Counselling, Psychotherapy & Coaching 
 
Sudbury Road, Bury St Edmunds, Suffolk

Privacy Policy

Privacy Policy & GDPR Statement

Introduction

Anita T. Duke trading as Anita Duke Therapy (the ‘data controller’, referred to below as “I”, “me”, “my”, “mine”) is committed to complying with the terms of the General Data Protection Regulation (GDPR) and Data Protection Act 2018, and to the responsible and secure use of your data. 

I have a legitimate interest in holding and processing personal data to provide counselling, psychotherapy, and wellbeing services. The purpose of this policy is to let you know what information I collect, the reason I hold it, for how long, and your rights and responsibilities. 

What I use your information for

I hold and process any personal data provided by you in accordance with the data protection principles set out by the General Data Protection Regulation. I lawfully use your personal data to provide my services, adhere to the requirements of professional bodies, and to meet the requirements of my professional insurer: 
  • To ethically provide counselling, psychotherapy, and wellbeing services
  • To provide prospective clients with information about my services.
  • To arrange client appointments and deliver the professional services requested
  • To notify clients about changes to sessions or my services.
  • To send information or tasks relating to individual therapy sessions.
  • To seek client feedback on my services 
What information I collect

I request and process the following personal data:
  • Initial enquiry – I collect your name, contact details, availability, and requirements as necessary for a response.
  • Website – I collect your name, contact details, and stated requirement if you use my website contact form so that I can respond to your enquiry.  
  • Contact details – At our initial appointment I will record your name, address, phone number, email address, emergency contact and GP details. I require this information to provide my services, electronic billing arrangements, and should I need to summon help in an emergency.
  • Medical records – If you start therapy, I will record your date of birth, any relevant medical history you choose to disclose, and information relating to your general wellbeing. I require this to assess your needs, plan and manage the services I provide to you, and assess any therapeutic risk. I may also invite the completion of clinical assessments at intake and at appropriate stages of therapy. 
Clinical Records

I am required to keep clinical records by my professional bodies and insurer. In addition to the above, these may include copies of signed agreements, any professional correspondence written or received, copies of any risk assessments undertaken, and a record of session dates, attendance, and key focus.

In addition, I keep separate, brief session notes. I use these hand-written records as a personal ‘aide-memoire’ of presenting themes and interventions within sessions to support the ethical and effective provision of my services. Session notes are anonymised and will never contain any personal references or data. They are securely stored away from any records that do contain personal data. 

What information I share

I will not disclose your details to any person or organisation without your knowledge and consent unless for a professional or legal requirement as follows:
  • If I identify a child or vulnerable adult safeguarding issue.
  • If I perceive a serious, imminent risk of harm being caused by or to you or another person.
  • If I identify a potential national security or terrorist threat, or a potential act of money laundering or drug trafficking, all of which I am legally required to disclose.
  • If I am legally required to disclose information following court subpoena, in the act of public interest, or by other regulations to which I am subject.

How I keep your information safe

I take the security of your data seriously and take all reasonable precautions to prevent the loss, alteration, or misuse of information you provide. I will only store records relevant to your therapy. If you do not start therapy having made an enquiry, I will delete any identifiable personal details and correspondence.

I store client records for 7 years following our last contact in accordance with data protection law. After this period, any records and session notes will be securely and permanently destroyed unless an ethical reason to keep them arises. 

I take every reasonable measure to keep any electronic information shared with me secure, by using password protected applications and equipment.

All paper records are filed in lockable storage. Records containing identifiable personal data – e.g. contact forms, signed agreements and professional correspondence will be stored separately, whilst a pseudonymised coding/filing system is used for all other clinical records, medical forms and session notes.

Electronic Communications

I may send email communications in connection with my services. For ease of use and compatibility, this will not be sent in an encrypted form unless you request this. 

Email and the transmission of information via the internet, unless encrypted, is never completely secure. Whilst I do my best to keep my systems password and virus protected, I cannot take responsibility for electronic communications being virus-free, neither can I guarantee the security of information transmitted via email, mobile, text or internet messaging, Zoom, or website forms. Any correspondence shared with me electronically is sent at your risk. 

I delete text and voice messages once dealt with. Email communications, where relevant to your sessions, are stored on password protected equipment. Any copies of communications kept with session notes will have personal information redacted or removed.

Websites and Third Parties

No user-specific data is stored by my website, but I may occasionally use third party (Google or Ionos) analytics to collect anonymous data relating to user behaviour and ‘web traffic’ statistics.

My website may contain hyperlinks to other websites. I am not responsible for the content, functionality, or accuracy of these, and they are not covered by this policy. I recommend that you read the privacy policy of any website before providing personal information.

I cannot be responsible for your data or confidentiality when using third party applications, electronic banking, or card payment services. Please be aware that my name will appear on your records if paying by electronic transfer or card. If you pay by bank transfer your details will appear on my statements, which I am legally required to evidence for tax purposes. 

Changes to this Privacy Policy

This Privacy Policy is reviewed annually but may also be amended between reviews to ensure it accurately reflects how and why I use your personal data. The date this version was reviewed is shown below. The latest version of the Privacy Policy is always available via my website

Your rights and responsibilities

By contacting me through my website, a professional directory, phone, email, or any other means, it is understood that you have consented for me to contact you to discuss my services. If you then decide to commence therapy, I will ask for your consent to process and store your personal data as part of the intake process. It is your responsibility to ensure that I have your up-to-date contact and emergency information thereafter, and to notify me of any other changes to your personal information whilst in therapy. 

Under GDPR you have the right to make a request to see copies of the listed personal data I hold about you. You may also ask me to correct, update or erase the record, but there may be exceptions to this in the case of counselling records. Access requests should be emailed to anita@anitaduketherapy.co.uk using the subject header ‘data access request’. I will respond within one month. If the request could be considered excessive or subsequent copies of data are requested, I reserve the right to charge an access fee. 

If you have any concerns about my use of your personal data, please contact me directly. I will do my utmost to resolve any concerns you have. If for any reason I cannot resolve the issues, you have the right to contact the Information Commissioner’s Office (ICO) directly.  

Anita T. Duke trading as Anita Duke Therapy is registered with the Information Commissioner’s Office (Ref: ZA749898).

Policy reviewed: April 2024

Share by: