Statement regarding how your data is used - Maggie Lomax 24/5/18
The new General Data Protection Regulationscame into force on 25/5/18, effecting and safeguarding the way that personal data is processed and controlled. Because I am a sole trader, I am both the Data Controller and Data Processor for Maggie Lomax Counselling, Training and Celebrancy.
The regulations are largely inapplicable because I do not share your data with any organisations, do not market to individuals or send mass emails, or use social media in respect of my clients. In the case of group emails to group participants, such communication is agreed on a consensual basis.
The GDPR applies in how I collect, store and process your individual data, in line with the contract with each client. The way I collect data is by recording what you have told me about yourself. In exceptional circumstances I may have communication with other professionals involved with you, e.g. your GP, with your agreement, in order to enhance the therapy offered. On very rare occasions I might contact another professional involved with you without your consent; this would only be in extreme circumstances where you were deemed a high risk of harm to yourself or others, as per our contract. In this case I would inform you about this in advance and afterwards, about the result of the communication, and how it might affect our therapy. Occasionally I receive unsolicited contacts from a third party who believes that you are a client. In this instance I decline from discussing anything about you as a client or even if you are one, and state that should I know you I will be obliged to notify you of the contact and its content.
Inevitably you will share sensitive data with me, regarding age, gender, ethnicity, sexuality and health. I do not collect statistics of client profiles or share such information with anyone else, except for the purposes of clinical supervision (see below).
I store your data, including details of address, date of birth and other biographical information you have given me, on paper in a locked filing cabinet in my consulting room, to which no-one else has access. The exception would be in the case of my unexpected death or incapacity, when my therapeutic executor would access it to contact you. I am obliged by my accrediting body, UK Association for Humanistic Psychology Practitioners, to keep records for 7 years after the therapy has ended, after which they are shredded securely. The purpose is both for my own recording of the therapy should you return for further sessions, and in any legal or civil matter, e.g. should you make a complaint against me.
I process your data in anonymised computer records of sessions and clinical supervision. These records are stored on my personal computer and saved on an external hard drive. This is as an aide-memoire between sessions, and my own reflective practice. I record insights from clinical supervision, to help in our ongoing therapy. Should a supervisor think they recognize a client from my introduction, supervision would be transferred to an alternative source. Should I need to present a case study for an accreditation application, or in an article, this would only be done with written permission from you and a contract about how your details were to be anonymised.
The legal basis on which I collect, store and process information about you is a mixture of consent and legitimate interest. Given this basis, it would be unlikely that there would be a case for amendment or deletion of records. Should you think otherwise, I would of course be willing to discuss and consider these options.