Updated August 2020
My policy complies with the EU General Data Protection Regulation (GDPR) which came into effect on 25 May 2018 and to the Swiss Federal Act on Data Protection of 19 June 1992. I take very seriously the need to protect your personal information and this policy represents my ongoing efforts to be transparent about the way in which I collect information, what information I collect and why, and what your rights are in relation to your personal information.
Transparency: In order to work as a counsellor, I am legally and ethically required to collect and store some of your personal information. According to the Code of Ethics of the American Counseling Association and the Ethical Framework of the British Association of Counsellors and Psychotherapists, I am required to keep “adequate records” which are “adequate, relevant and limited to what is necessary for the type of service being provided”.
Why do I collect data? The legal basis for processing data: According to the GDPR, I am legally entitled to process this information because we have formed a ‘contract’, i.e. an agreement about how we wish to work together, or because you have reached out to me and indicated an interest in potentially entering into a contract.
What information do I collect? I collect your name, contact information (postal address, email address and telephone number), your preference for receiving information by email, phone or text, your date of birth, emergency contact information, and the name and contact details for your doctor. I also keep counselling records which I am legally and ethically obligated to do. I disclose information to third parties only with your consent or where legally or ethically justified (see my informed consent policy for more information).
How do I store your data? I use an email system which allows for encrypted messages and a secure digital platform for data storage which is end-to-end encrypted, ISO27001 certified and password-protected. I also anonymize the data I collect as much as I am reasonably able to.
Your control of your personal data:
- Your personal information will be held and processed until you withdraw consent.
- You have the right to have your information erased and the ‘right to be forgotten’ (when considering these requests, these rights are obligatory unless it is information which I have a legal duty to retain).
- You have the right to request access to the personal information that is held. I am legally obligated to respond within 30 days.
- You have the right to have your personal data corrected.