Your Potential Counselling Services (YPCS) adheres to General Data Protection Regulations 2018 (GDPR) and the Ethical Framework of the British Association for Counselling and Psychotherapy (BACP) in order to protect your personal data

Organisation and Contact Details

Your Potential Counselling Services

Who is the data controller?

The ‘data controller’ is responsible for your personal data.  Alison MacPhee is registered with the Information Commissioners’ Office as the data controller for ”Your Potential Counselling Services”.

Personal Data Collected and Lawful Basis for Collection and Processing

I collect personal data because it is ‘necessary for the performance of a contract’.

‘Personal data’ is any information about a living individual that allows them to be identified from that data.  A living individual may be identified directly using the data itself or by combining it with other information that helps to identify them.

Imay collect, handle and use the following personal data:

  • Identity data such as first name, maiden name, last name, username or similar,

title, marital status, date of birth, nationality, gender and education/work history.

  • Contact data such as address, email address and telephone numbers.
  • Transaction data such as bank account numbers.
  • Special category data such as criminal convictions, mental health conditions, physical health conditions, racial or ethnic origins, political opinions, religious beliefs and sexual orientation.

Method of Data Collection

Personal data about you is collected via direct and indirect interaction with you.  This includes email communications, text messages, telephone communications, face to face contact and online interaction with my website.

How do I hold your personal data?

Your personal data is held in messaging services (email, text and telephone) and written records (electronic or paper form). I have put suitable physical, electronic and managerial measures in place to hold your data securely.  This includes storing electronic data on designated devices and in locked filing cabinets, password protected electronic records and restricting access to your personal data to authorised individuals. Your contact details will be stored separately from any session notes. Session notes will never contain names or identifying informatiome

Whilst I will do my best to protect your personal data as described above, you are strongly advised never to leave telephone messages for us or send text messages or emails to me that contain personal data of a sensitive, intimate, confidential or financial nature since the transmission of data via electronic devices and services can never be guaranteed to be completely secure.

How do I use your personal data?

Your personal data is only used to provide professional services to you and to fulfill my professional and legal requirements as outlined below.

Do I share your personal data?

I may need to share your personal data with third parties, such as banks and email service providers so that I can carry out my responsibility to you and they can carry out their responsibilities to me.

There may be some circumstances where I am required to share your personal data with health and statutory bodies, such as your GP, the Police or Social Work Services.  I may do so in the following circumstances:

  • Where I need to carry out my legal obligations.
  • Where it is needed in the public interest.
  • In relation to public claims.
  • Where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
  • Where there is an immediate risk of significant harm to you or others.

Where possible I will discuss this with you first and seek your explicit written consent.  In circumstances where informing you of my need to share your personal data with other organisations may place you or someone else at risk of significant harm, then I may share your data without your knowledge or consent, if permitted by law.

In order to adhere with the Ethical Framework of the British Association for Counselling and Psychotherapy (BACP) I have a professional requirement to have regular clinical supervision.  This involves reviewing my casework with a supervisor and aims to ensure that my practice is safe, appropriate and effective.  The supervisor will only know you by your first name and is bound by the Ethical Framework of the BACP.  This means they must store your personal data securely and respect your right to confidentiality and privacy.

If you have any questions, wish to exercise any of your rights or wish to raise a complaint about how any party has collected, handled or used your data, other than with the Information Commissioner, you should do so directly with the data controller (Alison MacPhee).

How long do I hold your personal data for?

I will only retain your personal data for as long as necessary to fulfill the purposes I collected it for after which time it will be deleted or securely destroyed.  When considering how long to retain your personal data, I will consider:

  • The amount, nature and sensitivity of your data.
  • The potential risk of harm from unauthorised use or disclosure of your data.
  • The purposes for which I process your data and whether I can achieve those purposes through other means.
  • Any potential or actual disputes.
  • The need to satisfy legal and professional requirements.

In normal circumstances unless requested by you, I will not retain your data longer than 6 months after your last meeting with me.

What are your legal rights relating to your personal data?

You have the following rights with respect to your personal data and can exercise any of the rights listed below.   In order for me to process your request you will need to provide proof of your identity when exercising your rights.  This is so I can ensure that your personal data is not disclosed to any person who has no right to access it.

1) The right to access personal data I hold on you.

You can contact me at any point to request the personal data I hold on you and to establish why I have that personal data, who has access to the personal data and where I obtained the personal data from.  Once I have received your request I must respond within one month unless certain circumstances apply.  There are no fees or charges for the first request, but additional requests for the same personal data may be subject to an administrative fee.

2) The right to correct and update the personal data I hold on you.

If the data I hold on you is out of date, incomplete or incorrect, you have the right to inform me and your data will be updated.  You may need to provide evidence to show that the new data you are providing is accurate.

3) The right to have your personal data erased.

If you feel that I should no longer be using your personal data or that I am unlawfully using your personal data, you have the right in certain circumstances to request that I erase the personal data I hold and I will delete that data or explain the reason why it cannot be deleted (for example because I need it for to comply with a legal obligation).

4) The right to object to processing of your personal data or to restrict it to certain purposes only.

You have the right to request that I stop processing your personal data or, in certain circumstances, ask me to restrict processing it.  Upon receiving the request I will contact you and let you know if I am able to comply or if I have a legal obligation to continue to process your data.

5) The right to data portability.

You have the right to request that I transfer some of your data to another controller. I will comply with your request, where it is feasible to do so, within one month of receiving your request.

6) The right to withdraw your consent to the processing at any time for any processing of data to which consent was obtained.

You can withdraw your consent easily by telephone, email, or by post (see Contact Details below).  However, this will not effect the lawfulness of any processing carried out before you withdraw your consent.  If you withdraw your consent to the processing of your personal data, I may no longer be able to provide services to you.  I will advise you of this at the time you wish to withdraw your consent.

7) The right to lodge a complaint with the Information Commissioner’s Office.

If you would like to exercise your data protection rights or if you are unhappy with how I have handled your personal data, then please feel free to discuss your concerns with me or put your complaint in writing and send it to me using the details set out above.  This will help me to try to resolve any issues quickly and to your satisfaction so that I can maintain our working relationship.

However, if you are unhappy with my response or believe my processing does not comply with data protection law, you have the right contact the Information Commissioners Office on 0303 123 1113 or via email or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

Changes to this notice

I keep this Privacy Notice under regular review and will place any updates on this web page

This Notice was last updated in August 2019.