This is a privacy notice in accordance with the General Data Protection Regulation 2016/679 (GDPR), which is an EU regulation on data protection and privacy applicable to all individuals within the European Union and the European Economic Area.
Skype-counselling.com is the business name of sole trader Jonathan Dyson. I, Jonathan Dyson, am the data controller and processor for Skype-counselling.com.
The security of your data is of the upmost importance to me. Confidentiality and respect for privacy are fundamental to my therapeutic ethos and business practice. The basis on which I store client data is that of “legitimate interests”. This means that the data is necessary for me to fulfil the terms of the therapeutic contract between us (i.e. to provide therapy) and it is data that you would reasonably expect me to hold and use.
For those who enquire about therapy, the data that I hold includes any information that you have communicated to me by email/text message/answerphone message/video-platform message.
For those who book and attend at least one session, the data I hold includes:
Health data is regarded as a special category of data by the GDPR. The condition for processing this special data is that it is necessary for medical diagnosis and the provision of healthcare or treatment “pursuant to contract with a health professional”.Data is not shared with anyone, except with your permission or under rare circumstances without your permission when there is a serious and immediate risk of harm to you or someone else, in accordance with the ethical code of the British Association for Counselling & Psychotherapy (BACP).
The data that I hold is primarily used to enable me to provide therapy.
Details of where data is held:
In terms of communications, I use a secure web-based email client, 123 Reg, to send and receive emails, access to which is password-protected. Any emails sent between us are accessed from and stored on my computer and phone devices, which are passcode-protected. Email communications may also be securely archived to my Dropbox and iCloud accounts, which are password-protected.
Any text messages sent between us remain on my iPhone, which is passcode-protected. Messages exchanged within video platforms Skype and FaceTime are stored on the video platforms, which are password-protected. Please refer to the relevant privacy statement for information on how each of these companies/applications holds and processes your data. Answerphone messages are deleted immediately. Other relevant information is stored on my computer and phone devices and may be archived to Dropbox and iCloud.
My website is hosted by 123 Reg. Website traffic is monitored by Google Analytics. Please refer to the relevant privacy statement for information on how these companies hold and process your data.
Session notes are written by hand. They are not stored on any computer or phone or other electronic device. The notes are anonymised, meaning that you are identified in them only by an alpha-numeric code, which is unintelligible to anyone other than myself. The notes are securely stored in a locked filing cabinet. I do not audio-record or video-record therapy sessions.
Certain information relating to your online booking is held securely by BookingBug and by PayPal, which processes payments. I do not have access to any personal financial information such as your card payment details. For the purposes of accounting I access certain aggregated information from PayPal but it does not contain personal client data or personal financial information. Please refer to the relevant privacy statement for information on how each of these companies holds and processes your data.
If you access my services via a health insurance company, EAP or via a therapist directory you should refer to the relevant privacy statement for information on how these companies/organisations hold and process your data and what data they may request of me.
Your data is kept for seven years, in accordance with professional and business requirements. After this time any paper records are shredded and computer records deleted. Anonymised session notes may be retained for longer than this for the purposes of scientific/historical research.
If there is any breach of data security I will aim to give full details to the Information Commissioners Office and to any person affected within 72 hours of the breach and do everything within my power to minimise any potential impact.
You have certain rights with regards to the data held:
The right to object to:
This privacy statement is intended to be comprehensive and accurate under the terms of the GDPR. If you feel that this is not the case, please contact me.
10 Almeida Street
London N1 1TA