Counselling Privacy Statement

The UK GDPR requires Serenity Counselling to have and indicate the lawful basis for processing your information. The following points list the lawful basis on which Serenity Counselling processes your information. 

1. Personal information about you is processed in order to fulfil the counselling contract between you and Serenity Counselling, or because you have asked Serenity Counselling to take specific steps before entering into a counselling contract (e.g. to conduct an initial assessment or contact you).
2. Processing of sensitive personal information is necessary for the establishment, exercise or defence of legal claims. In the event of a legal challenge, the records retained show actions taken or not taken to fulfil obligations. They also show that the therapeutic service is appropriate and meets professional standards and duty of care.  
3. Personal information may be shared with your consent only if it involves providing a report to your funding insurer, medical establishment, legal representative, or other nominated organisation.
4. Personal information that is processed would be necessary for reasons of substantial public interest when it concerns the safeguarding of children and adults at risk of significant harm.
5. Personal financial information is processed as a legal obligation to submit and provide evidence in regards to an annual tax return to HMRC.
6. Serenity Counselling uses the lawful basis of legitimate interests for the use of CCTV in the property external grounds.

Prior to the first session of counselling, information about you will be collected via an encrypted electronic questionnaire that you complete once you have decided to engage in counselling. Alternatively, your GP, other health professional, a parent, or trusted individual may provide your details when making an enquiry on your behalf. Here’s a list of the information that is collected:  

• name, age and date of birth (to identify you)
• home address, phone number, email address (to make contact with you)
• emergency contact name and number (to support you in the event of a medical or danger to life emergency) 
• if you have a disability or mental health issue (as part of the assessment to ensure understanding of your situation)
• what medication you may be taking for a mental health issue (as part of the assessment to ensure understanding of your situation) 
• name of doctor’s surgery and address (as part of the counsellor duty of care, contacting your GP if it is assessed that you would benefit from additional medical intervention. For more information, see section 'is information about me shared with others' .
• other health information (as part of the assessment to ensure understanding of your situation)
• brief information about the reasons for requesting counselling (as part of the assessment to ensure understanding of your situation)

In addition, all communication between you and serenity counselling is also collected. This includes: 

• emails 
• voicemail
• other correspondence

During your time in counselling, a written record will be created after each session. The following information is collected: 

• the main aspects of what is discussed
• actions taken
• any agreements between you and the counsellor
• date and time of the session
• the type of session (i.e. phone, webcam or face-to-face). 
• assessment questionnaire forms or scores 

A record of of fees paid and owed are also collected. This may directly involve your payment information if you are self-funding, or invoices to third-parties (i.e. health insurers) if you are being funded externally.

CCTV is in operation within the property grounds, but not in the counselling room. Facial recognition is not used with this facility.

The information is collected for the following reasons:  

• To adhere to legal insurance requirements  
• To adhere to the legal requirements of our professional body, the British Association for Counselling and Psychotherapy (BACP)  
• To help support you further if your situation significantly deteriorates  
• To support the continuity and accountability of the counselling process  
• To provide you with appointment details and self-help material  
• To contact you in case of cancellation or to discuss an onward referral (e.g. referral to a GP or other service)  
• To contact your GP or those who care about you in case of an emergency

Information about you will only be shared under the following circumstances:

• It is a requirement of the BACP that counsellors receive regular supervision in order that clients receive the best possible provision of counselling. During that supervision themes of the work with you may be shared, although your identity is changed. Supervisors also adhere to a strict code of confidentiality. 
• If it becomes apparent during a session, or in consultation with a supervisor, that there is an imminent risk of significant harm to you or to others, then disclosures may have to be made to the appropriate agencies. This is usually done in consultation with you and only information concerning the risk would be disclosed.
• By requirement of a coroner, court order, legal proceedings, or statutory law (e.g. drug trafficking or terrorism).
• In conjunction with the counsellor’s Therapeutic Will. This would only be enacted in the event of the counsellor’s death, disability or other unexpected circumstances that would prevent the counsellor from continuing to engage in counselling with you. If this occurs, your name and contact details will be shared with the Therapeutic Executor. The Therapeutic Executor will contact you to make you aware of the event, and depending on your circumstance, may signpost you to alternative support. Your contact information will only be shared if you are currently receiving counselling. This does not apply to you if you have already ended your time with the counsellor.
• When sending a report to a third-party (e.g. your external medical insurer, employer assistance program, GP or other organisation). This only happens with your consent and you have pre-agreed this with the third-party.
• When sending invoices to any external funder (e.g. medical insurer). Limited information is used to identify you and often a anonymous code is used rather than your name. No information about what you share in counselling sessions is disclosed during this process.
• When you leave a voice message, this is logged and stored on an encrypted digital cloud system within the European Union. The company that host this have a GDPR policy in place which meets expected security and privacy standards. Please contact Serenity Counselling for information about the company it uses.
• When you send an email to Serenity Counselling, this is stored on an encrypted digital cloud system within the UK. The company that host this have a GDPR policy in place which meets expected security and privacy standards. Please contact Serenity Counselling for information about the company it uses.

