GDPR Policy & Procedure

At Number 22 we acknowledge that everyone is responsible for protecting the personal data of our clients.  In order to assure this we will adhere to the following data protection principles.

We will ensure that all information is:

  • Used fairly, lawfully and transparently
  • Used for specified, explicit purposes
  • Used in a way that is adequate, relevant and limited to only what is necessary
  • Accurate and, where necessary, kept up to date
  • Kept for no longer than is necessary
  • Handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage

There is stronger legal protection for more sensitive information, such as:

  • Race
  • Ethnic background
  • Political opinions
  • Religious beliefs
  • Trade Union membership
  • Genetics
  • Biometrics (where used for identification)
  • Health
  • Sexual orientation

Your rights

Under the data protection act 2018 you have the right to find out what information we store about you and how that is used.  This includes the right to:

  • Be informed about how your data is being used
  • Access personal data
  • Have incorrect data updated
  • Have data erased
  • Stop or restrict the processing of your data
  • Data portability (allowing you to get and reuse your data for different services)
  • Object to how your data is processed in certain circumstances

Client’s Data

When we collect personal data

We collect your data, when you first log onto our system.  We take further data when you fill out our triage form.  We also write brief notes about your session, following each session.

What data do we collect

When you first log onto our system we will ask for the following pieces of data:

  • Name
  • Data of birth
  • Postcode
  • Email address (optional)
  • Phone number
  • Ethnicity
  • Gender
  • GP Surgery details
  • Key worker status

When we ask you to fill out the triage form we then ask for the following information:

  • Questions with regard to any anxiety
  • Questions with regard to any depression
  • Any drug/alcohol use
  • Any abuse you may be suffering
  • Any self-harm
  • Any suicidal thoughts

How do we use your personal data

The data we collect in the first instance is in order to contact you with appointments or any information we need to share with you.  We also use some of this data to send to our commissioners.  In this instance, the data is anonymised and is statistical data only.  We also send this data to the NHS database, in order that they can see the levels of use of the service, this again is anonymised.   The keyworker status is in order for us to prioritise someone if required.  This information will not be shared with anyone else.

The information from the triage form is in order for us to deliver the best service we can to you and understand your level of need.  This information would not be passed on, unless there was a concern for your personal safety, in which case you would be contacted, in order to secure your permission to share the information.

Counsellors also write notes about the sessions you have attended, these will not be shared with anyone else, except in situations where you give express permission for your notes to be shared with an official body.  You have the right to read your notes, should you wish.  The notes are written as a record of the session and may help the counsellor to understand the progress of your sessions.  It is also a recommendation of BACP (British association for Counselling and Psychotherapy), our accreditation body, that notes of sessions are taken.

How will we store your data

All your data will be stored in our secure cloud and then within a secure database.  All client notes are anonymised and are stored in a different part of the database.

How long will we keep your data

The information we take from you when you first request an appointment and are triaged, will be deleted three years after you cease counselling.  The notes that your counsellor writes about you will be deleted after seven years.  We retain your clinical notes for seven years, in order that you can have access to them if you should wish in the future.