Privacy Policy: annacolquhoun.co.uk

Details about my private practice are hosted on the Wix.com platform. Wix.com provides an online platform that allows me to explain services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall. 

​

Therapy Client Data GDPR

 

Therapy client data GDPR: for new and current therapy clients (updated 2.2.23).

​

Therapy client data GDPR: As from 25th May 2018, under the General Data Protection Regulations (GDPR) I (Anna Colquhoun, Therapeutic Counsellor) am required by law to inform you (as my current therapy client, or potential therapy client) about how I process and keep safe the data I hold that pertains to you. 

​

I am also required to gain your explicit consent to my holding and processing your data in certain ways (which are detailed below). 

​

As an Integrative Counsellor and Psychotherapist, I take confidentiality and privacy seriously and am bound by a code of ethics.

​

If you are my current therapy client, or are about to become my therapy client, I will send you this information so you can decide whether to read and sign to indicate your consent. You may print a paper copy or copy and paste digitally.

If you do not wish to give your consent, you always have the option to discuss this with me, and it may be possible to create a bespoke agreement between us.

​

You have the right to withdraw your consent at any time. We would need to discuss what this might mean in practice, with the primary aim being to keep you safe. However, there may be certain situations that require certain information to be retained, and I may need to seek legal advice in this case.

​

If you agree to give your consent for me to hold and process your data as stated, you would sign, date and return this information to me by email to me at annacolquhoun@therapysecure.com

​

What therapy client data GDPR is held about you?

​

I keep certain data so that I can work safely and professionally with you, in line with the guidelines of professional organisations that I belong to, including BACP and BPsS.

​

The therapy client data GDPR I hold may include:

1.       Your name and address

2.       Your phone number and email address

3.       An emergency contact’s name, email address and phone number

4.       Your GP name and contact details

5.       Relevant medical information

6.       Session notes

7.       Payment information

8.       My emails to you, and yours to me

9.       Invoices

 

You have the right to know what therapy client data GDPR I hold, why I hold it, and for how long I hold it.

You also have the right to view it, and to ask for changes to be made. When sensitive data is to be destroyed, it is shredded.

​

If I discover there has been a data breach of your personal information that could put you at risk, I will undertake to tell you as soon as possible.

​

How, why, and for how long is your data held?

​

To try and make things as clear as I can, I’ve divided this into ten sections. You’ll need to consider each section individually, and if you consent then sign and date where indicated at the bottom of the page.

​

1. Your name and address

How I keep this data

I keep your name and address in electronic form in Hushmail. These are kept separate from your session notes.

Why I keep this data

This is required by my professional liability insurer and by my professional organisations (BACP and BPsS).

How long I keep this data

My professional liability insurer advises that I keep this data for seven years. After that time it is destroyed.

 

Who sees the data

Myself. My clinical supervisor will see your initials and first name only.

 

2. Your phone number and email address

How I keep this data

I keep your phone number in my mobile phone under an identifying code, not your name. My phone is locked with a passcode when I am not using it. Your email address is held in my EMail account, which uses two factor identification security.

Neither my computer nor my phone are shared with anyone else, unless it is required by a technician for maintenance.

I also keep your phone number and email address in Hushmail. These are kept separate from your session notes.

Why I keep this data

This is needed in case I have to contact you (for example for rescheduling sessions or sending an invoice).

A named colleague / counsellor will access this data so that you could be contacted in case I became suddenly incapacitated through a health crisis or other emergency.

How long I keep this data

I will remove this data when we have finished our work, unless you tell me that you would like me to retain it in case we work together again in the future.

Who sees the data?

Myself and in the event of my death or serious illness, a colleague / counsellor.

​

3. Emergency contact’s name and phone number

How I keep this data

I keep this data in electronic form in Hushmail along with your name and contact details.

Why I keep this data

It is unlikely that I would ever use this information, but I hold it in case I become concerned for your welfare and I cannot get hold of you. You and I may agree together on some other reason that I might contact this person, based on your best welfare.

How long I keep this data

When we finish working together, I will delete this data, unless you and I decide to make other arrangements.

Who sees the data

Only myself.

​

4. Your GP name and contact details

How I keep this data

I keep this data in electronic form in Hushmail along with your name and contact details.

Why I keep this data

You and I may agree together on some reason that I might contact your GP, based on your best welfare, for example discussing diagnosis, treatment plan or safety procedures.

How long I keep this data

When we finish working together, I will delete this data.

Who sees the data?

Only myself.

​

5. Relevant medical information

How I keep this data

I keep this data in electronic form in Hushmail along with your name and contact details.

