What are the laws that protect my personal information?
The DPA and the General Data Protection Regulation (GDPR) require that all organisations that store personal information about people may only do so provided that the information is: processed lawfully, fairly and in a transparent manner; collected for specified, explicit and legitimate purposes; adequate, relevant and limited to what is necessary; accurate and, where necessary, kept up to date; kept in a form that permits identification of information subjects for no longer than is necessary for the purposes for which the personal information are processed; and processed in a manner that ensures appropriate security of the personal information.
GDPR defines a ‘data controller’ as the person in an organisation who: ‘determines the purposes and means of processing personal data’.
For the purposes of GDPR, the ‘data controller’ is Lisa McEvoy, 130 Hammondstreet Road, Cheshunt, EN7 6NX
ICO Registration number: ZB177309
Lisa McEvoy is committed to complying with the terms of the General Data Protection Regulations (GDPR) and to the responsible and secure use of personal data.
I have a legitimate interest in processing personal data in order to provide counselling services. The purpose of this statement is to let you know what personal information I collect and hold, how long it is kept and your rights over your personal data.
How will you collect my personal information?
I collect personal information from you when you enquire about my services and in order to set up an initial appointment. I will collect your personal information in the following ways: via my website: www.lisamcevoy.com, over the telephone, via email and webcam, and in person during our meetings.
What types of information will you collect about me?
I will collect several types of information about you and in several different ways. For instance, when you visit lisamcevoy.com I will collect the following information about your visit: I.P. address, location, search engine, date, time, web pages visited, operating system, and device.
Before committing to provide you with any services, I will ask you to provide me with your name, telephone number, email address and some information regarding the service you are seeking.
If we have agreed that my service is right for you, I will collect further information from you that may include but is not limited to: G.P. contact details, medication, network of support, health and physical issues, alcohol and drug use for instance.
I keep brief notes of our sessions for the purpose of assisting our work together. The notes help me to keep track of the issues that we are working on and they are for my use only. The notes do not include any personal details that could be used to identify you and are stored separately to your personal details.
What is ‘special category’ information, and why do you need to process this too?
Special category information is defined by the GDPR as being information that is more sensitive than other personal information, and therefore requiring higher levels of protection. Examples of
this type of information could include information about your health, race, sexuality, sex life, or religion. In order to lawfully process special category information, I am obliged to identify a specific condition for processing it under Article 9 of the GDPR and communicate this to you. With this in mind, the condition of the GDPR that I apply to the processing of your special category information is that it is ‘pursuant to contract with a health professional’. This means that, I will likely need to process some special category information about you. Usually, this is information about your mental health, and I need to process it in order to fulfil my contractual obligations to you in delivering a safe, effective service.
Use of Information
Your personal information will be used only to provide you with, and to give you information relating to my services. I will not share your personal information with any other person or organisation without your knowledge and permission, unless there is a legal requirement, if there is a child or adult safeguarding issue, or a perceived risk of harm.
How will you store my personal information?
I will store your personal information both electronically and physically. Personal information is stored electronically on devices that are password protected, and in files that are further password protected and only accessible by me. Names and contact details are stored separately to other personal information (anonymised format). Information is stored physically using paper records held securely in locked storage in an anonymised format. These records are also only accessible by me.
How long will you store my personal information?
However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation.
Your rights over your personal data.
According to GDPR, your personal information should be stored for no longer than is necessary. For legal purposes this should be for no less than 7 years. Individuals have the right to access and receive a copy of their personal data and other supplementary information held. If you would like to do so, or if you would like your records to be updated or deleted, please email me at:
However, I may have the right to refuse to comply with your request, for example for legal purposes. I will let you know my response to your request within one month of receiving it.
Can I object or complain about the processing of my personal information?
If you have any concerns about the way in which your data is stored or is handled please email me directly at; firstname.lastname@example.org. I will do my best to address your concerns and take steps to try and resolve whatever issues you may raise.
If these are not resolved to your satisfaction, you may choose to contact the Information Commissioner’s Office directly on 0303 123 1123, or you can visit https://ico.org.uk/concerns/ for more information.