I understand that your privacy is important, and I will ensure that all information given to me is stored safely and only used for the purpose specified. I do not sell on any data I collect, and I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
This statement should cover any areas of concern or queries that you have, however, should you have any further queries, please feel free to email me.
I am registered with the Information Commissioner’s Office and my registration
number is: ZA840366.
I can be contacted at max@mmhlistens.com and 07823 481 030
Lawful basis for holding and using your data.
GDPR states that there must be a lawful basis for holding information.
Before counselling – when you enquire about entering into counselling, I will require
access to your basic data in order to contact you and consider you as a client. When
collecting data, this will be done by consent which can be withdrawn at any time.
During counselling – If you are having counselling with me, I will need to process your data in line with carrying out our contract.
After counselling – If your counselling has ended, I will keep a sealed copy of my
notes about you on the basis of legitimate interest but will only process it if required, for example if you ask to see what data I have on file. I also am required by my insurance to keep notes for five years after the cessation of sessions.
How I use your data
Initial contact – When you first approach me, I will take down basic information about you, as requested in my contact form. I also give you the option to give further details if you choose to. This is to ensure that I can contact you and respond correctly to your enquiry.
Basic details are kept on a password protected spreadsheet on a password protected laptop.
Should you wish not to proceed at this stage, I will delete all data within four months
of you either stating that you do not wish to proceed or not being in contact. If you
would like this to be done immediately, you can request this by email at any time and I will do it upon receipt of your request. Please note however that I do not access my emails every day, and upon receipt of your request here means when I access my emails.
During counselling – Everything that you discuss within counselling is confidential, with a few exceptions that we will discuss prior to signing the contract. These are legal and safeguarding reasons and unless prevented from doing so, I will discuss the situation with you before breaking confidentiality. As part of ethical working, I work with a supervisor. When speaking with my supervisor I will refer to you by first name or nickname (whichever you choose to use in the counselling room).
Basic details at this stage are kept on a password protected spreadsheet with a
reference number allocated to each person on a password protected laptop. Contracts and client information sheets are also stored digitally.
I keep anonymised, basic notes about sessions in a paper file kept in a locked
filing cabinet. Paper files are always either in the locked cabinet, or a locked metal file box when not in use. On these notes you will be identified only by your reference number. These notes are to ensure the smooth running of the service you are receiving and usually will only be read by me. I would only share these notes if required to do so by law or if you request that I do so.
I do not use text messaging as part of my business practice or save client telephone
numbers on my telephone. I go through and delete all unnecessary emails a month
old or older quarterly, so any email correspondence no longer required would be
deleted within four months. If necessary, I may copy some information over to your
aforementioned notes from any email sent before deleting, though this is rare.
After counselling has ended – I am required by my insurance to keep all notes for five years after the end of our contract. During this time they will not be accessed unless required by law or requested by you. I will destroy all notes and contact information within six months after the five year period has elapsed.
Website
I use WordPress as the content management system for my website, please see their data privacy notice if you require further information. The contact form on my website is run by WordPress, please see their data privacy notice if you require further information.
If you fill in use the form on my website to contact me, that data will be temporarily
stored by them before being sent to my email. Website analytics are also provided via WordPress.
No user-specific data is collected by me or any third party.
Third parties
I work using Psychology Today sessions software, SmartSurvey, and the Microsoft suite. My email and website and web forms are run through WordPress. I set all privacy settings across these to maximum security and use different passwords for everything.
I ensure as far as is practicably possible that your data is not used or processed by
third party companies outside of what is necessary for running my practice.
Your rights
You have a right to ask me to delete, limit my use of or stop processing your personal information.
You have a right to request a copy of any information about you that I hold about you and object to the use of your data in some circumstances.
You can request any of the above from me in writing by email. (Please see the section on how I use your data for further information).
More information about this can be found at ico.org.uk/your-data-matters.
I would be happy at any point to discuss with you what data I hold, what I use it for,
who it could be disclosed to and how long I will store it for as well as providing you a
copy and where necessary, helping to explain anything you do not understand or help convert it into a format that would better allow you to understand it.
You can also ask me to correct any information that I hold on you at any time.
If you have any concerns or suggestions regarding my data protection, please feel
free to contact me about this by email.
If you have a complaint about how I have stored your data, please put this in writing
and email it to me in the first instance.
If you are not happy with how this complaint is handled, you can contact ICO (the
statutory body to oversee data storage in the UK). More information about this can be found at ico.org.uk/make-a-complaint
Data Security
I take data security very seriously and make every effort to ensure that it is stored
securely. Every level of what I work with technology wise has a separate password,
all data outside of initial personal details is completely anonymised as well as password protected or stored in a locked space.
Maximillian Mustafa-Holzapfel 