1. Who I am and what I do.
Catherine Nabbs Counselling is a Private Practice counselling service run by Catherine Nabbs.
Catherine Nabbs is registered with the Information Commissioners Office, under registration reference ZA212093. Any data collected will be used and held in accordance with the requirements of the EU General Data Protection Regulations (GDPR).
Catherine Nabbs is the Data Controller and Data Processor and responsible for obtaining, filing, processing and keeping your personal information confidential.
For further information about my privacy practices please email Catherine Nabbs at: firstname.lastname@example.org or phone: 07538 040370
2. How I collect information about you.
I collect information from you when you interact with me directly. This could be if you ask me about my counselling practice, engage in a counselling assessment or begin therapy with me. This includes when you get in touch via direct email.
My website uses technical cookies which are used to provide a smooth running website. I do not use profiling cookies (which store statistical records and require user consent).
3. Specific information I collect from you and why I need it.
• If you decide to receive counselling from me:
You will first of all be asked to complete a counselling agreement form. Here your name, address, date of birth, emergency contacts and medical information will be taken. However, before this occurs, you will be asked to give consent for me to hold this information about you. All of this information is required in order to help provide you with the best service and ensure that I can keep you safe medically if something happens to you during a session. During the initial assessment you will also be asked for a brief description of why you are seeking counselling at this time and I will use this information to complete an assessment sheet. This assessment sheet will not hold any personal details and a code will replace your name.
If both you and I are happy to proceed with counselling, you will then be asked to sign the counselling agreement.
Catherine Nabbs will securely store your data for six years from the date you end your counselling agreement. The retention period is calculated in relation to client information that might be needed in a court of law.
Please note that counselling cannot take place if consent is not given to hold your personal information.
A special note about the Sensitive Personal Information I hold.
Data Protection Law recognises that some categories of personal information are more sensitive. Sensitive Personal Information can include information about a person’s health, race, ethnic origin, political opinions, sex life, sexual orientation or religious beliefs.
If you contact me in order to receive counselling, you may choose to provide details of a sensitive nature.
I will only use this information for the purposes of working with you in a therapeutic relationship. I will not pass on your details to anyone without your express permission except in exceptional circumstances. These are: if I am requested to do so by a court of law, if you are at risk of seriously harming yourself or someone else, if you tell me about a child being abused or at imminent risk of being abused and if I didn’t, it would be a criminal offence for me (related to drug trafficking and terrorism).
4. Who will see your personal information.
Counselling agreement form.
This will only be seen by Catherine Nabbs. Nobody else will be allowed to see these details. Your name, address and medical details will be stored in a separate locked place from the brief details about what you are seeking counselling for.
Case notes & questionnaires.
Case notes written by Catherine Nabbs and any questionnaires completed by you will also be coded to protect your identity. Unless these notes are subpoenaed (ordered) by a court of law, only your counsellor has access to these notes.
5. How do I use your information?
I may use your personal information for:
• Dealing with your enquiries, requests and complaints
• Complying with my legal obligations and procedures
• Providing and personalising my service
• Communicating with you via letters, phone calls, texts or emails
• In certain circumstances to contact your GP or emergency contacts
• Clinical supervision (mandatory for all counsellors to ensure professional and ethical competence. Your identity will not be revealed to the supervisor and codes will be used).
6. Sharing your information.
I will never sell or share your personal information with organisations so that they can contact you for any marketing activities.
The personal information I collect about you will only be used by me so that I can support you.
I adhere to a strict code of confidentiality. However, confidentiality has its limitations and there may be certain circumstances when this issue is compromised and there is a direct conflict with my legal and ethical obligations as a counsellor. Such circumstances include when there is danger of you causing significant harm to yourself or others, if you disclose about a child being abused or in imminent danger of being abused, drug trafficking, any intention to commit an act of terrorism or if we are required by a court of law to disclose information.
7. Keeping your information safe.
I take looking after your information very seriously. I have implemented appropriate physical and technical measures to protect the personal information I have under my control, both on and off-line, from improper access, use, alteration, destruction and loss.
8. How long I hold your information for.
Counselling records for adults will be kept for six years from the final counselling session.
9. Your rights.
You have various rights in respect of the personal information I hold about you. These are set out in more detail below. If you wish to exercise any of these rights or make a complaint, you can do so in the first instance by emailing Catherine Nabbs: Catherine.email@example.com or by telephone: 07538 040 370. You can also make a complaint to the data protection supervisory authority, the Information Commissioner’s Office: https://ico.org.uk
• The right to rectification (GDPR Chapter 3 Article 16)
• The right to erasure (GDPR Chapter 3 Article 17)
You can ask me to delete your personal information where:
• The right to restrict processing (GDPR Chapter 3 Article 18)
You can ask me to restrict the personal information I use about you where:
• The right to data portability (GDPR Chapter 3 Article 20)
You can ask me to provide you or a third party with some of the information that I hold about you in a structured, commonly used, electronic form so it can be easily transferred.
• The right to object (GDPR Chapter 3 Article 21)
There are three rights which you have to object to your personal information being processed if there is something about your particular situation which makes you want to object to processing on this ground. The only absolute objection is to direct marketing. The other two rights relate to scientific, historical, research and statistical purposes or whether it is necessary for the public interest or official authority.
There must be adequate grounds for you to make an objection. I may have compelling legitimate grounds for the processing of your information and that can override your right to object.
• The right of automated decision making and profiling (GDPR Chapter 3 Article 22)
Automated decision making takes place when an electronic system uses personal information to make a decision without human intervention. You have the right not to be subject to automated decisions that will create legal effects or have a similar impact on you, unless you have given me your consent, it is necessary for a contract between us or it is permitted by law.
I do not currently carry out any automated decision making.
• Restrictions (GDPR Chapter 3 Article 23)
Please note that some of these rights only apply in certain circumstances and I may not be able to fulfil every request, particularly:
10. In the event of a data breach (GDPR Chapter 4 Article 33)
In the unlikely event that your personal information is breached in any way, the Data Controller will inform the supervisory authority within 72 hours after having become aware of the breach, unless the Data Controller is able to demonstrate, in accordance with the accountability principle, that the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
Catherine Nabbs Counselling
The Old Court
Phone: 07538 040 370