My name is Suzy Carter and I am registered as a data controller with the Information Commissioner’s Office (ICO).
My record keeping is compliant with EU GDPR (General Data Protection Regulation), 2018 and I am committed to ensuring that the records I keep are secure, accurate and appropriate.
In order to provide the most appropriate therapy and to comply with the requirements of my professional registrations with the BACP (British Association for Counselling and Psychotherapy), the AoR (Association of Reflexologists) and my insurers, I need to record and retain your medical history as well as your personal details and contact information.
I will only use this information in relation to my work, with you, as a healthcare practitioner.
Your consent provides the legal basis for me to carry this out. You may revoke your consent at any time and request that your details are erased from my records; however, professional requirements mean that I am still obliged to retain your information for certain periods of time (see below).
It is your choice how much information you share with me and, if you choose not to share certain information, it should not affect your ability to access therapy in general but it may compromise my ability to work with you, due to the requirements of my professional registrations and insurance.
I make brief handwritten notes of our meetings, which are anonymised for counselling clients, in order to keep track of our work together and to satisfy professional registration and insurance requirements. I store these notes safely and securely in a locked metal filing cabinet. Personal details are stored separately for counselling clients. I will ensure that the information I record is accurate and up-to-date but it is your responsibility to inform me of any change to this information.
I do not share notes or personal details with anyone else or organisation or store notes electronically but they can be supplied on paper or in a standard electronic format, if requested and if it is appropriate. If I need to refer you to another professional, I will seek your permission before sharing any of your details.
If you contact me via my mobile phone, your telephone number will be stored in a coded contact list on my work-only mobile, which is passcode protected.
I use WhatsApp for messaging and remote working, because it uses end-to-end encryption. I also use Zoom for remote working and am reassured by the recent improvements in their privacy settings. I do not use Zoom's facility to record the content of meetings.
It is your responsibility to ensure that any locations, devices or platforms that you use in your work with me offer you the level of confidentiality and security that you need.
I will hold your information for at least seven years, which is a requirement of my insurance company. The law regarding children’s records state that records are to be kept until the child is 25 years old or, if 17 years old at the start of therapy, until they are 26 years old. Records will be safely destroyed once the appropriate time has elapsed. It is your right to request that your information is destroyed at any time but I may not be able to comply, due to these professional constraints.
Our work will be confidential, unless I observe or you tell me something that I am legally obliged to report for reasons of public interest - for example, information about crimes such as acts of terrorism, money laundering or drug dealing; or a public health issue, such as if I or another client were to contract Covid-19. In this case, I might have to share your name and contact details with the appropriate authorities or, in the former, hand over my notes if I am ordered by a court to do so. If possible, I would discuss the situation with you first.
I do use some social media platforms, for example a Facebook business page and Instagram but would never download information about you via these platforms, for any purpose.
Should a data breach occur, it is my responsibility to inform you and the ICO within 72 hours.
Should anything happen to me, I have a formal arrangement with an experienced colleague, who will contact you and take responsibility for my records, in accordance with this notice.
GDPR gives you certain rights in relation to the recording and storage of your personal information. Full details of these may be found here