• Information about you relating to the counselling and correspondence is stored for 7 years from the date of the final session or communication (or 7 years after your 18th birthday if you are under 18 years of age on the completion of the counselling). Once this time period has elapsed, all information about you is securely destroyed. 
• Information relating to financial transactions are kept for 6 years. 
• CCTV footage is stored on secure servers for 6 weeks and then securely destroyed.

Session records and all information processed about you are securely encrypted in electronic format only. All relevant and up to date security protections are in place and meet the requirements of the General Data Protection Regulations (GDPR) and Data Protection Act 2018 (DPA2018). All data storage facility, email, and voicemail providers which Serenity Counselling utilises to send/receive emails and store data or voice messages, adhere to the GDPR and DPA2018. 

Serenity Counselling conducts some online support through instant message sessions and webcam sessions. The platform used to conduct these sessions is called Zoom. As best as security can be on the internet, the Zoom software provides a highly secure connection. Serenity Counselling makes use of the Zoom option to connect through an end to end encryption, and through European servers only. For more information about the security standards and information that Zoom collects when using its software, please see Zoom’s privacy policy here. 

Serenity Counselling accepts payment via a number of ways, including through a third-party electronic system. For security reasons, the full procedure and security measures for using the payment facility is set out in the counselling agreement. This agreement will only be provided when the first appointment has been provisionally booked, and sent to you through encrypted means. When you use the electronic payment system, you may need to provide financial account data such as your credit card number or bank account number to the third-party service provider. Serenity counselling does not have access to full details of your credit/debit card which you supply to the third-party service provider. However, Serenity Counselling receives data about the transaction, including: your name, date, time and amount of the transaction, the type of payment method used, payment transaction identification number. Serenity Counselling does not share any of your personal information with the third-party payment service provider.   

Serenity Counselling will not request payment from you in any way other than those which are set out within the counselling agreement or agreed between you and the counsellor when you meet with them in person.  

By accepting cookies (small data files) when you first arrive at our website, it allows our website hosting company (GoDaddy.com) to place the cookies in your browser. This will gather data, such as page views within the website, and helps us to optimise how fast our website pages load. This type of data does not contain personally identifiable information. We do not use any other third party cookie to gather data. 

You have a right to:

• be informed about the collection and use of your personal information
• access the personal information held about you
• request that a correction is made to any mistakes you think have been made to personal information about you
• request that personal information held about you is deleted
• request that processing of your personal information is restricted
• request that personal information about you is securely transferred to another organisation
• request that processing of personal information about you is ceased

You can contact Serenity Counselling to make a data access request or complain if you think your rights are not being respected. Please include your full name, address, date of birth, contact number and an email address. If making a verbal or electronic request, you will be asked to verify your identity via photo identification including a utility bill or a bank statement. The data controller, Christian Davies-Trigg, may contact you to verify your details before the request is approved. The GDPR states your request must be completed within 1 month. The contact details are as follows:  

Serenity Counselling 

Goodrich Grove

Newport,

NP10 8SY

Complete this form to make the data access request

If you remain dissatisfied, then you have the right to apply directly to the Information Commissioner for a decision. The Information Commissioner can be contacted at: 

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

www.ico.org.uk

If you are still unsure about certain aspects of the process and have further questions before making a data access request. You can make your enquiry either through the contact page or calling 01633 505225 to discuss.  

Serenity Counselling reserves the right to make changes to this privacy statement. It is therefore advisable to update your knowledge of this privacy statement on a frequent basis. Serenity Counselling will actively inform current users of the counselling service at the time of an update.