Why I keep this data

It may be relevant to share certain medical information when:

(a) Your mental health history, diagnoses etc may inform my treatment plan to make it more appropriate for you or in case of referral to someone who can better support you

(b) There is any risk that health conditions such as seizures, diabetes, etc may impact a session

(c) Your medications may affect our work

(d) You have any allergies that I should be aware of in order to keep you safe

How long I keep this data

When we finish working together, I will delete this data.

Who sees the data?

Only myself.

​

6. Session notes

Notes may include dates and times of attendance, and brief notes on important themes from the session. I do not keep detailed session notes. I keep a ‘clear desk’ policy, which means that session notes and other information are not left unattended.

How I keep this data

I keep brief session notes that are password protected in electronic form. Your name or other identifying details are not kept with your session notes; only a code is used.

Why I keep this data

Brief notes may remind me of important points I want to be sure to remember to discuss in our next session, and/or in supervision.

How long I keep this data

After the work has been discussed in supervision, I may destroy any notes (or parts of notes) that my supervisor and I do not consider necessary to keep for longer.

My current policy is to destroy session records three years after our work finishes. If you would like me to retain them for a longer period, please discuss this with me.

Who sees the data?

Only myself.

​

7. Payment information

How I keep this data

I make a note of payments you have made, on a password-protected financial spreadsheet for my business. I also keep invoices and record payments, but under a code rather than your name.

Why I keep this data

As a small business owner, I am required by law to retain certain financial information, primarily for tax purposes.

How long I keep this data

I keep financial information for 7 years as advised by HMRC.

Who sees the data?

Payment by bank transfer will be processed by my bank, but your account name will not be visible on my bank statements.

Banking transactions may be viewed by employees of the bank, my accountant, my financial advisor, and tax officers (HMRC).

When payment is made via BACS, your account name or reference (or the name of the person who is paying) may show up on my online or paper bank statements. You have the right to discuss alternative payment options with me.

 

8. Your emails and texts

How I keep this data

I may delete emails after I have noted the contents (for example, emails around scheduling). Any emails that I consider it necessary to keep are retained in my email account. Please only email me about scheduling due to email confidentiality and privacy issues.

If you would like to communicate via text, only text regarding payment or rescheduling appointments.

I do not use applications such as FaceTime, WhatsApp and Messenger with clients.

Why I keep this data

I may keep emails if I consider it clinically necessary.

How long I keep this data

I will delete emails when our work ends.

Who sees the data?

Only myself.

 

9. Invoices

How I keep this data

I create invoices on my laptop, and then export as pdf. Invoices are kept as password protected documents on my computer and are sent via Hushmail.

Why I keep this data

I use the invoice to create the next one (in the case of ongoing work) so that I can revise and update it with new information.

How long I keep this data

I keep the invoice for a short time whilst I monitor payments (usually this is one month). Once payment has been made, and any further invoice has been created, I delete the invoice and keep receipt.

Who sees the data

Only myself.

 

Please sign and date below if you consent to the therapy client data GDPR points above. A digital signature (or simply your printed name) is acceptable.

 

Website visitors

When an individual visits www.annacolquhoun.co.uk, I use Google analytics who are considered a third party service, to collect information about what visitors do when they click on my website, e.g. which page they visit the most. Google analytics only collect non-identifiable data which means I or they cannot identify who is visiting. I will always be transparent when it comes to collecting personal data and will be clear about how that data is processed on my website. Google analytics privacy notice can be found here: https://policies.google.com/privacy/update?hl=en

 

Wix

Wix is a third-party service that hosts www.annacolquhoun.co.uk. Wix also uses anonymised data to collect visitor information such as how long an individual remains on a page of a website. Wix privacy notice can be found here for further information: https://www.wix.com/about/privacy

​

Please sign and date below if you consent to the therapy client data GDPR points above. A digital signature (or simply your printed name) is acceptable.

 

If you have any other questions regarding how your therapy client data GDPR is processed and handled, please do not hesitate to discuss with me.

​

This document regarding therapy client data GDPR is subject to regular review and will be updated as I see fit.

Anna Campbell-Colquhoun, Therapeutic Counsellor.

​

Information on this website is meant for informational purposes only and is not a substitute for medical or psychological evaluation or treatment. If you are concerned about your mental or physical health, please see a medical doctor or mental health professional to address your concerns. If you are experiencing suicidal thoughts or impulses, please dial 999 to seek emergency treatment immediately. Anna Colquhoun does not provide emergency mental health treatment.