top of page

Data Protection Policy

Brideswell Counselling and Psychological services recognises the importance of client confidentiality particularly in relation to personal information which may be shared in the course of engaging in psychotherapy or psychological therapeutic work. This service is subject to the requirements of the General Data Protection Regulation 2018 (GDPR) and the Irish Data Protection Act 2018.

Data collected. Personal information provided by you, such as your name, address, phone number, email, client contract, client notes and appointment dates which will be attained in writing. All personal information provided by you such as contact number and notes will be kept in accordance with the Data Protection Act 2018.
Data storage
Data is stored as hard copies files. The information you provide will be kept in the highest standards of security. Your data is kept in an a securely locked code access only cabinet as per requirements of my accreditation bodies within a certified alarm protected office. The hard to guess passwords are frequently changed. When I write up notes, I am very mindful of your privacy at all times. Therefore, client information (minimal in quantity) may be either coded or disguised to protect your identity. Nobody but Margaret Kennelly has access to them at any time. They are never shared unless subpoenaed by a Court of law order and that is extremely rare.
(1) You would of course be notified well in advance of such an event.
(2) Clear written permission will be obtained from you prior to I releasing any information.
(3) You will be fully informed of the data content to be released and your full written permission obtained prior to the release of such data.
Information provided by you will only be used for the purpose of delivering therapy and booking appointments.

Therapists Supervision


As part of my code(s) of practice I am required to carry out continuing professional development, and to engage in regular on-going clinical supervision. This is to ensure an ethical and professional service to clients. I may discuss your case in supervision but would not use any identifying details whatsoever.

Limits of Confidentiality & Legal Obligations, including Reporting

In exceptional circumstances, where I am concerned for your welfare, or that of others as in, actual risk of suicide or actual threat to self or others or in cases of childhood sexual abuse disclosure, it would be necessary to report such matters to the relevant authorities and seek additional support outside the therapeutic relationship. In the case of a disclosure concerning acts of violence, or acts specific to the children’s act, confidentiality will be broken, as I am obliged to liaise with the relevant authorities. This is a mandatory obligation for all psychotherapists.


How long is data retained and how is it disposed of?

In keeping with my accreditation bodies requirements, all records must be retained for a period of 7 years after your last appointment for legal purposes. Following this period all stored hard copies of your data will be doubly shredded and securely destroyed by Margaret Kennelly to protect your anonymity.

What happens your data in the event of my untimely death or retirement?

In the event of my untimely death, ill-health or retirement, arrangement have been made for the careful management of your data as per (IACP, 2018, Section 2.4, Item E). A professional will which includes key professional individuals who will act on my behalf has been made to ensure your data continued security. A Professional Executor and her contact details (named in will) has been agreed. A response team (three professional individuals) have been nominated by me and agreement obtained from each one to ensure a safe and secure transition of all client data and where agreed, to act as a “Bridge Therapist”. Each nominee will have their own specific role (role explained and key task outlined to each) such as contacting clients and the secure disposal of records. A master File, Passwords and Contact List (FPC) have been created. This FPC includes my office address, alarm codes and passwords for file store cabinet. Copies of keys to access my premises plus passwords and lists are secured in a sealed envelope and the location of this set out in my personal will.


Your rights

You can demand to see all your records at any time. Please allow up to 21 days for me to provide them. If you think some information is incorrect, or not required for the above purposes, you may request we correct or remove it. As this is an important change, please do so in writing via registered post. You also have the right to request your records under ‘data subject access request’. Should you need to lodge a complaint concerning your data you may do so with the Irish Data Protection Commission (D02 RD28). 


Children Under 18 years of age.

As a therapist I am concerned to protect the privacy of children aged 18 years or under. I adhere to the IACP (Code of Ethics and Practice, point 1.3 i). Parental participation is important in order to support a young person in the therapy process. Both parents, where possible, will be invited to take part in the therapy process and provide their written permission for Counselling/Psychotherapy to proceed. The parent / guardian will receive a copy of the contract. I take responsibility for making a clear contract with the parent / guardian to include issues such as availability, fees, and cancelled appointments. Adequate systems are in place to verify individual ages and obtain consent from guardians. If you
are aged 18 years or under‚ I require your parent / guardian’s permission beforehand
and whenever you provide me with personal data.


Review of this data protection policy


I keep this Policy Statement under regular review. This Statement was last updated in January 2020.
In order to achieve and maintain GDPR compliance I have completed an on-line Research Integrity Certificate (DCU) April 30th 2019.This is a very comprehensive GDPR course. I have viewed IACP GDPR seminar in 2019. I have also booked a place on a GDPR course organised by IACP for February 26th 2022.

bottom of page