Shelley Henderson Therapy has a legitimate interest in processing personal data to provide counselling and psychotherapy services. Your data and your privacy are very important to me and Shelley Henderson Therapy is committed to complying with the terms set out in the General Data Protection Regulation (GDPR). This involves the responsible and secure use of your data. As such, this data protection and privacy notice may need to be updated periodically to comply with these regulations and best practice recommendations.
Shelley Henderson Therapy is registered with the Information Commissioner's Office (ICO), reference ZB734417. This data protection and privacy notice lets you know what personal information Shelley Henderson Therapy will collect and hold, why I collect this data, how long it is stored for and your rights over your personal data. I am happy to chat through any questions you might have about this data protection and privacy notice. You can contact me via email at: shelley@shelleyhendersontherapy.co.uk.
Initial contact.
I collect personal information from you when you enquire about my counselling and psychotherapy (therapy) services to help me satisfy your enquiry. Your enquiry and your data will be accessed via a business email account. This information may include your name, address, telephone number, email address, age and pronouns, as well as any relevant information about your specific requirements. Additionally, I need to be aware of any medical conditions (including prescribed medications), communication or support needs that may be relevant to our work together or may have the potential to impact our work during therapy sessions.
Alternatively, your Doctor (GP) may send me your details when making a referral or a parent or trusted individual may give me your details when making an enquiry on your behalf (i.e.) if you are aged under 18 years. If you decide not to proceed, I will ensure all your personal data is deleted within ten working days. If you would like me to delete this information sooner, please let me know.
I will not sell your data on or use it for unethical reasons.
Whilst you access counselling and psychotherapy.
If you decide to undertake therapy with Shelley Henderson Therapy, rest assured that everything discussed with me during our sessions is confidential, meaning that I do not share your personal information or the content of discussions during our work together with another person or organisation. Clinical work is discussed with my supervisor to maintain the quality of therapeutic work, and to ensure safe and ethical counselling and psychotherapy practice. This is a requirement of my professional body, BACP. Your details will be anonymised so that you are not identifiable. Please note that there are certain exceptions to confidentiality where a breach of confidentiality may be required (see ‘Section 3. When will I share your data?’).
Your personal information will be used to manage communications to arrange and hold therapy sessions. Depending on your circumstances, I may need to hold information for an emergency contact in the event of an emergency, in addition to your doctor’s contact details. These details are kept securely on password protected devices and are not shared with another person or organisation.
I will keep brief notes of each therapy session, which are minimal, factual and contain information about themes or courses of action during our work together. This is in keeping with the guidance set out by my professional body, BACP. These notes are anonymised with no identifying details, and you are given a unique client reference to maintain client confidentiality. Digital notes are kept on password protected documents and stored on a One Drive. Devices systems use password protected access and anti-virus software, which is kept up to date. Hand-written notes will be kept securely in a locked cabinet.
For security reasons I do not retain text-based messages for more than seven working days. Note this timeframe does not include periods of annual leave. If there is relevant information contained in a text-based message, such as a change in health or support needs, risk assessment or safeguarding concerns, I may record this information in your therapy notes. Likewise, any email correspondence will be deleted after seven working days if it is not relevant to your therapeutic needs.
After ending counselling and psychotherapy.
Once a client finishes therapy, all data regarding their therapy sessions is stored securely for seven years and then destroyed. For clients under the age of 18, data is stored for seven years after their eighteenth birthday.
A breach of confidentiality is when a person shares information with another person or organisation under circumstances where it is reasonable to expect that the information will be kept confidential. Examples of such circumstances are not restricted to and may include the following:
I will take all reasonable precautions to prevent the loss, misuse or alteration of information that you give me. However, absolute security in the digital world does not exist. Communications in connection with my services may be sent by email or text message. For ease of use and compatibility, communications will not be sent in an encrypted form unless you require it and give me permission to communicate with you in this way. Email, unless encrypted, is not a fully secure means of communication. Whilst I endeavour to keep my systems and communications protected against viruses and other harmful effects, I cannot bear responsibility for all communications being virus-free.
I try to be as open as I can be in terms of giving people access to their personal information. Under the GDPR, you have a number of rights related to collection and use of your data, which you can read about at: www.ico.org.uk/your-data-matters.
If you would like to see the information Shelley Henderson Therapy holds about you, or would like to correct, update or delete any records, please make your request via email at: shelley@shelleyhendersontherapy.co.uk. Please note that requests will be responded to within one calendar month. Exceptions to erasing data can be read about at the ICO website, detailed above.
If you have any concerns about my use of your data, please contact me directly at: shelley@shelleyhendersontherapy.co.uk. I will do my best to resolve any concerns you have and would welcome any suggestions for improving my data protection procedures. If for any reason I cannot resolve the issues discussed, you may choose to contact the ICO directly.
When someone visits my website, I use a third-party service, GoDaddy, to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. I do not make, and do not allow GoDaddy to make, any attempt to find out the identities of those visiting my website. You can read Go Daddy’s privacy notice here: https://www.godaddy.com/en-uk/legal/agreements/privacy-policy.
Like most websites we use cookies to help the site work more efficiently - find out about the use of cookies here: https://www.godaddy.com/en-uk/legal/agreements/european-supplemental-privacy-notice. No user-specific data is collected by me or any third party. If you fill in a ‘Contact me’ form on my website, that data will be temporarily stored on the web host before being sent to me.
I use legitimate interests as my lawful basis for holding and using your personal information in this way when you visit my website.
Please note, if you do not consent to me using your data as described, it is unlikely that I will be able to work with you.
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.