Privacy Policy

Data Controller

Rebekah Jones

GDPR Statement

I am registered with the ICO and am fully insured for all therapies and supervision activity, both online and in person. I fully adhere to GDPR / BACP guidance with regards to ensuring the confidentiality of clients and supervisees, and politely ask that you familiarise yourself with these regulations should you be unaware of them.

The content of therapy and supervisions will not be communicated with a third party except for the purposes of my own supervision. In this instance, a clients / supervisees identity will not be revealed as I will use a code to uniquely represent you (and the clients of supervisees also). Any presenting issues are discussed in a general context; to help ensure I am working ethically and safely within my practice.

In respect of online sessions via webcam, the UK police force and other international government authorities can ask for access to an individual’s email account or records where there is suspicion of illegal activities. On this basis I am not able to guarantee confidentiality in circumstances which lead to access being granted.

Should a complaint be made by a client / supervisee to my professional body I reserve the right to breach confidentiality and to use my clinical / supervisory notes to address any grievances which might occur within my clinical / supervision practice.  Wherever possible you will be informed of this. 

At the end of our therapy / supervision agreement any documents concerned with our sessions will be stored securely offline for a period of 7 years and then destroyed by shredding after this time. I am a registered Data Controller and abide by the regulations imposed by such procedures. 

My registration number is: ZA438444, which covers all aspects of my practice including my umbrella service, Stepping Stones Counselling and Psychotherapy Limited, which sits within Stepping Stones Wellbeing Hub. The procedures in this document have been compiled in relation to GDPR (General Data Privacy Regulations) and you are welcome to request a summary or full version of these procedures at any stage. 

What information is kept about me and who has access?

As a Data Controller I maintain and store brief notes relating to our sessions together, however, I will not share this data with anyone other than yourself, unless required by a court of law. 

Under GDPR you have the right to request a copy of your records. Where requested by you these will be within 30 days in electronic format, Under GDPR you have the right to ask for records to be amended if you feel they are inaccurate. If you wish to ask for an amendment or if you raise objection to any data kept by me, such objection will be stored with the original supervision notes.

How is my information stored?

Any therapy / supervision notes are brief, and will be stored along with your details (shared at our initial appointment) on an approved GDPR compliant system called BACPAC.  The only people with access to this platform are myself and my PA, who enters all new client / supervisee details onto BACPAC in the initial stages.

In the case of supervisees, where I may also take notes during a session, the documents are stored in a locked cabinet. If required, these notes is transported in a locked bag.

Any electronic contact we have during the process of our sessions will be deleted from my computer at the end of our agreed work together.