Privacy Policy | Prioritize Your Privacy - Get Support Today — MINDS & SOLES Rachel Sheppard Counselling, Hypnotherapy and Reflexology in Reading, Berkshire

Confidentiality and Data Protection

‍Your privacy is important to me and I want you to be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me, for the facilitation of therapy services. I take care to ensure confidentiality in line with current data protection legislation including General Data Protection Regulation (EU/2016/679) (GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications (EC Directive) Regulations 2003. I am a member of the National Counselling and Psychotherapy Society (NCPS), the National Hypnotherapy Society and the Federation of Holistic Therapists and operate within the ethical guidelines of these governing bodies. Their guidelines have been set up to protect your confidential material and make sure as your therapist I work within professional boundaries, with integrity and with the clients’ interests as a priority and that I only work within my level of competence. I hold full insurance covering the services I provide.‍ ‍

This privacy notice tells you what personal data I gather from the initial point of contact to after your therapy has ended, for what purpose, how it is used and how long it will be stored for. This policy also tells you of your data protection rights.‍ ‍

What information I collect, use and why

To communicate with you and help provide you with the best possible service, I gather personal information from you. When I receive your initial enquiry, I will collect information to help me acknowledge and process your request. This may be via the therapist search facility of directory platforms such as Counselling Directory or Psychology Today or the websites of my professional memberships or directly through my own company website. This will include your name and contact details such as email or phone number, which can be useful if I am unable to attend one of our sessions at short notice due to unforeseen circumstances. Some contact forms may also ask for a brief outline of the support you are looking for. ‍ ‍

In our first appointment I will also collect further information via a ‘client information form’ which will include details of an emergency contact and/or GP for your safeguarding and some optional questions about you, your history and overall health along with any preferences such as primary contact method. Your attendance in therapy sessions is confidential and I will only contact your GP or emergency contact when deemed necessary, details are further below under the confidentiality section. Should this arise, I would discuss with you beforehand wherever possible.‍ ‍

I may from time-to-time work with third party therapy platforms which connect users with therapy services i.e. Employee Assistance Programmes (EAP) or introducers who will refer clients to me for mental health services. All data received from these platforms is treated the same as data collected from a client directly.‍ ‍

To comply with GDPR, all gathered data is kept private, held securely and processed in a way you have agreed to. All our communications, including your consent and contract form part of your clinical record. Documents/records including any handwritten notes I may take in our session are kept in a locked cabinet, any digital records are securely held on a PIN protected computer. ‍ ‍

I will never use your personal data for any purposes other than the administration of the therapy service you are contracting with such as arranging or re-scheduling appointments or for sharing any resources relevant to our therapy work. I will never pass on your contact details to any third party organisations for the purposes of sales, marketing or research.

‍My lawful basis for holding and using your personal information

‍The GDPR states that I must have a lawful basis for processing your personal data. While you are considering starting or currently undergoing therapy sessions with me, I will collect and store your personal data where it is necessary for the establishing and performance of our contract. GDPR also makes sure I look after any sensitive personal information that may be disclosed during our sessions together under ‘special category personal information.’ The lawful basis for processing any special category personal information is for the provision of health treatment (in this case therapy sessions) and necessary for a contract with a health professional (in this case, a contract between me as ‘therapist’ and you as ‘client’). If you have had therapy sessions with me which have now ended, I use legitimate interest as my lawful basis for processing your personal information, for example any financial transactions information such as invoicing or payments will be legally required for tax or accounting purposes.

‍Who I share personal information with / duty of confidentiality

I prioritise your privacy and the confidentiality of your personal information and I understand the importance of providing a safe and trusting environment for open and honest communication. I adhere to the strict ethical and legal guidelines of my membership governing bodies.‍ ‍

Everything discussed during your therapy sessions will be kept strictly confidential and to endeavour to maintain confidentiality, if we meet outside of a therapy session I will not engage with you unless you do so first. ‍‍

Confidentiality will only be broken if there are legal or ethical concerns as below:‍ ‍

Harm to self or others - If I believe that you are at risk of harming yourself or others, I may be obligated to break confidentiality, contacting your emergency contact or GP, or the Emergency Services.
Legal Requirements - If you disclose engagement in activities of an unlawful or illegal nature such as money laundering, acts of terrorism, drug trafficking etc I have a legal duty to inform the appropriate authorities immediately. I am also legally bound to share information when required to by a court of law.‍ ‍

