Privacy Statement-General Data Protection Regulation
Your privacy is very important to me, and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me. I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and
Electronic Communications (EC Directive) Regulations 2003.
This privacy notice tells you what I will do with your personal information from initial point of contact through to after your therapy has ended. This document details my GDPR policy. I am happy to chat through any questions you might have about my data protection policy, and you can contact me via email or phone.
Personal Information I will Collect
When you contact me with an enquiry about my counselling services, I will collect information to help me satisfy your enquiry.
Psychological therapy requires the collection of both personal and sensitive data. The reason I collect your personal information is to enable me to deliver psychological therapy.
I collect information at the point of initial contact (which might be via email, website contact page or phone call) as well as during the initial assessment session and any subsequent therapy sessions. Alternatively, other health professionals/outside agencies may send me
your details when making a referral.
If you decide not to proceed, I will ensure all your personal data is deleted within 48hrs. If you would like me to delete this information sooner, just let me know.
The information we collect may include the following.
Date of birth
Gender (or preferred identity)
Telephone/SMS number/Whats App contact details (plus permission to send SMS
and WhatsApp message and leave voice messages)
GP name and practice address
Relationships including name and age of dependents
Psychological therapy history including any current or historical psychiatric diagnoses
Medical conditions relevant to psychological therapy
Current psychological difficulties
Historical psychological difficulties
Lifestyle and social circumstances
Risk information such as suicidal and self-harming history and alcohol and drug use
I have implemented measures to ensure your personal and sensitive data remains secure.
Your information may be stored in the following ways.
Basic information including your name and contact details including postal address will be stored on my personal laptop, password protected, and an encrypted USB drive. Both will be accessible only to Sharon Nolan.
Paper: This may include brief session notes if I keep paper files. It may include written correspondence between yourself and Sharon Nolan Therapies. It may include correspondence with permitted parties such as your GP, or referrer. Paper records will be stored in a locked box or filing cabinet. This information will be accessible only to Sharon Nolan.
Encrypted storage device: clinical records such as session notes or correspondence may be stored on an encrypted USB drive. This information will be accessible only to Sharon Nolan. In some cases, with patient consent, audio or video materials of therapy sessions may be stored on an encrypted USB drive. The uses and regulations for making, storing, transporting, and deleting live material will be clearly outlined on the Video and Audio Patient Consent Form
Business Smartphone; I may store your telephone and email contact information in my contacts on a password-protected phone.
Email/SMS/WhatsApp; your email address will be stored in an email account (currently G–Mail) should you wish to communicate via email. Your telephone number may be stored in SMS or WhatsApp should you exchange messages this way with me. Electronic correspondence will also be held by the corresponding app (Gmail, Phone’s SMS, WhatsApp) all of which are GDPR compliant.
Electronic devices; All electronic devices (including computers, laptops and mobile phone) used to access stored information will themselves be password protected. All drives storing sensitive personal information are encrypted.
How I May Process and Share Your Personal Information
Supervision: All psychological therapists are required to have regular supervision with another qualified professional with competence in the same field of work. Supervision is for my practice to ensure I am adhering to professional standards and evidence-based ways of working. My supervisors are GDPR compliant and thus we are
considered joint data controllers.
Sharing Information with your GP/Other Health Professionals: Some clients like their GP (or other professionals involved in their mental health care such as a Psychiatrist, mental health care team, or outside agencies ) to be kept informed of the work they are doing in psychological therapy. This might include sending assessment /progress/discharge reports or having telephone conversations disclosing personal and sensitive information pertaining to you. We can discuss what and how much information is disclosed, and you will be given an opportunity to make amendments before any letter/report is sent. I will only send reports or have telephone discussions of this kind if I have your permission to do so and you can withdraw consent for correspondence at any point during therapy (assuming there is no duty of care to disclose information-please see the point below). Your GP and
other health professionals should be GDPR compliant (I would check to ensure this before sending any confidential information) and thus would be considered joint data controllers.
Duty of Care and Confidentiality; Rest assured that everything you discuss with me is confidential unless you request I share it, for example with your GP.
The only exclusion to confidentiality is if we suspect there is a risk of harm, either to you or someone else. If I thought there was such a risk, we would discuss it with you, if possible so I can consider how I can best manage the risk, which may include involving your GP or other care agencies. Only information relevant to managing the risk would be shared. If I don’t have your permission to share information and I deem there to be serious and imminent risk to yourself or someone else, then our professional codes of conduct and the law may require that I inform an authority and share your personal information without your knowledge and permission (known as whistleblowing for example in cases of suspected terrorism).
E-Mail Exchange; Although G-Mail is GDPR compliant, any confidential (e.g. personal and sensitive) information that I need to send to you will be typed into a password-protected document and then attached to the email. I will inform you of the password in a separate communication. I recommend that you share confidential information with me in the same way.
For security reasons I do not retain text messages for more than 48 hrs. If there is relevant information contained in a text message, I will store this in a file on my personal laptop with password protection, and on an encrypted USB Drive. Likewise, any email correspondence will be deleted after 48 hours, if it is not important. If necessary, I will be stored on my personal laptop, with password protection.
Skype Appointments; All Skype-to-Skype voice, video, file transfers and instant messages are encrypted. For more information about Skype’s encryption, please see this link:
Zoom Appointments; All Zoom meeting content is encrypted. For more information please see:
Microsoft Teams Appointments: All Teams meeting content is encrypted. For more information please see:
Postal Mail; Should I send any confidential mail in the post (e.g. to you or your GP ) this will be clearly marked confidential.
After counselling has ended.
Erasing Your Information; When you have finished psychological therapy, I will hold onto your information for seven years. This is in line with our professional code of practice and is for example, so that we have a reference of our work in situations such as you returning to
psychological therapy in the future. After this time has passed, I will shred any written information via a confidential waste service and securely delete any electronically held information. If you want me to delete your information sooner than this, please tell me.
I try to be as open as I can be in terms of giving people access to their personal information.
You have the following rights…
To see the demographic information your therapist has about you (free of charge for the initial request)
To make a ‘subject access request’ (SAR) to your therapist for copies of your records. There may be an administrative charge for this and these will be provided within one calendar month of the request being made.
To rectify any inaccurate or incomplete personal information.
To withdraw consent to your therapist using your personal information e.g. to withdraw consent for them to telephone you and request they contact you via email only.
To request your personal information to be erased (though your psychologist can decline whilst the information is needed for them to practice within their own professional code of ethics and conduct).
If you have any complaint about how I handle your personal data please do not hesitate to get in touch with me by writing or emailing to the contact details given above. I would welcome any suggestions for improving my data protection procedures.
You can read more about your rights at ico.org.uk/your-data-matters.
If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint.
Additional information for website owners and employers
When someone visits my website, I use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. I do not make, and do not allow
Google Analytics to make, any attempt to find out the identities of those visiting my website. I use legitimate interests as my lawful basis for holding and using your personal information in this way when you visit my website. I use Google Analytics so that I can continually improve my service to you, You can read Google Analytics privacy notice here https://policies.google.com/privacy I use WordPress as
No user-specific data is collected by me or any third party. If you fill in a form on my website, that data will be temporarily stored on the web host before being sent to me.
T: 07598 488284
Information Commissioner’s Office [Registration number:ZA873443].