Privacy Notice
Data Controller: Charles Brooks. Email: charles@brooks-wellbeing.co.uk Phone: 07721 376 450
Brooks Wellbeing is a business operated by Charles Brooks and I handle your personal data in accordance with the UK GDPR/Data Protection Act 2018 (DPA 2018). I am registered with the Information Commissioners Office (ICO) as a data controller which means I both decide what data this is collected and how that data is held and used. My registration number with the ICO is: ZB323119. I take my data protection responsibilities seriously and it is important that you are aware of what I do with the personal information you trust me with. This document outlines how Brooks Wellbeing handles personal information that I hold about you and gives you information which you must be aware of under the DPA 2018.
How your personal information is collected: I collect information that you provide directly to me, including contact details, through emails and phone calls when discussing your needs. If I take referrals through a third party such as a therapy centre they may pass on limited personal information that you provide them to allow me to contact you. If you become a client, I keep anonymised written notes of your sessions, and I keep a separate assessment form which is completed in the first few sessions that includes your name, date of birth, contact details, emergency contact, GP details, relevant health and criminal offence details and the dates and times of sessions.
I keep these records to a minimum and regularly delete personal information if I have no legal or business reason for holding it. For insurance purposes I am required to keep some data for a period of 7 years after counselling/psychotherapy finishes. This means there is certain personal information about you which I hold that I cannot erase.
What type of personal information is held about you: I collect, store, and use these categories of personal information about you, which you provide directly to me for the purpose of providing counselling and psychotherapy services:
·Personal information you provide to me when you make first contact with me, such as your name and contact details.
·Personal information you provide to me if we have an introductory call before starting counselling/psychotherapy sessions.
·Personal information you provide to me in sessions and any communications between sessions if you become a client.
I may also collect, store, and use what is referred to a ‘special category’ data which is sensitive personal information you provide to me. You are under no obligation to provide this information to me. This includes information about your ethnicity, race, religion, sexual orientation, marital status, information about your current health, past medical history, and information about criminal offences.
How your personal information is used and who it is shared with: The main reason for using personal information that you provide to me is so that I can provide counselling and psychotherapy services to you under contract for purposes such as:
· Contacting you for arranging appointments and sending relevant documents.
· Keeping a diary of your appointment dates and times.
· In the event of an emergency in a session to contact your emergency contact on your behalf.
·Contacting your GP and/or relevant emergency services in certain circumstances (see further details below).
·Keeping a brief, anonymised record of each counselling/psychotherapy session.
·Understanding how special category and criminal offence information that you choose to share may affect your wellbeing and what support may be suitable.
I will never share your personal information with anyone else without your consent, except in these circumstances:
· you give your consent for me to share your information with someone else.
·you are at risk of harming yourself or others.
·there is risk of harm to a child or vulnerable adult.
· criminal activity is disclosed.
· when required by law, including a court order.
In the instances above I may contact your GP, mental health team, social services, police, emergency services or other appropriate services.
I have ethical and legal obligations that require me to share information in these circumstances, and in all the above instances I would discuss with this with you and explain who I need to contact, why, and what I would share.
· In the rare circumstances that I need to share information with legal and professional advisors for the purpose of seeking legal advice or in the context of legal action.
·I may also share information in clinical supervision with a UKCP registered clinical supervisor where I may discuss your sessions. This ensures I am practicing effectively and ethically. I do not share anything specific which could identify you.
·I may refer to the content of your sessions in assignments or examinations that are part of my professional training and accreditation. I would anonymise all information I use so that you cannot be identified.
·I may audio record sessions (with your explicit consent via a separate consent form). The purpose of this is for my supervision, professional training, and accreditation.
·Information that is used for my professional training and accreditation purposes may be seen by limited third parties involved in my training, who are professional counsellors/psychotherapists who also agree to a code of ethics and confidentiality.
·I have assigned a trusted colleague who is a counsellor that also follows a code of ethics and practice to act as an executor of my professional will. In the event of my incapacitation or death where I am unable to perform my clinical duties, they will be able to access your personal information to contact you, explain what has happened to me, offer support and signpost to other services if appropriate. This colleague can only access your data in these extreme circumstances.
