General Data Protection Regulation information

This is information on how Newday Counselling service addresses the protection of your information.

Terry Shevlin is the Data Controller and is registered with the Information Commissioners Office.

  1. Data is held in the following format by me in respect to clients’:
  • a.Electronically on my ‘I’diary. This is only the name and/or email address of a client only for booking sessions and consulations, and it’s not linked to any other information.
  • b.Mobile and/or landline numbers for the purposes of contact.
  • c.Email addresses for the purposes of contact.
  • d.Hand written details of address/G.P. address for the purpose of contact in an emergency or to send out agreed information by post.
  • Legal basis for holding information
  • I hold information for 2 of the possible 6 lawful basis cited by GDPR:
  • a. Consent– ie with your express written agreement
  • b. Legitimate interest– for the reasons below-
  • Hand written ‘process notes’ of our sessions to remind me of themes and interventions that we used in session.  This is aimed to provide the best therapy possibly.
  • Your name for phone/calendar / email to enable appointments scheduling/cancellations and other contact that ensures you receive the best service.
  1. I will only share information with someone else about you under circumstances as outlined in the confidentially part of our working agreement (e.g. immediate risk of substantial harm to self or others; or under a legal requirement, e.g. terrorism, drug money laundering; or via court order for disclosure)
  2. I will destroy process notes and details after 7 years by incineration. This is deemed to be a reasonable period by my professional body BACP, and allows for continuity of client returning for further therapy and/or issues arising from therapy ie legal proceedings.

Under data protection law, i.e. you have the right to access a copy and explanation of their personal data:

to request correction or erasure, in certain circumstances

to request limiting or ceasing data processing, where applicable

to compensation for substantial damage or distress caused by data processing, where applicable ( ie where data is inappropriately/carelessly shared to others without your knowledge.