The General Data Protection Regulations, 2018 (GDPR) replaces the 1998 Data Protection Act to ensure your personal and sensitive, confidential data is kept private and held securely, being processed in the way that you have agreed to. It is there to protect your rights as a consumer of a service or product that might involve your identifiable data, e.g. your name and address or potentially sensitive information. It also covers any session records, text messages or emails we exchange.
How long will you hold my information for?
I am regulated by the UK Network for Mindfulness Teachers an organisation that does not stipulate how long I must hold your data for I therefore keep records for the duration of the course plus 3 months. Therefore, all records will be deleted in the January after the above retention scales. This is in line with NHS regulations for holding data.
What if I don’t want my records to be held for that long?
Under the GDPR you can make a request in writing to me, for all your records to be deleted. In this case all your paper records would be shredded with a shredding machine and any electronic data such as emails or text messages would be permanently deleted from the devices they are stored on. I would have to save the request for deletion you made but would not save any other data.
Why do you need to record this information?
I collect information about; why you are using the service, a small amount of detail to help me meet your needs better and a small amount of information about your important others, alongside sometimes brief session notes. This information enables me to provide a high-quality service to you, ensuring I am equipped with the knowledge of our previous discussions prior to each session. Your contact details and Doctors details will only be used with your explicit consent.
I also ask you for additional consent to being contacted via my monthly newsletter and to inform you of upcoming events. You have to separately consent to being contacted in this way and can withdraw this consent at any time. Your details for the newsletter and email addresses are kept in a password protected laptop and on the industry-standard secure mail-marketing platform, Mailchimp.
What lengths are made to ensure my information is held securely?
Hardcopy documents – Are all stored in a locked cabinet in a locked room.
Text messages – My work phone is secured with a pin code and emergency delete function.
Emails – My email account requires a user name and password.
Email attachments – Any attachments sent by email to you containing your personal information would be password protected and the password would be sent to you via text message.
Electronic documents – Any electronic documents e.g. an invoice, are stored on a password protected computer if they contain personal or sensitive information.
Is what we discuss during the course kept confidential?
Everything we talk about during the course is strictly confidential. To ensure I am doing my job effectively and that I have the right support, I may discuss elements of the course with my supervisor. During these discussions I do not disclose any details that may identify an individual to my supervisor, and my supervisor also adheres to the GDPR.
What if I see you outside of the course?
If we see each other outside of a course I will smile but will not engage in any further conversation to ensure your confidentiality. You are welcome to share with other people about the impact the course is having on you as an individual but please do not discuss anyone else’s experience. I am obligated by GDPR law to ensure your confidentiality is protected.
In order to safeguard you and the people around you, if you were to disclose that you were going to carry out harm to yourself or someone else, then under my ‘Duty of Care” I am obligated by law to inform the relevant authorities. This is to support you to live well, and I would always aim to discuss this with you prior to contacting anyone.