My responsibilities: 

As a data controller of the personal information I collect and hold about you, I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR) and the Data Protection Act 2018. I am registered with the Information Commissioners Office (ICO), the independent supervisory authority for data protection in the UK.

As a Senior Accredited Member of the National Counselling & Psychotherapy Society (NCPS), I also abide by their Code of Ethics: https://ncps.com/about-us/code-of-ethics

This privacy notice tells you what I will do with your personal information. This policy does not apply to the practices of third parties that I do not own or control.

What information I collect, use, and why:

The personal information I collect includes your name, email address and mobile phone number. This is only used to contact you and schedule our sessions. I will not use your contact details for the purposes of marketing or research. I do not collect, use or disseminate any personal information about you via this website – any data you provide via the contact form will be sent directly to me via email.

If your sessions are funded via a health insurance company, I may require additional information such as your policy number.

I rely on your consent as the lawful basis for processing your personal information.

Who I share your information with:

I will only share your personal information where I am required to do so by law:

• Under the NCPS code of ethics, the limits to confidentiality include my legal requirement to report to a relevant authority any current terrorist activity, money laundering, people trafficking, and child abuse. In such circumstances, any third parties processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
• If I am audited, I will be required to share my accounts with HMRC, including invoices and bank statements on which your name may be visible. HMRC are compliant with the General Data Protection Regulation (GDPR) and Data Protection Act 2018.

I receive professional supervision from a qualified and experienced professional, an accredited supervisor, who is bound by the BACP (British Association for Counselling and Psychotherapy) code of ethics and conduct. I do not disclose any identifiable personal information about my clients to my supervisor.

How long I keep your information:

All personal data I hold about you will be securely deleted 3 years after your sessions with me have ended. 

Keeping your personal information secure:

I do not take client notes during or after sessions unless I am seriously concerned about risks to your or another’s life. Any process notes I keep do not contain any of your personal or identifying information.

I have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. Your phone number is saved using only your initials on my mobile phone, which is used solely for work purposes. All of my devices are password protected. My bank statements are electronic only and password protected.

I also have procedures in place to deal with any suspected data security breach. I will notify you and the ICO as the data protection regulator of a suspected data security breach where I am legally required to do so.

Your data protection rights:

Under the General Data Protection Regulation you have a number of important rights free of charge, including:

• Access – you have the right to ask me for copies of your personal data.
• Rectification – you have the right to ask me to correct personal data you think is inaccurate, or to complete information you think is incomplete.
• Erasure – you have the right to ask me to erase your data in certain circumstances.
• Restriction of processing – you have the right to ask me to restrict the processing of your personal data in certain circumstances.
• Object – you have the right to object to my processing of your personal data in certain circumstances.
• Data portability – you have the right to request that I transfer the personal data you gave me to another data controller, or to you, in certain circumstances.
• Withdraw consent – you have the right to withdraw your consent at any time.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.

If you would like to exercise any of those rights, please contact me using the details at the bottom of this privacy notice. If you make a request, I have one calendar month to respond to you.

How to complain:

If you have any concerns about my use of your personal data, please get in touch – I hope that I can resolve any queries or concerns you raise.

You also have the right to complain to the ICO, the UK’s data protection regulator:

ICO helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Changes to this privacy notice:

This privacy notice may be updated from time to time, so please check occasionally for any updates. This notice was last updated on 26 June 2024.

How to contact me:

Please contact me if you have any questions about this privacy notice or the information I hold about you by sending an email to info@mattepsychotherapy.com