1. Data Held
At commencement of therapy new clients will be asked for relevant personal data including name, address, contact phone number, contact email address, GP and emergency contact names and phone numbers, and any current medications. This data will be held in paper form in a locked filing cabinet. Session notes will also be kept in a separate locked filing cabinet. These notes will consist of a brief manual summary of some of the points or experiences that occur in a session and they will be anonymised so that they cannot be linked to the identity of any person. Personal information shared by clients will not be shared with any other party without their consent, unless there is a legal requirement or where there is immediate risk of substantial harm to them or to others.
2. Data Retention
All personal data will be deleted/shredded following the end of therapy. Anonymised sessions notes can be kept up to three years. They will then be shredded. Personal data and session notes can be held for up to seven years if there is a legal requirement or risk of significant harm to self or to others.
3. Electronic Data Records
Any emails or text messages received by me (either through my gmail account or through the website www.mytherapeuticspace.com) will be deleted as soon as they have been responded to, or at maximum within a period of one month thereafter. In the event of these communications being relevant to therapy, they will be printed off and stored with session notes, with any identifiable names, addresses, or contact details being redacted. Names and phone numbers will be stored in the contact section of my smartphone but will not identify the individuals in any other way. The smartphone will be secured and password protected.
5. Access to Personal Data
Clients have the right to access their data records via a Subject Access Request (SAR). This access can be arranged within 30 days. Clients may request the updating or correction of personal data held. Clients may request a copy or deletion of their personal data.
6. Data Breaches
I will notify any affected party of any serious breach of any identifiable data. This would include incidents such as theft, loss, fire, or unauthorized access by another person. The ICO will also be notified of a serious breach of data.
7. Client Consent Forms
All clients will be asked to sign a consent form regarding the use of personal data as part of our contract of working together. This signed consent form will be held in a locked file.