This Private Policy is intended to clarify all aspects regarding the protection and privacy of all data provided by you as a client at my private practice. I will endeavour to keep it updated as developments occur in relevant legislation. I am regarded as both Data Controller and Data Processor as I gather, store and process data in my work as a psychotherapist.
1. Data Held
At commencement of a contract, new clients will be asked for relevant personal data including name, address, contact phone number, contact email address, GP and emergency contact names and numbers, any current medications. This data will not be shared with any other party without the client’s consent, unless there is a legal requirement or court order to do so, or where there is immediate risk of substantial harm to them or to others. I will store this data in paper form, in a locked filing cabinet in my home. Personal data also includes session notes, which I will maintain separately on my computer. These notes will consist of a brief manual summary of some of the points or experiences that occur in a session and they will be anonymised so that they cannot be linked to the identity of any person. This information will also be encrypted so only I (through my personal computer) have access to these notes.
2. Data Retention
All personal data will be held by me for a period of 7 years from the date of cessation, in line with professional guidelines of the Irish Association for Counselling and Psychotherapy (IACP). They will then be securely shredded. Data will be held for longer if necessary if there is an on-going or pending court case or complaint.
3. Electronic Data Records
Any emails or text messages received by me (either through my gmail account or through my website www.ruthalvey.com) will be deleted as soon as they have been responded to, or at maximum within a period of one month thereafter. In the event of these communications being relevant to therapy, they will be printed off and stored with session notes, with any identifiable names, addresses, or contact details being redacted. Names and phone numbers will be stored in the contact section of my smartphone but will not identify the individuals in any other way. The smartphone will be secured and password protected.
4. Access to Personal Data
Clients have the right to access their data records via a Subject Request (SAR). This access will be arranged within 30 days. Clients may request the updating or correction of data held. Clients may request the return, copy or deletion of their data. This is subject to legal requirements that I must hold data for a minimum of 7 years. Clients may also request that their data is sent to another data controller in suitable electronic format.
5. Data Breaches
I will notify any affected party of any serious breach of any identifiable data. This would include incidents such as theft, loss, fire, or unauthorised access to another person. The Data Protection Commission will also be notified of any breach.
6. Client Consent Forms in Contract
All clients will be asked to sign a consent form to my holding of relevant personal data as part of our contract of working together. This signed contract will be held in a locked filing cabinet at my home and a copy will be given to the client.
Ruth Alvey, MIACP, Psychotherapist
Tel: 087 187 0535 • firstname.lastname@example.org