Third-party data handling and client confidentiality

The following summarises FTCC’s policies on data handling for third party information, and client confidentiality. Note additionally that FTCC psychotherapy practitioners work within and are bound by the ethical policies of both the UKCP and BACP, and all practitioners are subject to annual DBS checks.

Dealing with personal information

FTCC takes the security of third-party data very seriously. Any information held will be kept safe and secure and will only be used for the purpose it was given. FTCC adheres to current UK data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the ‘GDPR’), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. 

The GDPR states that there must be a lawful basis for processing personal data. There are different lawful bases depending on the stage at which data is processed.  These are:

  • Legitimate interest - applicable both before and after the end of therapy, for instance for those service users (clients) and other interested parties who subscribe to FTCC’s mailing lists, to record historical financial transactions with service users, etc.;

  • Performance of the contract - applicable during therapy, to ensure that the service contracted for is delivered.

For potential clients and other interested parties who subscribe to FTCC’s mailing list, email addresses are stored. Individuals receiving FTCC’s updates retain the option to unsubscribe at any time. The following types of information are retained about clients in particular:

  • Name, email address, telephone number - these are collected when the initial session is arranged, or at the first session;

  • Address, payment details (if applicable) - these are collected at the first session;

  • Signed contract - this will be scanned and stored electronically (see below), with all paper copies securely shredded;

  • Notes on risk - FTCC keeps minimal notes on sessions only pertaining to risk (e.g. potential of threat to life of client or others, etc.).  These notes are brief, anonymised and stored electronically (see below);

  • Written communications - including introductory letter sent to the client (stored electronically), and any text messages exchanged with the therapist.

All third-party data is stored securely on FTCC’s user-specific, password-protected 3rd-party cloud-based computer servers.  No personal information relating to clients is downloaded and stored on electronic devices, with the exception of the client’s telephone number and any text messages exchanged with the therapist that are recorded on the therapist’s password-protected telephone.

The client’s personal information is retained for a period of 3 years after the cessation of therapy in order to comply with UKCP ethical guidance with respect to the handling of complaints.  After this date, all data that does not pertain to financial aspects will be deleted, with the exception of email addresses if the client has subscribed to FTCC’s mailing list.  Data relating to financial aspects (e.g. invoices raised and settled that would refer to the client’s name and address) are retained indefinitely within FTCC’s secure, user-specific, password-protected, 3rd party accounting system.

Third-parties have the right to ask that:

  • Their personal information is deleted;

  • The use of their personal information is limited;

  • The processing of their personal information is stopped;

  • They have a copy of their personal information.

Requests are to be made via email to FTCC at info@farahtherapycentre.co.uk.  The client can read more about their rights at ico.org.uk/your-data-matters.  Additionally, complaints on the handling of personal information can be made to the therapist, to FTCC at the above email address, or the Information Commissioner’s Office (ICO, the statutory body that oversees data protection law in the UK) at ico.org.uk/make-a-complaint.  FTCC is registered with the ICO, registration number ZA557372.

Client confidentiality

The service offered is entirely confidential between the therapist and client, with the exception of the following:

  • Confidentiality may be broken at the client’s request;

  • Therapists may discuss important issues regarding the client’s treatment with their clinical supervisor (a suitably experienced and qualified psychotherapist) to ensure robust clinical oversight and to provide the best possible service to clients.  Any such discussions omit personally-identifiable details, and the supervisor is nevertheless equally bound by confidentiality;

  • If the therapist has reason to believe that the safety of the client or someone else is at risk they may involve the relevant authorities.  This is particularly the case if a child or vulnerable adult is deemed to be at risk of harm.  If at all possible the therapist will seek to discuss any such disclosure beforehand with the client;

  • The therapist may break confidentiality if required to do so by law or on the order of the court.  Explicitly, if the client discloses to the therapist conduct related to terrorism, drug trafficking or recent instances of driving under the influence of drink or drugs, the therapist must disclose this to the relevant authority;

  • In the case of an unforeseen incident occurring to the therapist such that they are incapacitated, another colleague from FTCC will gain access to the client’s contact details in order to inform them of the situation and potentially make alternative arrangements for therapy.