It is important that you understand how I collect and store your data if we work together. As part of the counselling process you will need to sign your counselling agreement with myself and I will ask for your explicit consent that your information is handled in this way.
As a Member of BACP I abide by their Ethical Framework for the Counselling Professions, as a Member of COSRT I abide by their Code of Ethics and Practice and as a Member of ACTO I abide by their Professional Conduct & Code of Ethics (these documents can be provided to you on request). This means that I agree to keep accurate records that are adequate, relevant and limited to what is necessary for providing a counselling service while being able to meet the legitimate reasons for passing information on in exceptional situations.
Who I am
I am Adil Qureshi and my contact details are below:
Mobile: +44 (0)759 2082 508
What personal data I collect and why I collect it
I collect two types of personal information from clients. Person contact details which allow me to identify you so that I can invoice/receive payment for my services, contact you to arrange sessions, notify you of any changes to our agreement and for the purpose of meeting any legal obligations.
The second type of data I collect is session information is a brief account of what took place during our contact, though you choose email or instant messaging therapy, this will be a record of our entire conversation.
Session information data is stored in a separate encrypted documents from your person contact data. This is so I can reduce the potential risk of harm to my clients in the event of a data breech. I do this by providing each client with a randomised number and using your initials which link your data together. This means that session information does not include any of your personal contact details.
Your session(s) will usually be a pre-arranged counselling session (by video/webcam, instant messaging, audio only or email). Though if we meet outside a scheduled appointment – such as meeting each other in a shopping Centre then I will also record this.
The type of person contact detail I collect are:
- Email address
- House address
- Telephone number(s)
- Date of birth
- Registered GP and/or Psychiatrist (their name, address, email, telephone)
- Emergency contact details (their name, address, email, telephone)
- Each session date, time and type
- The signed and completed counselling agreement and pre-assessment form (which covers details such as, price, confidently, data protection and what brings you to counselling).
The type of session information I collect are:
- The number of the session (i.e. 1st, 5th, 20th, etc.)
- Our mode of communication (i.e. video, instant messaging, email or audio)
- Key themes discussed in session
- Any specific recommendations I made or information I requested
- Any safeguarding concerns
- In the event of email or instant messing sessions, a copy of your email(s) and/or instant message(s) and my reply (replies).
- In the event of an unplanned meetings, any notes that are relevant to that encounter.
Who I share your data with
Counselling is a confidential service and I will respect the boundaries of this confidentiality for prospective, current and past clients. This means that I will not share contact, contract (including pre-assessment form) and session details with another person. I will not tell another person besides by supervisor content of our sessions or the fact that you are receiving counselling.
There are a few situations where it may be necessary to share information I hold about you with another person. Examples of these situations include:
- Where there is a legal obligation
- In the event of a complaint, I may need to release details to an insurer, a court or a professional body
- When you or someone else are at serious or immediate risk of harm
- When I talk to another professional supervisor(s) for help or if I need to share basic information with a health professional involved in your care
Before disclosing any information about yourself to a third party, I will always seek to speak with you before doing so, though there may be occasions where there is not possible (for instance, if the law forbids me from doing so). This is generally in relation to acts of terrorism, drug trafficking and money laundering. You can always ask me about the limits to confidentiality at any point before, during or after our counselling relationship.
How long I retain your data
The person information of prospective, current and past clients is handled in a specific manner in accordance with The Information Commissioners Office (ICO).
On my Dropbox account I hold your contact details, dates of our session and brief notes to remind me of previous sessions. All this information is either password protected or anonymous. I will ask you to formally consent to me keeping such information for seven years if you are over 18 and ten years if you are under 18. All electronic exchanges will be deleted immediately following our ultimate session and all files kept on my Dropbox account will be transferred over to an external hard drive.
What rights you have over your data
In accordance to UK General Data Protection Regulation (UK GDPR), my notes are kept confidentially as stated above. My ICO registration certificate number is ZA746376. You have the right to request a copy of my notes, in which case you will receive them electronically within 30 days of your request. You also have the right to request for an amendment of your records, if that is the case, your objection will be recorded in my session notes.
None of the content of our online exchanges can be shared with a third party using public media. In addition, in line with maintaining confidentiality, I will not invite nor will I accept invitations from my clients to join any social media group.
Voice only/Webcam Therapy/ Instant Massager Therapy
Your telephone number(s) and full name(s) will be stored on my phone which is password protected.
What data breach procedures I have in place
A data breech is a security incident access by an unauthorized third party, sending personal data to an incorrect recipient, digital device containing personal data being lost or stolen and deliberated or accidental action (or inaction) against personal records.
When I become aware of a breach occurring, I will take steps to investigate. Where necessary I will report the breach to the necessary authorities and to individuals I believe may have been affected by the breach. This information will include a description of the likely consequences of the breach and s description of the measures I propose to deal with the breach. Any breach is documented.