Privacy Notice
Your privacy is of great importance to me and I am committed to complying with the terms of the General Data Protection Regulation (GDPR) regarding the responsible and secure use of your data.

I have a legitimate interest in processing personal data in order to provide counselling, psychotherapy and other forms of psychological support. The purpose of this statement is to let you know what information I collect and hold, why this data is collected, how long it is kept and what your rights are with regards to this personal data. I am registered with the Information Commissioners Office (ICO) and my registration number is Z3340399.

When you agree to undertake counselling, psychotherapy or any other form of psychological consultation with me, you will be asked to consent to the processing of your data under the terms of this policy.

What Information Do I Collect?

I collect personal data such as name, address, date of birth, gender, GP/medical practitioner details, telephone number and e-mail address. I may also collect any data you give me regarding personal history and family background, alongside potentially sensitive data relating to medical and mental health conditions.

What Do I Use Your Information For?

I use your information in the following ways :-

* To provide counselling, psychotherapy and other forms of psychological support - which includes writing brief handwritten notes after sessions.
* To notify you about any changes to your appointment times or the services I provide.
* To fulfil any administrative, legal, ethical and contractual obligations.
* To occasionally share resources (eg. website links, book recommendations) with you relevant to any work I am undertaking with you.

What Information Do I Share?

I will not share any information about you with other organisations or people except in the following situations :-

* Supervision. I discuss my client work on a regular basis in supervision, and this is in the context of a professional relationship with a view to safeguarding and developing my practice. Like me, my supervisor is a member of the BACP who works within their ethical framework.
* Consent. I may share information with relevant medical professionals or others whom you have requested or agreed I may contact.
* Serious Harm. I may share your information with the relevant authorities if I have reason to believe this may prevent serious harm being caused to you or another person.
* Compliance With Law. I may share information when the law requires me to - ie. safeguarding, terrorism, drug trafficking and serious crime.
* Clinical Will. I have a clinical will which means in the event of my sudden death or a serious accident or illness that renders me incapacitated, a named colleague will be able to access the contact details of my clients and notify them.

How Do I Keep Your Information Safe?

* All information you provide to me is stored as securely as possible. I take all reasonable precautions to prevent the loss, misuse or alteration of information given.
* All paper forms, notes and correspondence are kept in locked filing cabinets and all electronic files are kept on password protected devices with virus protection software.
* Any formal reports I write are password protected and sent through a secure encrypted e-mail provider (Protonmail).
* For online e-mail work I will recommend we use Protonmail for added security or that we exchange messages in the form of password protected documents.
* For live chat or audio-webcam appointments I will recommend we use Zoom which, again, features end-to-end encryption for added security.
* Client notes are kept separately from any identifiable personal information.
* Client notes and any other forms of documentation are destroyed seven years after the completion of counselling, psychotherapy or any other psychological support services offered.
* If clients choose to contact me by text or mobile phone, I store their numbers under their initials as opposed to under their full names. I also disable e-mails from popping up on my mobile phone screen where content may be visible to others.
* Any known data breaches will be reported to the ICO within 72 hours.
* Any requests for personal data need to be made through a subject access request will be supplied within one month.
* My website, www.felicityrunchmancounselling.co.uk, is maintained by Webhealer. Your details are not stored on their systems for any contact requests made through them. The website does not require cookies to function properly.

Your Rights

Under the GDPR, you have the right to :-

* Access your personal data; rectify erase or restrict your data; object to the processing of your data; request transfer of data (data portability).
* You may withdraw your consent for me to hold or process your data at any time. However, if you do this whilst actively receiving counselling, psychotherapy or other psychological support services from me these would have to end. You can withdraw your consent by stating this on an e-mail to enquiries@felicityrunchmancounselling.co.uk
* If you have any concerns about the way I handle your data, please discuss with me in person or contact enquiries@felicityrunchmancounselling.co.uk . If you feel this has not been resolved effectively you have the right to contact the Information Commissioners Office (www.ico.org.uk).
* Any complaints about my clinical practice can be taken up with the BACP (www.bacp.co.uk) through their professional conduct procedure. However, I would always encourage you, in the first instance, to discuss with me in person any aspects of my services that you are unhappy with.

Changes To This Policy

This document is a work in progress and may be amended from time to time.