Privacy policy

Helen Maggie Watson

Your privacy is very important to me and I am committed to keeping your personal information safely and securely. I will only use your information for the purposes it was provided. I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

This privacy notice tells you what I will do with your personal information from initial point of contact until after our work together ends, including:

  • Why I collect and process your information
  • The timescale for retaining your data
  • Exceptional circumstance when there may be other recipients of your personal information
  • Your data protection rights

I am registered with the Information Commissioner’s Office.

Data Controller

I am the data controller.

Personal Data Processed

  • Personal data includes basic contact information: name, address, email, contact number, and GP contact details.
  • Sensitive data includes your signed consent - working agreement, notes, email, completed questionnaires, outcome measures
  • If you are funded by a third party I will hold their details including your relationship with them.

Lawful Basis for Data Processing

I have a legitimate interest in using the personal data and sensitive personal data collected to provide psychotherapy, counselling, therapeutic coaching, coaching and mentoring services. It is necessary to collect this data to enable me to provide the above services to you and to identify you should an issue or risk arise and your GP needs contacting. No information you provide is passed on without your consent. I will never sell your information to others or release your information except when compelled by law.

What I do with your personal data

I take your privacy seriously. I will only use your personal information to provide the services you have requested. If you do not provide the personal information requested, then I may be unable to provide services to you as I have to collect identifiable information in case there is a concern regarding risk to self and others and I need to contact a third party concerning this risk; I have a legal responsibility.

How long I store your information

I will store your personal information and sensitive personal data defined above for a period of three years after our work together has ended. After this time, data is deleted at the end of each calendar year.

How I use your personal information

I use the information I collect to help me to provide my services which includes sending and requesting information in line with our contract. This will support the administration of our work and may include information of a psychoeducational nature, helpful media publications, questionnaires or homework you undertake.

Sharing of information

I hold information about you and the services you receive in confidence. This means that I will not normally share your personal information with anyone else. However, there are exceptions to this when there may be need for liaison with other parties:

  • If you are funded by a third party I will provide appointment schedules if requested.
  • Only while we are working together, if I die or become incapacitated in a way which prevents me from contacting you personally. In this unlikely event the executor of my Clinical Will would be notified and will be allowed to access you name and contact details which are held securely by ClinicalWill.app
  • In exceptional circumstances, I might need to share personal information with relevant authorities:
  • When there is need-to-know information for another health provider, such as your GP.
  • When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example, if information comes to light regarding acts of terrorism, drug trafficking, child protection, or court order.
  • When the information concerns risk of harm to yourself, or risk of harm to another adult or a child. I will try to discuss such a proposed disclosure with you unless I believe that to do so could increase the level of risk to you or to someone else.

I will NOT confirm you are a client or share your personal information with anyone unless to do so meets the above exceptions. I will never share your personal information with third parties for marketing purposes.

How I ensure the security of personal information

My WiFi, computer and phone are password protected. Any information stored on third party servers is protected with two factor authentication and deleted within 90 days. Malware and antivirus protection are installed on my computer and phone. In addition your notes are password protected and are not linked to any identifiable personal data I hold.

Your right to access the personal information I hold about you

  • You have a right to access the information I hold about you.
  • I will usually share this with you within 30 days of receiving a request.
  • I may request further evidence from you to check your identity.
  • A copy of your personal information will usually be sent to you in a permanent form (that is, a printed copy).
  • You have a right to get your personal information corrected if it is inaccurate.
  • You can complain to a regulator. If you think that I haven’t complied with data protection laws, you have a right to lodge a complaint with the Information Commissioner’s Office.
  • I reserve the right to refuse a request to delete a client’s personal information prior to the three year period. This timescale is recommended within the British Association for Counselling and Psychotherapy (BACP) guidance for data retention.

If you require any additional clarification about my Privacy Policy then I will be happy to discuss this with you if we decide to work together.