John Wheeler Clinical Supervisor, Psychotherapist and Counsellor Practising As, Surrey Counselling
1. How I use your personal data
1.1 I am committed to protecting your personal data. Your personal data falls into two categories;
(a) non-sensitive personal data (e.g. Name; Address) and,
(b) sensitive personal data (e.g. race, ethnicity, political and / or religious beliefs, trade union membership, genetics, biometric details (where used for ID purposes), health, sex life or sexual orientation.
1.2 I will use your non-sensitive personal data to (i) register you as a new client, (ii) manage payment, (iii) collect and recover monies owed to me (iv) to manage my relationship with you.
1.4 My legal grounds for processing your data in relation to items 1.2 and 1.3 above are for performance of a contract with you.
2. Disclosure of your personal data
2.1 My professional body requires that I participate in monthly Consultative Supervision and I may need to share your personal data with my Consultative Supervisor.
2.2 My Consultative Supervisor is bound by the same professional standards surrounding confidentiality and will respect the security of your personal data and treat it in accordance with the law. My Consultative Supervisor is only allowed to process your personal data on my instructions.
2.3 Subject to Sections 2.1 and 2.2 I will work within the boundary of confidentiality toward you. In the event of potential harm to you or others arising from the material you share with me there may be a need for me to break confidentiality though every effort will be made to discuss this with you beforehand.
2.4 In instances where I am concerned for your safety (as in 2.3 above) I may need to contact the Medical Practitioner(s) who provide(s) health services to you. If I do so you will be advised that this has taken place.
2.5 In the event of any issue arising where there is a legal duty to divulge information I reserve the right to do so without prior notification.
3. Data security
Protecting your data is important to me and I have put in place security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. I also limit access to your personal data to other third parties who have a professional need to know such data (e.g. my Consultative Supervisor. See 2.1 and 2.2 above).
I have also put in place procedures to deal with any suspected personal data breaches and will notify you and any applicable regulator (e.g. the Information Commissioner’s Office) of a breach where I am legally required to do so.
In certain circumstances you can ask me to delete your data. See Section 5 “Your Rights” below.
I may anonymise your personal data (so that you can no longer be identified from such data) for research or statistical purposes in which case I may use this information indefinitely without further notice to you.
4. Data retention
I will only keep your personal data for as long as is necessary to fulfil the purposes for which I collected it. I may retain your data to satisfy legal, accounting or reporting requirements [for example, for my tax returns, I need to keep certain information about you for 6 years after you cease to be a client]. You have the right to ask me to delete the personal data I hold about you in certain circumstances. See Section 5 below.
5. Your Rights
You can exercise certain rights in relation to your personal data that I process. These are set out in more detail at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
In relation to a Subject Access Request, you may request that I inform you of the data I hold about you and how I process it. I will not charge a fee for responding to this request unless your request is clearly unfounded, repetitive or excessive in which case I may charge a reasonable fee or decline to respond.
I will, within most cases, reply within one month of the date of the request unless your request is complex, or you have made a large number of requests in which case I will notify you of any delay and will in any event reply within 3 months.
If you wish to make a Subject Access Request, please send the request to:
6. Keeping your data up to date
I have a duty to keep your personal data up to date and accurate so from time to time I will contact you to ask you to confirm that your personal data is still accurate and up to date. If there are any changes to your personal data (such as a change of address) please let me know as soon as possible by emailing the address set out in section 5 above.
I am committed to protecting your personal data but if for some reason you are not happy with any aspect of how I collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). I would be grateful if you could contact me first if you do have a complaint so that I can try to resolve it for you.
I may change this Privacy Notice from time to time and shall notify you of any changes.