- Personal data – This is any information about yourself as a client of Crossroads Counselling that identifies you, e.g. a name, email or postal address. Identification can be by such information alone or in conjunction with any other information, e.g. counselling notes.
- Data Controller – This is Crossroads Counselling and we decide, for our purposes, the way in which your personal data is processed. This is done according to standards of good practice within the counselling and psychotherapy professions.
- Data processor – This is anyone within Crossroads Counselling who will process your personal data for the purposes identified by the Data Controller. A description of what data is processed and for what purpose is set out below.
The legal basis for processing your personal data
- The processing of personal data is governed by the Data Protection Act 1998 (DPA) and the General Data Protection Regulation 2018 (GDPR).
Data protection principles
- The data protection principles set out under the GDPR state that personal data shall be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals;
- Collected for specified, explicit and legitimate purposes only and not further processed in a manner that is incompatible with those purposes;
- Adequate, relevant and limited to what is necessary in relation to the purpose for which they are processed;
- Accurate and, where necessary, kept up-to-date;
- Kept in a form which permits identification of individuals for no longer than is necessary for the purposes for which the personal data are processed;
- Processed in a manner that ensures appropriate security of the personal data.
- Crossroads Counselling is responsible for demonstrating compliance with these principles.
What information do we process?
- We process the following personal data belonging to clients:
- Names and titles; date of birth; name and address of GP;
- Contact details such as telephone numbers, addresses, and email addresses; correspondence;
- Where they are relevant to our work, and where you provide them to us, demographic information such as gender, age, marital status, sexuality, ethnicity, employment status, disability, income, religion, area of residence, and how you heard about Crossroads Counselling;
- Copies of receipts recording payment of fees;
- Clinical information gathered as part of the enquiry and counselling process.
How do we process your personal data?
- Crossroads will comply with its legal obligations to keep your personal data up-to-date; to store and destroy it securely; to not collect or retain excessive amounts of data; to protect it from loss, misuse, unauthorised access and disclosure; and to ensure that appropriate technical measures are in place to protect it.
- We will use your personal data for some or all of the following purposes:
- To meet our Charitable Objectives, i.e. to maintain administrative and records systems appropriate to providing a professional counselling service;
- In clinical supervision, to maintain high standards of professional practice;
- Where necessary to carry out comprehensive safeguarding procedures in accordance with best safeguarding practice;
- To seek your views and/or comments on our service;
- To notify you of appointments, cancellations, and any policy/procedural changes that will affect you as a client of Crossroads Counselling.
Sharing your personal data
- Your personal data will be treated as strictly confidential. It will only be shared with third parties where:
- You give specific permission for your counsellor to do so, to an identified person or professional;
- In exceptional circumstances when your counsellor believes there is a risk to your well-being, health or safety, or that of others. As such times your counsellor will not need your permission to pass on essential information to the relevant person(s);
- When required to do so by law.
How long will we keep your personal data?
- We will keep your personal data for five years from the date of your last counselling session. Some information will be kept in paper format only, while other information will be kept electronically – see Appendix A: Client Data Retention Schedule.
Your rights and your personal data
- You have the following rights with respect to your personal data:
- The right to be informed – Clients have the right to ask Crossroads Counselling for information about what personal data (about themselves) is being processed and the rationale for such processing.
- The right of access – Clients have the right to access the personal data about themselves being processed by Crossroads Counselling. Clients can both ask to see their personal data and to request a copy of it.
- The right to rectification – Clients have the right to ask for modifications to their personal data in cases where they believe their personal data is either not up-to-date or is inaccurate.
- The right to erasure (also known as the right to be forgotten) – Clients have the right to ask for the deletion of their data. This will generally apply to situations where counselling has ended. It is important to note that this is not an absolute right; our Client Data Retention Schedule has been devised in keeping with standards of good practice in the counselling and psychotherapy professions – see bacp.org.uk for further information.
- The right to restrict processing – Clients have the right to withdraw previously given consent for the processing of their personal data. Where Crossroads wishes to process new data we will seek new consent to do so – see section on ‘further processing’ below.
- The right to data portability – Clients have the right to ask for the transfer of their personal data, either back to themselves or to another data controller – see section on ‘data controller’ above.
- The right to object – Clients have the right to object to the processing of their personal data.
- The right to object to automated processing for decision-making – Automated processing for decision-making is not used at Crossroads Counselling.
- When exercising any of these rights and in order to process your request, we may need to verify your identity for your security. In such cases we will need you to respond with proof of your identity before you can exercise these rights.
Transfer of data abroad
- No personal data held electronically will be transferred abroad.
- If we wish to use your personal data for a purpose not covered here, we will provide you with a new privacy notice setting out the relevant purposes and processing conditions. We will do this prior to processing any new data and where and whenever necessary we will seek your prior consent to do this.
Changes to this notice
- We keep this Counselling Privacy Notice under regular review and we will inform you of any changes to it.
- Please contact us if you have any questions about this Counselling Privacy Notice, or the information we hold about you, or to exercise all relevant rights, queries or complaints. You can contact us at:
Crossroads Counselling, 144 Roman Road, London, E2 0RY
- You can contact the Information Commissioner’s Office on 0303 123 1113, via their website ico.org.uk or by post at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Counselling Privacy Notice
|Information that is kept||Where is the information kept||How long for||How is it destroyed|
|Client file: paper copies of referral form, correspondence, ICE form, counselling agreement, GDPR consent form, plus any other paperwork that identifies the client, e.g. letter of referral from outside agency.||Kept in locked cupboard in office for the duration of counselling. Once counselling has ended, file is stored in a separate locked cupboard for closed records.||5 years from date of last counselling session.||Shredded.|
|Data on anticipated & agreed fees is entered on a password protected spreadsheet kept on a computer in the office.||2 calendar years||Electronic file deleted|
|Counsellor’s notes: paper copies of client’s counselling enquiry form, assessment form, counselling notes and any other paperwork collected as part of the counselling process that has the client’s code on it but in no other way identifies them.||Kept in counsellor’s folder in locked cupboard in office for the duration of counselling. Once counselling has ended, closed notes are stored in a separate locked cupboard.||5 years from date of last counselling session.||Shredded.|
|Data on reasons for referral is entered on a password protected spreadsheet kept on a computer in the office.||2 calendar years||Electronic file deleted|
|Closure forms: two paper forms that collect summary information about a client’s counselling.||One copy is filed with a client’s closed notes (as above) & includes a summary of therapy.||5 years from date of last counselling session.||Shredded.|
|One copy is handed to Manager for data entry to password protected database kept on a computer in the office; paper file is then shredded.||5 years from date of last counselling session||Deleted from database.|
|Demographic data including: gender, age, marital status, sexuality, ethnicity, employment status, disability, income, religion, residential area, source of referral – used for statistical purposes related to fundraising/annual review.||Information collected via paper form that identifies client by code only; information entered on a password protected spreadsheet kept on a computer in the office; paper file is then shredded.||2 calendar years||Electronic file deleted|
|Database records: client’s name, date of enquiry, client code, date added to waiting list, date of assessment, number of weeks on waiting list, counsellor, date of last session, number of sessions.||Information gathered via referral form & closure form. Referral & closure forms kept as above.||As above. For clients who either do not reply, do not attend their assessment, or who withdraw from database – see data processing sheet.||Deleted from database.|
Appendix A: Client Data Retention Schedule
This schedule is devised in keeping with standards of good practice within the counselling and psychotherapy professions.