Page 1: Page 1

By returning this form you are stating that you understand and consent to your information being processed in the manner detailed in our Privacy Statement Below


Privacy Statement

Purpose of data processing

Your personal data is processed by the Wellbeing Team so we are able to contact you and have some background information to understand the type of support you may require so we can prepare for meetings with you. It is essential for us to keep details about you and your sessions with us.

Anonymised statistical data is used for management and quality assurance purposes.

We process the contact details of the medical practice at which you are registered to enable us to communicate with your doctor in case of emergency. We may also write to your doctor at your request.


Legal basis for data processing

Our legal basis for processing your data is that processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract. We ask you to sign a contract with us to agree to the terms of our service.

If you do not want us to keep notes about you, we will only be able to offer you one session.  This is because our professional requirements make it essential for us to keep notes on clients.  If we cannot offer you the sessions that you need, we will refer you to another service or agency.


How the data is processed

Your personal information is stored securely within a computerised database which is password protected.  The following data is stored within the database: name, unique code, DOB, course details, GP details and number of sessions attended.  Access to the database is restricted to the Wellbeing Team.

We also keep confidential case notes documenting the appointments of everyone who uses the service. Case notes may record background information and key issues covered during each session. These will vary in length and detail. Points of concern are also noted.

We take your privacy very seriously and make every effort to ensure electronic communications and online meetings are secure. All emails and messages are hosted on the UHI server linked to and are only accessed by the Wellbeing team. We do not record online sessions, which are also hosted on the UHI server.

All service users are allocated a unique counselling code which is recorded on your case notes instead of using your name.


Access to notes or data concerns

Under the Data Protection Act 2018, clients have a right of access to all personal data processed about them, this includes your counselling notes. If the notes contain reference(s) to other individuals, the third-party references will be removed prior to making the notes available to you. Data protection law provides protection for all data subjects. Sometimes, it is more helpful for a counsellor to explain to you what is recorded within your records as some notes are recorded in codified form, to ensure confidentiality at all times.

If your file includes letters or additional information from the person responsible for your clinical care, e.g. your general practitioner (GP) or psychiatrist, consent from the relevant practitioner must be obtained before the correspondence may be disclosed.

Details of case notes are exempt from disclosure to third parties under current data protection legislation.

If you want a copy of the records we hold about you, this is called a subject access request and falls under the Data Protection Act 2018 and the Uk General Data Protection Regulation (GDPR).  You can make a request for a copy of your data by contacting the college’s Data Controller (see details below).

The Data Controller, Inverness College UHI, 1 Inverness Campus, Inverness, IV2 5NA



Monitoring, Statistics and Reports

The Wellbeing and Counselling Service retain anonymised statistical data regarding  ethnicity and the kind of wellbeing help or counselling provided. Any statistical reports produced for UHI Inverness or external agencies do not contain personal data.



All college computers are part of a secure network that requires a unique identifier and password in order to gain access.  All staff have multi factor authentication in place for added security.  All lists, emails or individual files containing student information are also password protected. Notes and paper records are kept securely locked within the Service. These can only be accessed by staff employed within the Wellbeing and Counselling Service.

In line with legal requirements, counselling notes are retained for 5 years.  After this time, they are destroyed securely by shredding.


Liaison and correspondence

With your expressed permission it may be appropriate for the counsellor to liaise directly with, or write to, a third party - for example a personal tutor or GP. In the case of telephone calls, the purpose of the call, and the nature and extent of the information to be given, will be agreed with you prior to the call. Requests for letters should be discussed with the counsellor and the same process will be applied.

If you have agreed to us communicating with someone outside the service about you, we will agree with you first what information can be discussed.  If we are writing to someone outside the service on your behalf, we will offer you the chance to approve the letter before it is sent. We will ask you to complete a third party consent form if we are dealing with an external agency on your behalf.  This will be deleted at the end of the academic year to which it relates.