top of page

Heart to Heart Services Privacy Notice I understand how important your privacy is. I take care to maintain your confidentiality in accordance with current data protection laws (UK GDPR, DPA 2018) and the ethical guidelines of Professional Membership Bodies like NCPS or BACP. These guidelines have been set up to protect your confidential material and ensure that I always conduct myself with professionalism and integrity. In order to provide you with the best service possible, I will hold your personal contact details and brief records of your sessions with me. Please find below important information about how this information will be held and used. Your personal information Your contact information is stored securely, and password protected on my work phone and can only be accessed by me. In order to be able to fulfil my duty of care to you, in your initial consultation or first session, I will ask you for contact information of an elected Emergency Contact person. These details will be stored securely on my work phone and can only be accessed by me. This personal information will be held for the duration of your sessions with me after which it will be deleted from my work phone, unless I have a legal reason to hold it, or you continue to communicate with me. I will never pass on your contact details to any third-party organisations for the purposes of sales, marketing or research and will never use your personal data for any purposes other than the administration of the service I am providing to you i.e., to arrange, cancel and rearrange appointments and collect payment for sessions. See below for details regarding supervisory sharing. Your sessions with me Everything that you discuss with me is confidential. Confidentiality will only be broken if there is concern about your safety or the safety of someone else or I am instructed to do so by a Court of Law. I will always endeavour to speak to you about this first. During remote working I will ensure that I am conducting online and telephone sessions in a quiet, private and confidential setting. I have a selected video calling platform that offer end to end encryption to ensure maximum privacy. Please note however that I cannot be held responsible for any breaches that occur due to failures in this technology. I discuss my work with a supervisor. This is to ensure that I am offering you the best service possible. These conversations are bound by confidentiality and you will only be referred to by a random initial. I keep very brief notes of each session. These are anonymised, separated from your personal data, and stored within a password protected file on my laptop. These notes are for my use only and help to keep a track of everything that is being discussed. I only keep these until our sessions have ended and will then dispose them safely. Your communications with me All phones, tablets and laptops used to respond to your emails are encrypted, fully protected with anti-virus software and password protected. Data Usage I will only use your email address and telephone number to contact you about your appointments. I may also contact you directly via email with matters relating to our sessions. Your rights Any personal data retained by me is kept in accordance with the GDPR, 2018. Under these guidelines you have the following rights 1.The right to request access to your data You can request to view the information that I hold about you (contact details, appointment logs etc.) at any time. Should you wish to have a copy of any notes that I have taken you can make this request by emailing 2.The right of rectification At any point during your time using my service you have the right to request amendments to your contact details or session notes. This right can be exercised either by speaking directly to me or in writing. 3.The right to be forgotten Under certain circumstances, you can request that I delete and confidentially destroy the information that I hold about you and your sessions at any time. This request can be made by contacting me by email. Example Instances where I would not be able to comply with your request are (but not limited to): 1.a) It is necessary for me to retain these records in order to continue providing an effective service 2.b) I am compelled to retain these records by a Court of Law 3.c) I require these records in order to establish, exercise or defend legal claims Consent I will need a short response in writing before our first session to confirm that you consent to the storage and processing of your personal data for the purposes of providing pastoral care and listening services. Where consent would not be an appropriate lawful basis, I will use the UK GDPR basis of Substantial Public Interest, where the UK Data Protection Act 2018 provides a basis to process this under “Pastoral Care”. This is used for any special category data that I am unable to delete for legal reasons. For data that is processed under consent, you are entitled to withdraw this consent at any time and can do so by emailing me at Breaches of data protection In the event of any breach of my data protection that is likely to risk or harm to you, I will notify the Information Commissioner’s Office (ICO) within 72 hours and will seek to rectify this immediately. Raising concerns Should you have any concerns about my data protection practices, you can raise these directly with me by emailing or by speaking to me in our session. You can also notify the Information Commissioner’s Office. I am registered with ICO under the reference number ZB339865.

bottom of page