On this page you will find both information on how I handle personal data, and the privacy notice on using this website.
GDPR information for Andrew Mickel Counselling
I take data privacy very seriously and this privacy notice states how I collect and process personal data and the rights you have.
Your personal data is processed in line with GDPR; for GDPR purposes, I, Andrew Mickel, am the data controller.
What information will I collect?
After initial contact, I will collect your name, contact number and email address.
If we go on to work together, I will collect your address, date of birth, bank account details, and any other personal and sensitive information which you share in our sessions in my notes.
How is this information stored and why do I have it?
Your email address is held in my email account for contact concerning appointments; I will not contact you for any other purpose.
The personal details on your contract are kept on an encrypted computer and USB stick which only I have access to.
Notes based on our sessions are kept in a pseudonymised format (meaning they do not include your name or identifying details) in a password-protected file on an encrypted computer and USB stick which only I have access to. This information is used to support our work together. The same applies to a log of attendance.
Your name will apply on my bank statements. This will be kept on an encrypted computer and USB stick which only I have access to. This is a legal requirement.
What is the legal basis for storing and processing this data?
GDPR has specific categories for the lawful basis of storing and processing data, and there are two in particular which are relevant for our working. You provide consent by reading and signing an agreement if we work together, and we have a contractual basis for me to hold the information so I can deliver counselling services to you.
Do I share your personal data?
Our work is broadly confidential, but there are very specific exceptions.
Supervision and clinical will
All practising therapists are required to discuss their client work with a supervisor, who also works in a confidential manner.
In the event of my death or becoming incapacitated your name and contact details will be shared with a colleague via a clinical will. This is to enable them to let you know the situation and to discuss counselling options going forward.
Legal obligation and duty of care
It may become necessary during our work together for me to break confidentiality for safeguarding reasons (such as serious harm to self or others), and I am legally required to disclose information on acts of terrorism, drug trafficking or money laundering. The personal data shared will be adequate and proportionate.
I may be required to share information in your notes if I am issued with a court order.
How long do I keep your information?
If you choose not to continue with counselling: after the initial session your information will be disposed of two weeks after as confidential waste.
If you choose to continue with counselling: I keep information for five years after your last session in line with the requirements of my professional insurance.
Your rights under GDPR
the right to be informed: to know how your information will be held and used.
the right of access: to see your record of your personal information, so you know what is held about you and can verify it. You can also let me know if you would like to see our session notes and we can go through them in our next session.
the right to rectification: to tell me to make changes to your personal information if it is incorrect or incomplete.
the right to erasure (also called “the right to be forgotten”): for you to request any information held by me to be erased, but please note this will not include anything I am legally obligated to keep, including session notes, before the time periods outlined above.
the right to restrict processing of personal data: you have the right to request limits on how I use your personal information.
the right to data portability: under certain circumstances you can request a copy of personal information held electronically so you can reuse it in other systems.
the right to object: to be able to tell me you don’t want them to use certain parts of your information, or only to use it for certain purposes.
rights in relation to automated decision-making and profiling: I do not use such systems so these rights are not relevant here.
Concerns and questions
If you have any concerns you can get in contact via email@example.com and 07428 338931. You can find out more about your data rights at: www.ico.org.uk. If your complaint is not resolved to your satisfaction you can contact the Information Commissioner’s Office at: www.ico.org.uk/concerns/handling or 0303 123 113.
Website privacy statement
This is additional information about data collection when you use this website.
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology. For further information, visit allaboutcookies.org.
Personal Information from your device is collected such as geolocation data, IP address, unique identifiers (e.g. MAC address) and other information which relates to your activity through the site.
You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
My website host Wix collects behaviour patterns of website visitors. This does not identify individuals but shows me the number of site visits, number of specific page views, and the type of device used eg mobile, desktop, laptop.
Website contact me button
No information from the contact me button is stored by the website.
I use the personal data of your name and email address for correspondence with you regarding your enquiry about my services. I only retain the information for the period we are in correspondence and then it is deleted as confidential waste.
I use Zoho Mail, including when responding to website enquiries. Their servers are based in the EU and they meet GDPR standards, as set out here: https://www.zoho.com/gdpr.html.