Privacy Policy

I am the ‘data controller’ for my practice.  This means I hold the responsibility for the collection and safe storage of your data.

I am registered with the Information Commissioner’s Office, and you can find me in the register by entering my details as follows:

Nwabisa Ewing and Registration number: ZA797739.

I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

As a data controller of my practice, your privacy is very important to me.  You can be confident that your personal information will be kept safe and secure and will only be used for the purpose of fulfilling my contractual responsibilities to you as a Psychotherapist/Counsellor.

This policy details how I will collect data, and what I will do with your personal information from the initial point of contact through to after your therapy has ended. and your rights regarding your data.

I am happy to discuss any questions you might have about my data protection policy, and you can contact by emailing nwabisa@nempsychotherapy.com.

How will my personal information be collected?

I will collect your personal information in the following ways:  enquiries received via my website, over the telephone, video or face-to-face sessions and in writing.

Why I am able to process your information and what purpose I am processing it for?

The GDPR states that I must have a lawful basis for processing your personal data.  There are different lawful bases depending on the stage at which I am processing your data.  I have explained these below:

  1. If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information.
  2. If you are currently having therapy, or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract.
  3. The GDPR also makes sure that I appropriately look after any sensitive personal information that you may disclose to me. This type of information is called ‘special category personal information’

What is ‘special category’ information, and why do you need to process this too?

Special category information is defined by the GDPR as being information that is more sensitive than other personal information and therefore requiring higher levels of protection.

Examples of this type of information could include information about your health, race, sexuality, sex life, or religion.  In order to lawfully process special category information, I am obliged to identify a specific condition for processing it under Article 9 of the GDPR and communicate this to you.  With this in mind, the condition of the GDPR that I apply to the processing of your special category information is that it is ‘pursuant to contract with a health professional’.

This means that if you begin psychotherapy with me, or ask me to assess whether or not you are eligible for me to offer psychotherapy to you, then I will likely need to process some special category information about you.  Usually, this is information about your mental health, and I need to process it in order to fulfil my contractual obligations to you in delivering safe, effective psychotherapy.

How will my information be stored?

I will store your personal information electronically or in physically secured and lockable storage.  Personal information is stored electronically on devices that are password and/or fingerprint I.D. protected, and in files that are further password protected and only accessible by me.  Names and contact details are anonymised and stored separately from other personal information.

How will I use your information?

When you contact me with an enquiry about my counselling services, I will collect information to help me satisfy your enquiry.  This will include your name, address, contact number/e-mail address, your availability, any psychological issues that you would like to talk about, and symptoms.

Once we have agreed that psychotherapy with me is appropriate for you, and your therapy commences, I will collect further information from you. This may include goals for therapy, GP contact details, previous therapy, current medication, your support network, financial and employment circumstances, health and physical issues, alcohol and drug use, appetite and sleep, family structure, overview of your family situation, and early memories of caregivers.

It may be that your GP or other health professional may send me your details when making a referral or they may be provided by a trusted individual making enquiry on your behalf.

If you decide not to proceed, I will ensure all your personal data is deleted within one year.  If you would like me to delete this information sooner, just let me know.

How long will you store my personal information?

According to the GDPR, your personal information should be stored for no longer than is necessary. Following the termination of our contract, I will typically store your information for a minimum of 7 years to satisfy my insurance obligations and after this period your data will be securely destroyed.

While you are accessing counselling.

Please rest assured that everything you discuss with me is confidential.

I would only break confidentiality should I believe you may be at risk of harm to yourself or others, or if I am compelled to do so by a court of law.

I will always try to speak to you about this first, unless there are safeguarding issues that prevent this.

Who will my personal information be shared with?

I sometimes share personal data with third parties (for example GP or other healthcare professionals, under certain exceptional circumstances), where I have contracted with a supplier to carry out specific tasks.  In such cases, I have carefully selected which partners I work with.  Some of your personal information, such as telephone call data or payment information, is shared with the website provider, mobile phone operator, or card payment provider respectively.  These providers operate under their own privacy policies, which I will take necessary steps to review periodically and satisfy myself of their safety.  Although I will do everything I can to safeguard your data, I have little control over breaches that may happen in the hands of these third parties.

Can I receive a copy of the personal information that you store about me?

Yes. The DPA gives you the right to find out the information I store about you by requesting a copy of it in writing.  Any request that you make to obtain a copy of the personal information that I hold about you is called a ‘Subject Access Request’.  You can write to me and ask for a copy of the information that I hold about you by emailing nwabisa@nempsychotherapy.com. I will respond to your request without delay, and usually within one month at the latest.  I may charge a fee for providing this information, based on the administrative costs involved.

Can I request that you delete my personal information?

Yes. This is known in the new legislation as the Right to Erasure. You can request your personal information to be deleted, either verbally or in writing.  There may be an administrative charge for this.  I may also have the right to refuse to comply in full with your request where I need to hold your data in order to comply with my insurance terms and conditions, and I will let you know my response to your request within one month of receiving it.

Can I object or complain about the processing of my personal information?

Yes. Whilst I hope that the policy outlined above will be sufficient to reassure you of the security of your personal information, should you wish to object or complain about the way that your personal information is being handled by me, then do please feel free to communicate this to me at the earliest possible opportunity.  I will do my best to address your concerns and take steps to try and resolve whatever issues you may raise.  You can write to me directly via e-mail. Should you wish to take the matter further, please contact the Information Commissioner’s Office on 0303 123 1123 or visit https://ico.org.uk/concerns/ for more information.