My GDPR agreement sets out how any personal data I collect from you, or that you provide to me, will be stored and processed confidentially.
How I gather your personal information
- Information that you provide by emailing me via my website and via various therapy directories and platforms (BACP, UCKP, Counselling Directory, ACTO, EFT International, Welldoing.Org, Private Practice Hub, Harley Therapy Platform, Therapy Market, Therapy Route), or by phone to request further information about my psychotherapy service.
- Email at email@example.com or phone 07985 541 213.
- The pre-therapy questionnaire form.
- Brief session notes.
- Regarding online therapy, I use the platforms VSee, Zoom and ProtonMail. All these platforms are securely encrypted. Vsee and Zoom have the facility to record sessions which I will not use. Chat transcripts and therapeutic email exchanges will be destroyed either after the session or after therapy has finished and which will be agreed by both of us.
Where I store your personal data
- Personal data that I collect from you via any form of contact by email or phone will be kept securely.
- The pre-therapy questionnaire form, your contact details, and brief session notes are stored on a computer and password protected.
- The brief session notes are anonymised, using your initials only and are password protected.
Uses made of the information
- I use your contact details to allow me to provide you with information of the service that you request from me, to allow you to tell me about changes in your availability and to notify you about changes to my availability and any other relevant administrative changes.
- I use the brief session notes to carry out my obligation arising from the agreement entered into between you and me (separate to this policy).
- As part of my commitment to providing a professional service, I attend supervision regularly. This is bound by a confidentiality contract (separate to this policy) and to protect your identity I only use the initial of your first name.
How long I keep your information/notes for
- Text communication is deleted immediately while emails are purged once a month. After therapy has finished, your phone number will be deleted from my smart phone.
- I will retain your pre-therapy questionnaire and brief sessions notes for as long as we are working together. After therapy has finished, I will retain these documents for a further five years in case you decide to return to therapy with me, and which is also a requirement of my indemnity insurance, and then after which the documents will be destroyed.
- You are entitled to view, amend, or delete the personal information that I hold. All requests have a month to be carried out.
In the event of a data breach
- I have a legal obligation to report a data breach to you and the Informations Commissioners Office (ICO) within 72 hours.
Disclosure of your personal information
- In the event of my incapacity or death your personal contact information will be disclosed to my two clinical executors of my Professional Will so that they can notify you. In the event of my death my executors will also destroy all contact information and notes on my computer.
- If I am under a duty to disclose or share your personal data in order to comply with any legal obligation. For example, if I am subpoenaed to court, or as a legal requirement such as safeguarding children or vulnerable adults, terrorism or money laundering.
Changes to the GDPR agreement
Consent to the GDPR agreement
- Your use and undertaking of the services of Sarah Hanison constitutes your approval and acceptance of this agreement, and are consenting to my use, and storage of your personal information, you have disclosed to me, as detailed above. You have the right to withdraw your consent at any time.