GPDR | marisabordonscouns

GENERAL DATA PROTECTION (GDPR)

I am committed to providing the best service possible to all my clients. This includes adhering to the legal requirements in relation to confidentiality and data protection.

I am a member of the BACP so I am bound to their clear and specific codes of conduct. Clients can therefore be assured that their issues and concerns will be explored in the strictest confidence.

I am a Reach associate and I am also committed to the Reach privacy policy.

In compliancy with the new General Data Protection Regulation (GPDR), which came into effect in May 2018, I will collect, store, use and retain your personal data appropriately.

This means that I will only collect data that helps me offer you the best service possible - I will therefore not collect or retain excessive amounts of data. And I will take appropriate steps to protect your personal data once it's collected. Therefore I will store your data securely, in locked rooms, and on password protected computers, taking all reasonable measures to protect it from loss, misuse and unauthorised access.

I will use personal data for the following purposes: to delivering the services requested by you and agreed by me, to make contact with clients as necessary and to maintain my records, Client data will never be passed to a third party without express consent of the client.

In accordance with the requirements of the BACP (my governing body) I will retain client data for a minimum of 7 years or until the 25th birthday for clients under 18. I am also required by the BACP to undertake regular supervision in order to ensure the highest standards of service, all personal data is fully anonymised such that a client can not be identified.

I am required to relate my data collection and processing activity to a 'lawful basis' in order to comply with GDPR guidelines:

The Lawful basis for collecting and processing your data is that we have a contract. From the outset you have sought my services and I have agreed to provide them and this constitutes a verbal contract. Therefore having agreed that I will offer, when and how regularly we will meet and what the fee is for this service, this contract is the lawful basis on which I can store and process your personal data.

The second legal basis for collecting and processing your personal data is that having this information is necessary for me to be able to deliver the therapy I have agreed to offer you, and you would be unable to receive my services without giving me this information - so therefore it is in both the client's and my 'legitimate interests''.

So, please rest assured your data is in safe hands and will always be managed with the utmost sensitivity and care.