I (Mia Zielinska) am the registered Data Controller for Aruna Counselling. My Information Commissioner’s Office (ICO) registration number is ZA730798.
Any personal data you provide to me will be held and processed in accordance with the data protection principles set out in the Data Protection Act 1998 and the General Data Protection Regulation in order to provide the counselling service requested.
This policy refers to two types of personal data: identifiable information (including your name and contact details) and non-identifiable information (any information stored without identifiable information).
Personal data held
1. Identifiable information is acquired through your initial enquiry and in our first session and is held for the purpose of our ongoing communication and in accordance with my insurance company’s policy. Beyond your name, phone number and email address, further identifiable information is optional.
2. Non-identifiable information may be kept for the purpose of clinical supervision and reflection, insurance requirements, and decisions about risk and duty of care. This information is anonymised and stored separately from identifiable information.
3. Personal data collected on paper is stored in a locked filing cabinet. Electronic records are anonymised as far as is possible and password protected. My email account is powered by Microsoft, my website is powered by WordPress. I use Zoom and VSee for video sessions, both are password protected and end-to-end encrypted. Any collection and use of data by these companies is subject to their own privacy policies.
4. Anonymised financial records are kept electronically (with password protection) for tax purposes. Electronic records exist for any transactions made by bank transfer or card payment. I use SumUp to take card payment and their collection and use of data is subject to their own privacy policies.
5. In line with best professional practice and the requirements of my insurance company, personal data is kept for five years after you finish counselling or our last contact after which time it is destroyed by shredding or secure deletion. I annually check the personal data I hold to make sure everything has been deleted at the end of its retention period.
Sharing of data
1. Under normal circumstances, no information about you will be passed with anyone. This includes both identifiable and non-identifiable information.
2. In certain circumstances, I may pass on confidential information. These circumstances may include where there is risk of serious harm, if I am required by law to do so, or if I am required by a professional membership body, the ICO, HMRC or my insurance company to do so in the event of a complaint, legal action, or audit. Where possible I will first ask for your consent before sharing the required information.
3. In the event of my death or incapacitation, I have nominated a trusted colleague who will contact my current clients to support them in making alternate counselling arrangements where required.
Your rights under GDPR legislation
The GDPR provides rights for individuals such as access to information held about them, and an avenue for complaints (contact the ICO or visit their website for further information). Please contact me in advance if you would like to ask me to provide a copy of the information held by me in my records, or to correct any inaccuracies in your information. You have a right to complain to the Information Commissioner’s Office if you believe I am mishandling your data.