When we work with you, we collect some personal information from you in order to provide safe and effective counselling to you. In handling this information, we are bound by General Data Protection Regulations (GDPR) and the BACP’s ethical framework and we hope that reassures you that we are keeping your data safely. You have no legal obligation to provide information to us, but if you do not wish to, we will not be able to work with you. Please do raise any questions you have regarding your privacy either to the office before counselling starts or at your first session.
How and why, we collect your data
When you contact us initially, we take contact details from you and some details about why you are contacting us. This information is added to our waiting lists for counselling and it is passed to a counsellor suitable for you so that they may contact you. When we work with you, we need to ask you some questions, for example, about your mental health. We use this information to ensure we are providing you with the best possible care and we also need to share some information with our funders, such as the NHS. This is done on an anonymised basis and we never share your name with them.
How we store data?
Everyone who works at ARC complies with GDPR and the BACP Ethical Framework in how they store your data. That means that they only keep information that is needed to provide counselling to you. The office managers and your allocated counsellor will only contact you in connection with providing counselling to you.
Your contact details and information you provided to us when you first made contact with the agency is stored in a password protected computer/Dropbox to which only Office managers and The Head of Service have access to. All contact information and forms which are held by your counsellor are kept in a password protected/ locked container. Any session process notes that counsellors might keep are anonymised and kept locked away separately.
Your contact information is securely destroyed by your counsellor when your sessions have ended. Any sessions notes that they might have taken are securely destroyed after a number of years depending on their personal insurance policies. The information held by the office (such as contact information) is kept by us for 2 years and then destroyed securely.
When do we share data?
If we were worried that you or someone else were at risk of serious harm, we may need to break your confidentiality. This would mean we would need to share that information with someone else such as emergency services or your GP. We would always try to discuss this with you first as we will explain to you in your first session with one of our counsellors. There are some cases where we are required by law to disclose information, such as, if there is a court order is issued, child protection issues or in the unlikely event terrorism is suspected. In addition, your case may be discussed at internal supervision sessions, but your name would not be used and all counsellors present are bound by GDPR and the BACP Ethical Framework. Supervision is where counsellors discuss cases to ensure best practice and care are provided to our clients.
In order to provide low-cost counselling, we rely on funding from such organisations as the NHS. In order to receive funding, we have to provide certain data to these funders. They are not interested in identifying who the information comes from, but they are looking for patterns in data to ascertain how affective the counselling is in helping clients. So, we would not provide your full name and any data provided is anonymised by the funder on receipt.
Through the Assessment that is completed in first session with the counsellor, you are also asked to provide personal information that is required by our funders (postcode, month and year of birth, GP details). This information may be shared with funders (primarily the NHS) who then anonymise the data, but your full name and contact details are never given. You have the option not to provide this personal information.
Your rights
You have various rights regarding your own personal data. One of those is that you are entitled to know what data we hold about you. If you would like to know what data we hold, you may send a Subject Access Request to us. This should be sent to:
You have a right to a copy of any personal data that we hold about you. Any request for such data should be made in writing to the Data Protection Officer, Paul Cassidy.
You can also learn more about your rights at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/