Privacy

How long will you hold my information for?

Your data is kept for 10 years after your counselling or supervision sessions have finished. After 10 years your data is permanently deleted.

​​

What rights do I have over my data?

If you wish to see a copy of your data then you need to request this clearly in writing. If Amy (who is the data controller) doubts the identity of the person making the request then she will first take reasonable steps to ensure it’s really you before releasing any records. Amy will check whether there is specific data that you wish to see or whether you wish to see all your data. A copy of your data will be provided within one month. There is no monetary charge for this. If you wish to make a correction to any of the data you believe to be inaccurate, you can do so by informing Amy. If you do not want your data to be collected in the manner described in this document you can discuss this with Amy.

​

You can ask for all your data to be deleted if you don’t want it to be stored for 10 years. Again, you need to make this request in writing to Amy at Paper Plane Counselling. Once your identity is confirmed, all your paper records will be shredded with a cross-cut shredding machine and any electronic data such as emails or session notes will be permanently deleted. Amy will have to save the request for deletion you made but would not save any other data. Please note that in some circumstances Amy's insurance company’s legal team may want to verify the information she processes and she may by law be unable to delete data if it is subject to a police or legal investigation (please see ‘Exceptions’ below).

​

You have the same rights to your data regardless of your age (i.e. children have the same rights to their data as adults).

​

Why do you need to record information about me?

Amy collects information about why you are using the service, a small amount of medical information and a small amount of information about your important others, alongside brief session notes. This information enables her to provide a high-quality service to you, ensuring she is equipped with the knowledge of our previous discussions prior to each session. Your contact details will only be used for purposes other than scheduling sessions with your explicit signed consent.

​

Website Visitors

When an individual visits www.paperplanecounselling.com we use Google analytics who are considered a third party service, to collect information about what visitors do when they click on our website, e.g. which page they visit the most. Google analytics only collect non-identifiable data which means we or they cannot identify who is visiting. Paper Plane Counselling will always be transparent when it comes to collecting personal data and will be clear about how that data is processed. Google analytics privacy notice can be found here: https://policies.google.com/privacy/update?hl=en

​

Wix is a third-party service that hosts Paper Plane Counselling's website. Wix uses anonymised data to collect visitor information such as how long an individual remains on a page of a website. Wix also hosts the Contact form on Paper Plane Counselling's website and a copy of any data sent via this form is stored by Wix. Wix Bookings hosts the online session booking function on Paper Plane Counselling's website and a copy of any data given when booking a session online will be stored by Wix Bookings. Wix’s privacy notice can be found here for further information: https://www.wix.com/about/privacy

​

Financial data

Paper Plane Counselling use Stripe to process payments online through this website. Stripe records the payee’s contact details and banking details in order to process payments. Their privacy policies can be found here https://stripe.com/privacy-center/legal.

​

Paper Plane Counselling Ltd uses a third-party provider, PayPal, to take online payments (on the request of clients who specifically wish to use this platform). PayPal will record an individual’s contact and bank details when taking a payment. PayPal’s privacy notice can be found here: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

​

Paper Plane Counselling banks with BNZ who record the account name, number, payment date and amount of all transactions made electronically (i.e. for payments made via online bank transfer or via Stripe). BNZ’s privacy policy can be found here: https://www.bnz.co.nz/about-us/governance/privacy-policy​

​

Paper Plane Counselling uses an independent accountant, [name to be confirmed], to prepare our annual accounts and tax returns. [Name to be confirmed] views all accounting data related to Paper Plane Counselling. This includes the details of each payment's name, payment amount and payment date for all transactions made electronically. [Name to be confirmed]'s privacy policy can be found here: [to be confirmed]

​

What do you do to ensure my information is held securely?

Amy uses a dedicated Paper Plane Counselling mobile phone which is secured with a pin code.

​

Amy’s email account requires a user name and password, and two-step authentication is enabled. The account is only logged on to from devices which are the sole property of Paper Plane Counselling or Amy. All emails sent are encrypted in transit.

​

Any attachments sent by email to you containing your personal information are sent by encrypted email. Each attachment is also password protected and the password is sent to you via a different medium (e.g. text message).

​

Amys use Google Workspace to manage emails, calendar appointments and to collect and store client information. Google Workspace provides secure, encrypted services and complies with international data protection standards, including the UK GDPR and the New Zealand Privacy Act 2020. To meet GDPR requirements, Google Workspace is set up so that client data is stored on servers located in Europe. Google’s Cloud Data Processing Addendum (CDPA) and the Google Workspace/Cloud Identity HIPAA Business Associate Amendment have both been accepted. These agreements set out Google’s responsibilities for protecting personal data. The information is stored securely within Google Workspace and is accessible only to Amy.

​

While the majority of data is kept digitally, any hard copy documents are stored in a locked filing cabinet in a locked room. They are stamped as “Private and Confidential”.

​

Is what we discuss kept confidential?

Everything you talk about during your sessions is strictly confidential between you and Amy Mills. In accordance with the NZAC Code of Ethics and the BACP Ethical Framework, all counsellors consult a supervisor on a regular basis to ensure their practice is ethical and that they are working in the best interests of their clients. A supervisor is an experienced counsellor or therapist who is qualified and able to help a counsellor reflect on their work and ensure they are practicing ethically and in line with best practice. Amy’s supervision sessions sometimes take place in person and sometimes take place online, usually using the platform Zoom. Amy’s supervisor(s) is verbally told broad overarching themes of sessions. The supervisor(s) is not told your real name nor contact details and does not have direct access to written records of your electronic or hard-copy data. 

​

What if I see you outside of the session?

If you see Amy outside of a session (e.g. you pass each other in the street) she may smile and acknowledge you but will not engage in any further conversation to ensure your confidentiality. You are welcome to talk to other people about the therapy you are receiving, but Amy is obligated by law to ensure your confidentiality is protected. She requests that in order to ensure the success of your therapy, that you refrain from discussing your therapy with her outside of your sessions. This extends to the online world where Amy is obliged by law to protect your confidentiality. Therefore, she is unable to respond directly to any client interaction via social media, blogpost or other public internet forum.

​

What about other Health and Social Care Professionals?

Any contact Amy makes with other health care professionals regarding you, would only be made with your signed consent. For example, if she were to write to your GP to notify them of your sessions with her, and then notify them of the sessions ending, she would only do this if you were to sign specific consent.

​​

Exceptions:

• Amy may contact your GP or another professional if she believes that you are likely to cause significant harm to yourself or somebody else. This would be done if judged to be in your best interests in order to keep you and/or other people safe. If this happens Amy will make every effort to discuss the situation with you first before sharing information in order to agree what information to share and to whom.

• Amy may contact relevant authorities if she believes children or vulnerable adults are at risk of significant harm in order to safeguard their development and wellbeing (this applies to both “real world” and online risks). If this happens Amy will make every effort to discuss the situation with you first to agree what information to share and to whom; unless to do so would be to endanger the children or vulnerable adults concerned.

• Your data must be shared with another organisation if it is legally necessary to do so. This happens if Amy becomes aware that you (or someone else you talk to her about) are planning, or have participated in, a crime such as money laundering, terrorism or murder.

• If Amy is subpoenaed to give evidence in court then she is legally required to do so and to discuss your data if necessary.

• In the event of Amy becoming incapacitated due to an unforeseen emergency then your contact details will be passed to her supervisor. This person will contact you to explain the situation and discuss alternative support.

 

Our Information Governance Policy and Procedure gives further details of all aspects of our compliance with GDPR.

​