top of page
Homepage
Quick Exit
Book a Free 15 Minute Introduction Call
Quick Exit

Privacy Notice

GENERAL DATA PROTECTION REGULATION (GDPR)

GDPR is a legal framework that sets guidelines for the collection and processing of personal information from individuals. This is increasingly pertinent due to the advancement and prevalence of digital technology. ‘Data controller’ is the term used to describe the person/organisation that collects, stores, and has responsibility for people’s personal data. In this instance, the data controller is me.

​

Contact details

Name: Hayley Ibbs

Telephone: 07774 804285

Email interpersonal.hub@gmail.com

​

This privacy notice tells you what to expect us to do with your personal information.

CLIENTS & POTENTIAL CLIENTS

The GDPR makes sure that I look after any sensitive personal information that you may disclose to me. This type of information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is that it is for provision of health treatment (in this case counselling and psychotherapy) and necessary for a contract with a health professional (in this case, a contract between me and you).

 

As a counsellor and psychotherapist who adheres to the BACP’s ethical framework and IPTUK Code of Ethics, confidentiality is of utmost importance to my practice. Furthermore, transparency is a key aspect of therapy and how I work, and I will discuss these aspects from the outset of all therapeutic contracts.

If you contact me but then do not start any sessions, I will remove any data within 1 month of our last contact.

​

The type of personal information I collect 

​

I currently collect and process the following information:

Your name, your date of birth, your address and contact details, and your GP information or contact information from someone you feel comfortable for me to communicate with under emergencies.

 

How I get the personal information and why I have it

Most of the personal information I process is provided to us directly by you for one of the following reasons:

  • To contact you when confirming appointments with the service and thus for your appointments.

  • Via my site for the purpose of looking at my site performance and to send you the products you have purchased.

  • To get you support if you are at risk of harm to yourself or anyone else.

  • In the event of a legal obligation such as terrorism.

  • For group-based sessions, whether therapeutic or educational, I will set clear expectations around confidentiality within the group. While I uphold confidentiality within my role, I cannot guarantee that other participants will do the same, and this will always be discussed at the outset.

Your information will only be shared as above in the cases outlined – in emergencies and where possible with your permission.

Under the General Data Protection Regulation (GDPR), the lawful bases I rely on for processing this information are:

Your consent. You can remove your consent at any time by contacting myself (via the details at the top of this document.) However, do note that I am obliged to keep my notes for 7 years from when our sessions end for insurance purposes.

You can ask me at any time to correct any mistakes there may be in the personal information I hold about you such as your name, email, phone number, emergency contacts, pronouns, etc.

 

You also have the right to request that I erase information about you, which I will do so to the furthest extent possible, allowing that I may need to retain some information about you to ensure that I am compliant with any legal requirements, or for the purposes of public safety or my own internal complaints processes.  I keep minimal information about clients to carry out my work. I conduct regular audits of the data I collect and routinely delete emails, email addresses and text messages. 

Once counselling has ended your contact records will be kept for 7 years from the end of our contact with each other and are then securely destroyed. 

 

When your information may be shared? 

Anonymised session notes are kept for supervision and auditing purposes due to my registration with the National Society of Counsellors and Psychotherapists. 

The information shared in therapy is strictly confidential. The only time I will break confidentiality and share information about you, is if I believe you are at risk of harming yourself or others, and in compliance with the following acts: The Terrorism Act 2000; Drug Trafficking Act 1994, Proceeds of Crime Act 2002 or the Money Laundering Regulations 2007; Road Traffic Act 1991; the Children Act 1989; the Serious Crime Act 2007, and the Female Genital Mutilation Act 2003. I will endeavour to share my concerns with you prior to taking any action.

 

I also share your email address with my supervisor via a secure shared google sheets document. This will only be accessed by my supervisor for the reasons of contacting you if anything happens to me and I am no longer able to offer my services e.g. death.

​

​

​

SUPERVISEES AND WORKSHOPS/TRAINING ATTENDEES

 SUPERVISEES & WORKSHOP / TRAINING ATTENDEES

​

In addition to working with clients, I also work with supervisees and individuals attending workshops, training, and group-based learning. While the nature of this work is different from therapy, I still take the same care in how personal information is collected, stored, and used.

For supervisees, the lawful basis for processing personal information is for the provision of professional supervision and the contractual relationship between us. This may include your name, contact details, professional role, workplace, and information relating to your clinical work where this is relevant to supervision. Any client material discussed within supervision must be anonymised by the supervisee and remains the responsibility of the supervisee to manage in line with their own professional and organisational requirements.

