Privacy Policy for General Data Protection Regulation


In accordance with the new EU GDPR, all businesses, including counselling practices, need to make sure they are abiding by new regulations. This privacy policy refers to all counselling services offered both online, over telephone and in person by Chaldon Counselling. Below the privacy policy is outlined; should it raise any concern, please feel free to ask questions. 
When a client starts therapy (client referring to someone who decides to take up counselling services) they will be provided with a written privacy statement showing how information is collected, held and stored by Richard Marsh (the Data Controller of Chaldon Counselling). This privacy policy statement describes how all data is stored and protected (paper and electronic), other ways in which the client's privacy is protected and how a reference number system is also used to ensure further privacy.  Data is never passed on or sold to third parties. The privacy policy document also shows how long a client's data is to be held and for what reason. It explains that clients have the right to request a copy of their data. The client also has the right to ask for personal data to be erased, unless there is a legal obligation for the information to be retained the Data Controller. This statement needs to be signed to show they have read and understood the information in order for counselling to commence.
In addition, the client will receive a contract to sign, which discusses confidentiality regarding the counsellor's need for supervision and how client anonymity is protected as well as the limits of confidentiality should a serious risk of harm arise to either the client or another human being during therapy. Finally, it includes information regarding the therapeutic will, which shows how client privacy is protected in the event of illness or untimely death of the therapist.
Emails sent through Chaldon Counselling website will be deleted once they have been responded to the website administrator. Notifications only for new messages are stored on the website for three months. Contact details for clients are then transferred to a password protected phone accessible only by the Data Controller to further ensure client privacy.