My name is Chrissy King and I am a fully qualified, DBS-checked, professionally insured and BACP-registered counsellor registration no.391662. My contact details can be found on the ‘GET IN TOUCH’ section of my website. I am registered with the Information Commissioner’s Office (ICO) reference no. C1096391. Your privacy is very important to me and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me. I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

This privacy notice tells you what I will do with your personal information from initial point of contact through to after your therapy has ended, including:

• Why I hold your personal information.

• How I use your personal information.

• How I store it and for how long.

• Who it might be disclosed to in special circumstances.

• Your data protection rights.

‘Data controller’ is the term used to describe the person who collects, stores and has responsibility for people’s personal data. In this instance, the data controller is me.

The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. If you're in contact with me to consider having therapy or are currently having therapy with me, I will process your personal data where it's necessary for the performance of our contract. If you've had therapy with me and it has now ended, my lawful basis for holding your personal information is legitimate interest.

The GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately. The lawful basis for me processing this ‘special category’ of personal information is that it is for the provision of health treatment (in this case counselling) and necessary for a contract with a health professional (in this case, a contract between me and you).

INITIAL CONTACT. When you contact me with an enquiry about my counselling services I will collect information to help me satisfy your enquiry. This will include your name, phone number, email, address, date of birth, GP name, address and phone number and a brief description of the issues you would like to address. Alternatively, your GP or other health professional may send me your details when making a referral or a parent or trusted individual may give me your details when making an enquiry on your behalf. If you decide not to proceed I will ensure all your personal data is deleted within one month. If you would like me to delete this information sooner, just let me know.

WHILE YOU ARE ACCESSING COUNSELLING. Rest assured that everything you discuss with me is confidential. That confidentiality will only be broken if I have any concerns regarding your safety or the safety of others. I will always speak to you about this first, unless there are safeguarding issues that prevent this. I will keep a record of your personal details to help the counselling services run smoothly. These details are kept securely electronically on devices that are password-protected and in files that are further protected by password, and only accessible by me. Names and contact details are stored separately from other anonymised personal information. I keep notes of each session and these are also kept electronically as above. For security reasons I do not retain text messages or emails for more than one month. If these contain relevant information I will transfer and keep it with your other details.

AFTER COUNSELLING HAS ENDED. Once counselling has ended your records will be kept for a period of 7 years from the date of our last session and are then securely destroyed. If you want me to delete your information sooner than this, please tell me.

I try to be as open as I can in terms of giving people access to their personal information. You have a right to ask me to delete or limit how I use your personal information, or to correct mistakes or stop processing it. You also have a right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances. You can read more about your rights at ico.org.uk/your-data-matters. To make a request for any personal information I may hold about you, please email me at chrissyking10@protonmail.com.

If you have any worry or complaint about how I handle your personal data, please email me. I would welcome any suggestions for improving my data protection procedures. If you want to make a formal complaint about how I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint.

I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept secure. Your details are kept securely electronically on devices that are password protected and in files that are further protected by password and only accessible by me. I also maintain the latest spyware and virus protection software on all electronic devices.