Supervision sessions may involve reflective discussion of your work, professional development, and practice. Notes may be kept for continuity and professional standards, and these are stored securely in line with data protection requirements.

For workshop or training attendees, I may collect basic personal information such as your name, contact details, and booking information. This is used for purposes such as confirming your place, sending relevant materials, and managing attendance. Where feedback is collected, this will be used to improve future workshops and services. Any feedback used publicly will be anonymised unless you have given explicit permission.

If workshops are delivered online, platforms used (such as video conferencing software) may process your data in accordance with their own privacy policies. I take reasonable steps to ensure these platforms are appropriate and secure, but you are encouraged to review their policies where relevant.

For group-based sessions, whether therapeutic or educational, I will set clear expectations around confidentiality within the group. While I uphold confidentiality within my role, I cannot guarantee that other participants will do the same, and this will always be discussed at the outset.

As with therapy, I aim to keep all information collected to a minimum, store it securely, and retain it only for as long as necessary. You retain the same rights in relation to your data, including the right to access, correct, or request deletion of your information, within the limits of legal and professional obligations.

 

 

How I store your personal information 

Email: Once I have sessions confirmed or an email requires me to send any confidential information I will use email supplied by googlemail which can allow me to use ‘confidential mode’ – meaning the email will expire after 5 years and requires a passcode to read the email or if just sending a file to update I will password protect this and let you know of the password in a separate email/text. Normal emails for arranging sessions will be sent via Google Mail via normal email and my “sent” and “inbox” emails will be deleted routinely each year.

 

Phone: I store your initials (and not your full name) and your telephone number on a sim card on my mobile phone if we choose to have contact this way. This device could be stolen or lost. My phone is locked by password, but no method is 100% secure against unlocking. I do not share your phone number with any third party. Your number is deleted off my phone once we have finished sessions. 

 

I do have my phone in the therapy space with me, however to try and avoid the device from picking up on information I have it set to airplane mode, I do not give any app permission to use microphone or be on in the background, and I use headphones for my sessions so if my phone were to pick up anything it would only be my side of our sessions. I do what I can to mitigate any information being processed, but as mentioned with technology there is no 100% secure way so it is in my best efforts.

 

Video: There is currently no verified completely secure video conferencing platform. We will meet via Microsoft Teams for therapy sessions and/or Zoom for workshops, a link will be automatically created via our calendar appointment which is secured via your Google account password and mine. 

 

Anonymised Case Notes: these will be kept on my laptop and all documents will be password protected, alongside the password needed to access my laptop. If you would like to access a copy of these notes, please make a written request to my details at the top of this document. I use Google Drive to store my notes which are password protected and 2fa secured.

I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept secure.

The data will also be covered via Googles data policies here - https://policies.google.com/privacy?hl=en-US 

 

Access through my site: The information stored is kept on Wix’s platform and so adheres to their Privacy Policy. I do keep this information on the platform so that I am able to send updates on products. If you have subscribed for blog updates or product updates your email & name is stored purely for this purpose. I delete any messages via Wix within 7 days of our last contact.

 

I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept secure.

 

The data will also be covered via Wix’s data policies found here - https://www.wix.com/about/privacy


 

WEBSITE VISITORS

Wix is a Data Processor for my site-visitor’s data. This means that Wix will only process site visitors’ data following my instructions and, on my behalf, as the Data Controller. Wix will not process my site-visitor’s data for their own benefit. For more information about Wix’s obligations as a data processor for my site-visitor’s data, see their Data Processing Agreement.

 

When someone visits my website, I use Wix.com and Google Analytics as third-party services to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone.

 

I do not make, and do not allow Wix or Google to make, any attempt to find out the identities of those visiting my website. I use legitimate interests as my lawful basis for holding and using your personal information in this way when you visit my website. I use Wix Analytics and Google Analytics so that I can continually improve my service to you. To opt out of being tracked by Google Analytics across all websites, visit this link: http://tools.google.com/dlpage/gaoptout.

 

Like most websites Wix uses cookies to help the site work more efficiently. You will be given the option to choose which cookies to opt-in or out of when you visit the site. No user-specific data is collected by me or any third party.

 

How to complain

If you have any concerns about our use of your personal information, you can talk to me about the details at the beginning of this document.

You can also complain to the ICO if you are unhappy with how I have used your data.

The ICO’s address:            

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

bottom of page