Privacy Policy
Your privacy is important to me and I adhere to current data protection legislation to keep your personal information safe and secure.
This page summarises how I use and store any data that you give me whilst using this service, so that you can make an informed decision about whether or not to proceed.​ I provide further information once an appointment is booked, and I am happy to chat through any questions - please feel free to message me via my contact form.
​
"Data controller" is the person who who collects, stores and has responsibility for people's personal data. In this instance, the data controller is me (Jessica Baumber - Information Commissioner's Office (ICO) registration number: ZB052377).
​
Privacy Policy last updated - December 2024.
​​
My lawful basis for processing your personal data:​
​
General Data Protection Regulation (GDPR) states that I must have a lawful basis for processing your personal data:
​
Your sensitive personal information - or "special category personal information" - is processed for the provision of counselling psychology services (a "health treatment") and is needed for a contract between myself ( a "health professional") and any client.
​
Current or potential clients: I will process your personal data as necessary to enable our working together.
​
Previous clients: if you previously worked with me as a client or supervisee, and our work together has now ended, then "legitimate interest" is the lawful basis for my storing/using your personal information. As per guidelines provided by my professional bodies and insurance, I store data for 7 years following a final session with any client.
​
​Data Collection:
​
I collect personal information that clients, or prospective clients, provide me with, including: name, phone number, email address, home address, and (possibly) medical information and GP/health provider and/or health insurance membership details.
​
Data will be collected and stored by me as a result of your actions such as: filling in the contact form on this website, emailing me, filling in my contact and personal details form, using mobile phone communication, making any payments into my bank account, or engaging in a discovery call or session/s (of which I make brief notes).
​
I collect data to enable me to respond to potential client enquiries, and to enable me to provide my services to clients.
​
Data Storage:​
​
Since 2024, I have been using a practice management system called WriteUpp to securely store client data. WriteUpp is GDPR compliant. You can find out about WriteUpp's commitment to security on their website: www.writeupp.com/security
​
I only use WriteUpp for data storage once a client has decided to work with me; I do not store any information of potential clients' on WriteUpp if they decide not to continue with sessions.
​
Any data stored in paper files or on my desktop is also stored safety and securely. My desktop is password protected, I password protect documents containing client data, and I ensure anti-virus software is up to date. I have a locked cabinet in my office for storage of any data on paper. ​I ​​use Proton Mail for any email communication with clients; I have chosen this provider due to its high levels of security. ​I have a mobile phone and tablet solely for work purposes, which are password protected. I do not store client phone numbers with names; if it is appropriate for me to store a phone number, I will do so with initials only.
Any data collected is stored only for as long as necessary, and for a maximum of 7 years after any work with me has come to an end (as per guidance from professional bodies and liability insurance).
​​​​
Data Use: ​
​
Any contact details collected and stored enable me to work with clients as per my contract (which clients receive prior to a first therapy session).
Further information about clients is sometimes collected at the same time as the contract is agreed upon - for example, clients may inform me about health issues and medications and may provide me with their GP details. In brief, this data is collected to enable me to undertake my work with client safety as a priority; my contract provides further detail about why and how this data is stored and used.
​
As noted, I also keep brief records of client sessions, in order to support me in providing psychological therapy, and I store these confidentially. Limits to confidentiality are explained in my contract and are discussed with all clients.
​​​
Data Access:​
​
You have a right to access any data that I store about you, and can request a copy of your data at any time. Unless prevented from doing so by legal or other complications, I would endeavour to provide this information within one month of your request.
You have the right to request that I correct any information that is inaccurate, or to delete any information that I hold about you. I would comply with any such request unless prevented from doing so by legal reasons (including tax purposes).
The ICO provides further detail about your rights: https://ico.org.uk
​
Cookies:
​
Like most websites, cookies are used to help this Wix website run efficiently.
Breaches and Complaints:
​
Please note that, although I take care to ensure all data held is done so securely and in accordance with GDRP, if it ever became apparent that a data breach had occurred, I would report this to the ICO and to yourself within 72 hours.
​​​
If you have concerns or complaints about the way I hold your data, then please do not hesitate to contact me. I would welcome any feedback that may improve my data protection procedures. If you want to make a formal complaint about the way I have processed your personal information, you can contact the ICO: https://ico.org.uk or 0303 123 1113.​​ ​​
​​​​​​​