their own purposes, across different services
  • the right to object to processing of your data in certain circumstances.
  • rights in relation to automated decision making and profiling
  • the right to withdraw consent at any time, where consent is the legal basis for processing 
  • the right to complain to the Information Commissioner

You can read more about your rights at ico.org.uk/your-data-matters

To make a request for any personal information I may hold about you, or to exercise any of your rights above, please put the request in writing and email to paul@paulgibbscounselling.co.uk.

If you have any complaint about how I handle your personal data please do not hesitate to get in touch with me by writing or emailing to the contact details given above. I would welcome any suggestions for improving my data protection procedures. 

If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint. 

I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept secure. I store electronic data securely on a device which is only used by me and is password protected. Any paper documents are stored in a locked filing cabinet to which only I have access. The only exception to this would be in the event of my death or incapacitation, access would be passed to my therapeutic executor.     

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.