PRIVACY AND DATA PROTECTION STATEMENT

This document explains how Undra Astbury Counselling collects, stores, and processes personal data. ‘Personal data’ refers to information related to a living person who can be identified from the data itself or other associated information, in line with the Data Protection Act (DPA) 2018. It covers all principles mandated by the DPA, known as the ‘data protection principles,’ which ensure that information is:

• Used fairly and lawfully.
• Used for specific, clearly stated purposes.
• Adequate, relevant, and not excessive.
• Retained only as long as necessary.
• Kept secure and protected.
• Not transferred outside the European Economic Area (EEA) without proper safeguards.

The person responsible for compliance is:

Undra Astbury Counselling, which manages personal data, internal and external access requests, and the usage of collected information.

Understanding informational privacy:

It is the right of individuals to control, modify, manage, and delete information about themselves, and to decide how and to what extent that information is shared. Privacy breaches can occur through excessive collection, unauthorised disclosure, or misuse of personal data. This includes surveillance, monitoring of public or private behaviours, communications via post, phone, or online, and tracking sender and recipient records, as well as message contents.

Why I need your information:

To administer and deliver the service you requested and to fulfil legal or professional obligations related to that service.

How I will use your information:

To contact you, record your consented personal details, document session notes, and issue invoices if necessary.

Where the data is stored:

• Handwritten, coded notes are kept in a locked file to ensure anonymity.
• Your contact details are stored separately in a locked file.
• Your first name is on my mobile phone and will be deleted after therapy.
• Your first name appears in my diary.
• For clients referred through a Solicitor, a report may be saved on my password-protected computer at the start and end of therapy. This is the sole exception to handwritten notes.

When and how I delete your data:

• Upon your request or six years after our last contact, data is deleted electronically, and paper records are shredded. For clients under 18, records are retained until age 25 or six years after last contact, whichever is later.

Passing on information:

I will only share personal data if:

• There is a safeguarding concern for you or others, in which case I will contact relevant parties.
• My supervisor will be handed all my counselling-related paperwork should I become indisposed, and will destroy notes accordingly.
• You request it.
• There is a legal requirement, such as a court order.
• For solicited trauma therapy reports, these are emailed to relevant parties with client consent and password protection. This is the only exception to handwritten records.
• No CCTV or recording devices are used on the premises.

You may request access to or deletion of your records at any time. See https://ico.org.uk/for-the-public/personal-information/ for guidance.