top of page

Privacy Policy

 

1. Data Controller

The data controller is Caroline O'Gorman, Counsellor.
You can contact me regarding your data via email at cogcounselling@proton.me

 

 

2. What personal information do I collect and how do I collect it?

The information you provide in an initial inquiry will be used to respond, and to potentially arrange an initial consultation.

 

Data Retention for Initial Inquiries: For prospective clients who inquire about my services but do not subsequently enter into a therapeutic contract, personal data (including contact details and correspondence) will be retained for a maximum of 3 months from the date of last contact. After 3 months, this data is permanently destroyed.

 

If we enter into a therapeutic contract,  I will request some further details. I will retain the details you provide so that I can provide you with a safe and professional counselling service.

The data that I hold will include:

 

  • Your name, email address, and contact number

  • Your GP's name and contact details 

  • Medical information, counselling history, counselling goals

 

N.B. If any of this information changes whilst you are receiving counselling from me, then please inform me.

 

I will record brief notes of our sessions. This is so that I can keep track of progress, as well as serving as a reminder of what was discussed in sessions.

 

3. Why do I Collect this Data?

I retain your contact details so that I can communicate with you regarding appointments and the counselling service I provide.

I need to know of any medical conditions that you have so that I can be aware of anything else happening in your life which may impact on our work together, and what I can do to keep you safe. I will also ask for details of any medication that you are taking so that I am aware of how this may impact a session.

 

I need to retain your GP's contact details in case I become concerned about your welfare.

 

4. What Is the Legal Basis for Processing Your Information?

The legal basis under UK GDPR for processing your personal data is “legitimate interest” (Article 6(1)(f)), as it is necessary for me to provide a counselling service.
The legal basis for processing any special category data (such as health-related information and counselling notes) is Article 9(2)(h): “processing is necessary for the provision of health or social care or treatment.”

 

 

5. Where do I keep your information, and how is it kept safe?

I use a computer that is password protected.

I use Microsoft Excel to record brief details of every counselling session. In these records, your identifying details are not used. I protect your data by using a random pseudonym to replace your name. Any other identifying information shared in the session (e.g., place names, names of family/friends) will also be given random pseudonyms. These Excel files are encrypted.

Records of transactions are kept on a formatted Microsoft Excel spreadsheet. This is for the purposes of accounting.

My email account is protected. I may delete emails and texts after I have noted their content (for example, emails around scheduling). Any emails that I consider necessary to keep are held securely.

My phone is PIN protected and is not shared with anyone else. This mitigates the risk of anyone accessing records of mobile communication.

6. How long do I keep the information?

I retain counselling records, session notes, and associated personal information for five years after the end of our therapeutic relationship, in accordance with the requirements of my professional indemnity insurer.

7. Confidentiality

I will need to discuss content of our sessions from time to time with my supervisor. These supervision sessions take place for the purpose of ensuring that I am providing the very best service to my clients. During these supervision sessions, I may refer to you by first name. If you are not happy with this, then we can discuss a pseudonym that you would be happy with.

   My duty of confidentiality has limitations, and there are circumstances where I may be legally or ethically required to share information with relevant agencies. Where possible, I will discuss this with you beforehand; however, your consent may not be required. 

The circumstances in which I will need to break the confidentiality agreement are explained below:

  • Prevention of serious harm to the client or to others – Should I have serious concerns about your immediate safety or the safety of others, I may discuss with you sharing this information with relevant professionals (i.e. your GP or the police). 

  • When I am required to do so by a Court order. If you divulge involvement in or knowledge of, an act of terrorism, money laundering, drugs trafficking, or substantial profiting from proceeds of crime.

  • Where there are safeguarding concerns and a child or vulnerable adult is currently at risk of harm, or where there is a legal obligation to share information.

 

8. Your data protection rights

Under data protection law, you have rights including:

  • Your right of access - You have the right to make a Subject Access Request (SAR), which will enable you to obtain a copy of the information I hold about you. A SAR can be made by contacting cogcounselling@proton.me.  I will respond to your request without undue delay and within one month of receiving it, unless an extension is permitted under data protection law.  A SAR will be free of charge in most cases. However, if meeting this request will take up an excessive amount of time/resources, then a charge will be incurred. In line with ICO guidelines, charges will only be made if a request is manifestly unfounded or excessive.

  • Your right to rectification - You have the right to ask me to rectify information you think is inaccurate or incomplete. 

  • Your right to erasure - You have the right to ask me to erase your personal information in certain circumstances.

  • Your right to restriction of processing - You have the right to ask me to restrict the processing of your information in certain circumstances.

  • Your right to object to processing - You have the right to object to the processing of your personal data in certain circumstances.

  • Right of portability – You have the right to request that I transfer the personal data you have provided to another organisation, where this right applies.

You can read more about your rights at ico.org.uk/your-data-matters.

9. Data protection complaints

If you have concerns about how I have collected, stored, used or shared your personal information, you have the right to make a data protection complaint directly to me.

You can submit your complaint by email to cogcounselling@proton.me or by submitting a data protection complaint form here: https://www.carolineogorman.com/data-protection

I will acknowledge your complaint within 30 days of receiving it and will investigate and respond without undue delay. I will keep you informed of the progress of my investigation and explain the outcome.

You can contact the Information Commissioner’s Office at www.ico.org.uk if you remain dissatisfied with my response.

 

10. Third-Party Applications

My website and any other social media channels may contain links to other third parties.  When you correspond with any third parties referenced, they hold responsibility for any interactions you have with them. I recommend that you consider the privacy statements of other websites and applications, to make sure you understand their individual policies.

 

I cannot be held responsible for any social media channels which may contain links/references to other websites that are not covered by this policy.

bottom of page