Therapy Privacy Policy
This is my privacy policy set according to the General Data Protection Regulation (GDPR). This policy informs how any personal data I collect from you, or that you provide to me, will be stored and processed.
1. How I gather your information
Information that you provide by emailing me via my website www.catemiller.co.uk, and via various therapy directories and platforms (BACP, Counselling Directory, Psychology Today, ACTO), or by phone to request further information about my counselling service.
If you contact me by email at catemiller@protonmail.com or by phone on 07842 476345
The pre-therapy questionnaire and personal information forms via WriteUpp.
Brief notes that I take of sessions
Regarding online therapy, I use VSee, Zoom Pro, Signal and Protonmail. VSee and Zoom have the ability to record sessions, which I will not use. All these platforms are securely encrypted. Any chat sessions and therapeutic email exchanges will be destroyed after therapy has finished - to be agreed by both of us.
2. Where I store your personal data
Personal data that I collect from you via any form of contact, whether email, phone or online form - will be kept securely.
The pre-questionnaire form (for online therapy), personal information form, therapy agreement and brief session notes are collected and stored on securely on a client management system WriteUpp which is a fully GDPR compliant service. This is also password protected with 2-factor authentication.
I will keep your email address and phone number on the ProtonMail app on my mobile phone. This app is end-to-end encrypted and fully GDPR compliant. I will also keep your mobile number in my Google Contacts. Google have data storage facilities inside and outside the EEA, and protected by the Privacy Shield agreement between the EU and US. These contact details will be deleted at the end of our agreed period of work.
Any electronic contact we have during the process of your ongoing sessions will be deleted from my computer and ProtonMail at the end of our agreed work together. Your phone number will be stored on my phone if we communicate via text and/or direct calling, or engage in ‘real-time‘ sessions using direct calling, VSee, Zoom or Signal, and will be deleted at the end of the counselling contract.
I use FreeAgent to invoice clients and to send receipts. FreeAgent is GDPR compliant. Your name and email address will be stored on FreeAgent servers in order for me to send invoices and receipts. I am obliged to keep financial data for the HMRC for a minimum of 6 years, so your data on FreeAgent will be deleted 7 years after the end of our counselling contract.
I may use Zettle to collect payments and send receipts during in-person sessions. If you pay by credit card, Zettle will remember your details and pre-fill your email address when you use the same payment card again. Zettle is fully GDPR compliant. I am obliged to keep financial data for the HMRC for a minimum of 6 years, so your data on Zettle will be deleted 7 years after the end of our counselling contract.
3. How long do I keep your notes for?
I will retain your pre-therapy questionnaire, agreement, contact details and brief sessions notes for as long as we are working together. Your pre-therapy questionnaire and session notes I will retain on WriteUpp and your invoices and receipts on FreeAgent and Zettle. These will all be kept for a further seven years after we end, and, with regard to the notes, in case you decide to return to therapy with me.
After 7 years as part of my ongoing commitment to your safety, your contact details, pre-therapy questionnaire and brief session notes will be securely removed from WriteUpp, FreeAgent and Zettle.
4. Your rights
You are entitled to make a subject access request (i.e. to view, amend, or delete the personal information that I hold). All requests have a month to be carried out. To contact me about anything to do with your personal data and data protection, including to make a subject access request, please use the address and contact details at the bottom of this page.
5. In the event of a data breach
I have a legal obligation to report a data breach to you and the Informations Commissioners Office (ICO) within 72 hours.
6. Disclosure of your personal information
In the event of my incapacity or death your personal contact information will be disclosed to my clinical executor of my Professional Will so that they can notify you. In the event of my death my executor will also destroy all contact information and notes on my computer.
If I am under a duty to disclose or share your personal data in order to comply with any legal obligation. For example, if I am subpoenaed to court, or as a legal requirement such as safeguarding children or vulnerable adults, terrorism or money laundering.
7. Changes to this privacy policy
I will notify you of changes I may make to this privacy policy in the future.
8. Recording consent
Your use and undertaking of the services of Cate Miller Counselling constitutes your approval and acceptance of this agreement, and you are consenting to my use, and storage, of your personal information that you have disclosed to me, as detailed above. You have the right to withdraw your consent at any time.
9. How do I contact you?
I am registered as the data controller for my private practice. My registration number is: ZA459032. To contact me about anything to do with your personal data and data protection, including to make a subject access request, please use the following details (for the attention of Cate Miller):
T: 01323 348034 | 07842 476345
E: catemiller@protonmail.com
M: Cate Miller Counselling, Suite 34, The Old Printworks, 1 Commercial Road, Eastbourne, BN21 3XQ