I use third party services for some of my business activities, details of which are below. I set my privacy settings to share as limited data as possible with these services:
·I use Starling Business Banking while running my business and therefore by making payments to me some of your personal information will be shared with Starling and I may keep financial records. Their privacy policy can be found here: https://www.starlingbank.com/legal/privacy-notice/.
·I use WhatsApp and Signal messaging apps if this is preferred to text messages. When you use them to contact me, they may capture certain personal information about you. Their respective privacy policies can be found here: https://www.whatsapp.com/legal/ and https://signal.org/legal/ .
·I use Proton for email communication and when you contact me via email, they may capture certain personal information about you. You can find their privacy policy here: https://proton.me/legal/privacy .
·I use Zoom for introductory calls and online sessions and when using this platform, they may capture certain personal information about you. Their privacy policy can be found here: https://explore.zoom.us/en/privacy/ .
·I use Squarespace for my website, they may capture certain personal information about you and there is a cookie policy on my website. You can find their privacy policy here: https://www.squarespace.com/privacy .
·I use a Samsung phone for work which uses an Android operating system, they may capture certain personal information about you. You can find their privacy policies here: https://www.samsung.com/uk/info/privacy/ and https://policies.google.com/privacy.
·I use a work laptop with windows operating system (Microsoft), they may capture certain personal information about you. You can find their privacy policy here: https://privacy.microsoft.com/en-gb/privacystatement .
How long your personal information is stored for: I keep personal information that you provide to me for the period you are a client and for 7 years from the date of your last session, unless there is a legal, insurance of financial reason for keeping information for longer than this. I keep personal information for these periods of time for reasonable use during my business activities, this is also known as legitimate business interest. I also keep personal information so that in the event of any legal or other claim I can demonstrate that I have acted in a lawful, ethical, and transparent way.
How your personal information is stored: I store your personal information using secure physical measures (locked filing cabinets in a secure building) and secure IT systems (password protected documents, encrypted memory sticks and using up-to-date software and antivirus software).
Anonymised client notes and personal information are hand-written and stored separately from each other in locked filing cabinets. I do not store any of your personal information online apart from when you send emails or text messages which contain your personal information.
I do not keep additional online backups of your contact information, text messages, call history or emails from you. I delete your contact details from my phone/laptop after your last session. I also briefly record in the anonymised paper notes when there has been communication between us via phone, text, or email.
If you consent for audio recordings to be made of your sessions, these are stored on an encrypted memory stick, which is password protected. I also store a paper copy of your signed consent form.
These are all stored in locked filing cabinets which only I access, and your contract, client notes, personal information, and audio recordings and consent form (if applicable) are all stored separately from each other.
When I no longer need to store your information, I securely destroy physical and electronic information using suitable measures (shredding, permanent deletion using antivirus software).
Whilst I have taken all reasonable steps to ensure security and confidentiality of your data, there are minimal limitations and risks which are out of my control when using third party technology/services.
Your rights regarding your personal information: If I have asked for your consent to process your personal information you have the right to withdraw consent. However, I do not usually ask for your consent to process your personal information as I use this information to provide a service to you under a contract and for legitimate business purposes. Under data protection law and under certain circumstances you have rights including:
Right of access to a copy of the personal information I hold about you, also known as a Subject Access Request (SAR).
Right to rectification of the personal information I hold about you that you think is inaccurate. You also have the right to ask me to complete information that you think is incomplete.
Right to erasure of the personal information I hold about you, in certain circumstances where there is no good reason for me continuing to process it.
Right to restriction of processing of personal information I hold about you, including asking for restriction of processing some or all information for a period.
Right to object to processing of personal information I hold about you in certain circumstances.
Right to data portability of the personal information I hold about you so that you can receive this information in a suitable format, and you can also request I share the personal information I hold about you with another data controller.
You are not required to pay any charge for exercising any of these rights. If you make a request, I have one month to respond to you. Please contact me at charles@brooks-wellbeing.co.uk to make a request. Please be aware that I may still be required to keep some of your personal information for legal or insurance purposes.
How to complain: If you have any concerns about my use of your personal information, you can make a complaint to me at charles@brooks-wellbeing.co.uk. You can also complain to the ICO if you are unhappy with how I have used your data.
The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5A. Helpline number: 0303 123 1113. ICO website: https://www.ico.org.uk.
Last updated: 15/10/2024.