In the event that confidentiality must be broken, I will always try to speak to you about this first, unless there are safeguarding issues that prevent this.‍‍ ‍

Additionally, I have a process in place called a Clinical Will - This will be implemented should I die suddenly or take seriously unwell and am unable to contact you myself. I have a secure process in place for another qualified therapist who is bound by the same confidentiality and ethical framework to access and retrieve your contact details to let you know my situation and to maintain the protection of your personal data.‍‍‍ ‍

Please also note, to comply with my governing bodies codes of ethics, all therapists are required to attend supervision sessions with another qualified therapist which includes discussing client sessions to ensure the quality of our services and working within the ethical framework and in the best interest of the client. During these discussions your identity will be kept anonymous to maintain your confidentiality and my supervisor is also bound by client confidentiality and data protection.‍‍ ‍

How long I keep your personal data ‍

There are reasons why therapists are required to keep records after therapy has ended such as financial for tax or accounting purposes or if I am compelled to retain the records by a court of law. Retaining your therapy notes also ensures I can continue to offer you an efficient service if you return to therapy after your previous sessions have finished. Any records are stored for 7 years after sessions have finished, in line with industry guidelines, at which point they are securely destroyed. All data for both current and former clients is kept under the same confidentiality and security process until they are destroyed.‍ ‍

Website Data‍ ‍

My website is hosted by Squarespace.com who collect standard internet log information and details of visitor behaviour patterns such as number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. I do not make or allow Squarespace.com to make any attempt to find out the identities of those people visiting my website. By accessing my website you are consenting to this. Should you choose to contact me using the contact form on the website none of the data that you supply will be stored by the website or passed to any third party data processors. Instead the data will be collated into an email and sent to me over the Simple Mail Transfer Protocol (SMTP). SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted before being sent across the internet. The email content is then decrypted by local computers and devices.‍ ‍

The website uses cookies and Google Analytics. Almost all websites use cookies which are small files that get put on your computer by websites as you surf them. These cookies can store lots of information which can have privacy implications. Google Analytics is a service provided by Google that gathers anonymous data on how people are using websites and then provides visitor statistics, details of page views etc. This service is used by many website owners as the data helps website owners to improve their websites.‍ ‍

Some website page elements may be embedded from trusted third parties in order to provide you with Interactive Maps. This makes the website more helpful to you as a site visitor however most of these come with their own cookies. This applies to Google Maps. I do not control these cookies so I cannot guarantee what they do. In many cases the cookies are used to generate identical information to Google Analytics and indeed use Google Analytics, so opting-out of Google Analytics will also opt you out of these cookies too. You can opt out of Google Analytics and other Google services here – http://tools.google.com/dlpage/gaoptout and https://www.google.com/dashboard/

‍Your rights‍ ‍

Under GDPR 2018 guidelines you have the right to be informed if your personal data is being collected, for what purpose, how long it will be stored and who will see it. You have the right to consent and be given an ongoing choice and control over how your data is used and the right to withdraw consent at any time. You have the right to request access to the personal information that I store and process about you and can ask for corrections to be made or for your personal information to be deleted. Your request can be made verbally or in writing and I have one month to respond.‍ ‍

How to Complain‍ ‍

Data controller is the term used to describe the person or organisation that collects, stores and has responsibility for personal data. In this case the Data Controller is Rachel Sheppard and I am registered with the Information Commissioner’s Office (ICO) which is the statutory body that oversees data protection law in the UK. My registration number is ZB903344.‍

If you have any concerns about my use of your personal data, you can make a complaint to me in the first instance, using the contact details on this website.‍ ‍

If you remain unhappy with how I have used your data after raising a complaint with me, you can also complain to the ICO, contact details below:

Information Commissioner’s Office‍

Wycliffe House‍ ‍

Water Lane‍ ‍

Wilmslow‍ ‍

Cheshire‍ ‍

SK9 5AF‍ ‍

Helpline number: 0303 123 1113‍ ‍

Website: https://www.ico.org.uk/make-a-complaint‍ ‍

Changes to privacy notice‍ ‍

This privacy notice may be updated/amended from time to time, please make sure to check occasionally for any changes

‍ ‍