The General Data Protection Regulation (GDPR)

This privacy policy governs the manner in which Joanna Papadopoulos uses, maintains and discloses information collected from clients. This privacy policy applies to the practice, website and services offered by Joanna Papadopoulos online, by telephone or within her private practice.

From 24 May 2018 clients will be sent a digital copy of this Privacy Policy if they wish to continue therapy after their Initial consultation. You will be asked to digitally sign that you understand and agree with how information is collected, stored and held before ongoing therapy can begin. 

Personal Information I collect
Name
Occupation
Address
Contact number
Therapy history
Medical information relevant to counselling including GP contact details, medical / medication history where appropriate
Client expectations/goals for therapy 

How I store information
I am registered with the Information Commissioner’s Office (ICO) and in accordance with the General Data Protection Regulations (GDPR) 2018, any records pertaining to our sessions will be kept confidential and held in a secure manner: 

• My Computer is locked using a secure password. I store names and contact details in a password protected Apple Pages document, and client notes in another without identifying details.
• My Smartphone is locked and is only accessible using a biometric fingerprint scanner or password. I store your contact number using a code rather than a name as an identifier.
• Emails and addresses are stored in my email account where a two-factor authentication is set up to secure data. I periodically delete emails if not specifically necessary to our work.
• SMS messages are assigned to codes and not names. I periodically delete SMS messages if not specifically necessary to our work.
• Website and directories – no personal information is stored other than to momentarily collect and send enquiries to my email account for initial contact purposes.

Third party websites

Clients will find content on my website that links to websites of other third parties. I do not control these sites and I am not responsible for how they collect, store or use information

Documentation held

• Client code
• Client sessional notes kept for 5 years to comply with Insurance policy terms
• Emails – relating to organising sessions or sending useful materials 

How I may share your personal information

• Supervision – I attend bi-weekly clinical supervision to ensure my practice remains safe and ethical. Session details and client codes may be shared with my Supervisor.
• Therapeutic Will – your name and contact details will be shared securely with my Therapeutic Executor so that in the unlikely event of my sudden death you can be contacted should you still be in therapy with me. My Therapeutic Executor will sign a confidentiality agreement document.
• Emergencies – if your health is in jeopardy I may share your details with a healthcare service such as your GP or Mental Health Crisis Team. Where possible I will always discuss this with you first.

Erasing your information 

• All electronic enquiries are erased after 3 months. All texts and contact numbers are erased 3 months following the cessation of therapy
• I hold your written information for up to 5 years following the cessation of therapy. This is so I have a reference should you decide to return to therapy in the future.

Your Rights

Right to Access – you have the right to ask for a copy of your personal information, free of charge, in an electronic or paper format. You also have the right to ask me to amend or change any incorrect information about you.

Right to be Forgotten – you have the right to ask me to erase any information that I hold about you. This includes your personal information that is no longer relevant to original purposes, or if you wish to withdraw consent. In all cases and when considering such requests, these rights are obligatory unless it is information that I have a legal obligation to retain.

Data Portability – as the client, you have the right to receive your personal information which you previously provided, also you have the right to transfer that information to another party. For the purposes of the General Data Protection Regulations (GDPR) 2018, the data “controller” is Joanna Papadopoulos (Orchard Cottage Counselling).