This Privacy Policy outlines how Purple Couch Therapy collects, uses, stores, and protects your personal data in accordance with data protection regulations, including the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. As a professional counsellor, maintaining your confidentiality and trust is of paramount importance.
1. Who I Am. Fiona Shea is the Data Controller for your personal information. If you have any questions about this policy or how your data is handled, you can contact me at info@purplecoucjtherapy.co.uk or by sending a message via the 'Contact Us' button.
2. The Type of Personal Data I Collect To provide an effective therapeutic service, I collect and process the following information:
- Personal identifiers: Name, date of birth, home address, phone number, and email address.
- Emergency contact details: The name and contact information of your General Practitioner (GP) or a designated next of kin.
- Sensitive personal data (Special Category Data): Health and medical histories, psychological histories, and brief, anonymised clinical notes recorded after each session to track the progress of our work.
3. How I Obtain Personal Data and Why I Have It. Most of the personal information I process is provided directly by you for one of the following reasons:
- You made an initial enquiry via email, phone, or website contact form.
- You completed an initial consultation form during our first session.
- You share personal details during our ongoing counselling sessions.
Under data protection laws, the lawful bases I rely on for processing this information are:
- Performance of a Contract: To fulfil the therapeutic agreement we establish, including scheduling appointments and communicating about your care.
- Legitimate Interests: To maintain necessary records for professional accountability and clinical reflection.
- Special Category Data Exemption: The processing of health-related data is necessary for the provision of health or social care treatment, based on a professional contract of confidentiality.
4. How I Store and Protect Your Data. Your privacy is protected by secure data storage systems:
- Digital records: Any contact information, emails, or digital session notes are stored on encrypted, password-protected devices or secure, GDPR-compliant practice management platforms.
- Paper records: Any physical intake forms or handwritten notes are kept in a securely locked filing cabinet accessible only by me.
- Electronic communication: Text messages and emails are reviewed regularly and deleted within [e.g., one month] unless they contain vital clinical information that must be transferred to your secure record.
5. Confidentiality and Data Sharing. Everything discussed within our counselling sessions remains strictly confidential. I will not share your data with third parties without your explicit consent, except under the following exceptional circumstances:
- Legal requirements: If I am compelled by a court of law or legal mandate (such as cases relating to terrorism or money laundering).
- Safeguarding and harm: If I have reason to believe that you or someone else (particularly a child or vulnerable adult) is at risk of serious harm, I may need to contact your GP or relevant emergency services. I will always endeavour to discuss this with you first.
- Professional Supervision: In line with professional ethical bodies like the British Association for Counselling and Psychotherapy (BACP), my work is regularly supervised. During supervision, client details are completely anonymised to preserve your identity.
6. Data Retention. I only keep your personal information for as long as is necessary to satisfy clinical, legal, and insurance obligations.
- Client notes and intake records are retained for a period of [e.g., 7 years] following the termination of our therapy, in accordance with standard professional insurance guidelines.
- After this period, all digital records will be permanently deleted, and physical documents will be securely shredded.
7. Your Data Protection Rights. Under data protection law, you have specific rights regarding your personal information, including:
- Right of access: You have the right to request copies of the personal data and session notes held about you.
- Right to rectification: You have the right to ask me to correct or complete any information you believe is inaccurate or incomplete.
- Right to erasure: You can request that I erase your personal data, though this right is limited by my legal and professional insurance obligations to retain clinical records for a set period.
- Right to object or restrict processing: You have the right to object to or ask to restrict how your data is processed under certain circumstances.
8. How to Complain. If you have any concerns about how your data is handled, please raise them with me directly so we can resolve the issue. Your complaint will be acknowledged within 30 days. If you remain unsatisfied, you have the right to lodge a formal complaint with the relevant regulatory body, such as the Information Commissioner's Office (ICO) in the UK.