In its use of personal data in the exercise of its functions, paid employees and volunteers of The Haven must comply with the requirements of the General Data Protection Regulation 2018. This statement sets out the policy by which it will ensure that compliance is achieved.

Compliance with Data Protection Principles

The Haven fully supports the objectives of the General Data Protection Regulation 2018 (GDPR) and will comply with its principles, namely that the personal data it processes will be obtained fairly and lawfully and not processed unless one of the conditions specified in Schedule 2 (and also in the case of sensitive data, one of the conditions in Schedule 3) of the Act are met.

Client Confidentiality

  • We are committed at every level and in all aspects of the service we offer to provide a confidential service to all clients
  • Confidentiality is not between the individual and the trained counsellor, but between the individual and the organisation. Any discussion of the client records within the organisation will be purposeful, sensitive and respectful
  • No conversation about a client should take place outside of the organisation or with anyone who does not work as a volunteer or a paid employee
  • In order to provide the best possible help to clients, it may be necessary to share information with a supervisor or Counselling Team
  • Information divulged by a client will be treated in the utmost confidence and will not be divulged to anyone outside the organisation except where extenuating circumstances exist (see below)
  • No information about a client will be given to any third party even if the person is a member of the client’s family
  • Information will only be passed onto another agency with the full informed consent of the client. The client has the right to withhold consent unless there are exceptional circumstances relating to the client’s safety (see details below)
  • If the trained counsellor intends to obtain help from another agency or refer the client to another agency, this must be explained to the client and their permission given
  • Clients under 16 are not required to have parental consent to use our services but trained counsellors will always encourage these younger clients to discuss this issue with their parents or carer


In certain circumstances, we reserve the right to break confidentiality should this be deemed necessary. These circumstances include:

  • Where there is reasonable cause to suspect that a child under the age of 18 is suffering, or at risk of suffering, significant harm
  • Where the client has threatened, or is likely, to do serious harm to themselves or another individual
  • Where the client gives information which indicates a possible terrorist attack
  • Where the centre has been instructed by the courts (including in limited circumstances by the police, acting on the authority of the courts) to reveal information. This will only be done if the courts or the Police ask in writing through their official channels
  • In all of these cases, if a decision is made to break confidentiality, it will be done only after consultation with the supervisor, Counselling Team Lead and Project Manager
  • If confidentiality will have to be breached the Counsellor will make every effort to discuss it with the client unless this is deemed inadvisable. The client will be encouraged to contact the relevant authority involved themselves
  • If the client is unwilling to take action then the decision to breach confidentiality will be made by the organisation, not the individual trained counsellor. The trained Counsellor must consult the Counselling Team Lead / Project Manager and or supervisor
  • Trained counsellor will keep careful notes of any incidents and all action taken should be recorded in the relevant place for a supervision record

Data Subject Access Requests

  • All data subject access requests for personal information made to The Haven under the GDPR will be dealt with by the Trustee with responsibility for Data Protection.
  • The Haven will provide copies of the information it holds, by post, subject to the provisions of the GDPR.

Staff Awareness and Training

  • All staff will be made aware of the GDPR , and of their obligations under it.
  • All new members of staff will receive information about the Data Protection Act as part of their induction process.
  • All staff and volunteers will be asked to sign a policy agreement form when joining the organization.
  • Staff and volunteers will be properly trained and competent to receive confidential information and deal with the issues raised
  • Staff and volunteer induction will involve familiarisation with the Confidentiality Policy and instruction in implementing it

Confidentiality re: Staff

  • Staff and volunteer members also have the right to confidentiality
  • In order to protect trained counsellors and staff members, their personal details should never be divulged to a member of the public
  • On joining, all staff and volunteers will be asked to complete a form with their contact details. This will be kept in a secure place only to be accessed by management staff
  • All staff training and supervision records will be kept in a secure place

Confidentiality of Client Records, Statistics, Publicity, Phone calls and Correspondence.

  • All client records will be kept securely. It is the responsibility of those on duty to ensure that all written records are locked away at the end of each session
  • Client records and any correspondence will be destroyed after six years or if a client is under 18, six years after they turn 18
  • Clients have the right to see their records. If such records exist the client is entitled to see them
  • Any statistical information shared for publicity purposes will not allow any clients to be identifiable
  • Anonymity will always be preserved if composite stories are created for publicity purposes
  • No specific information about a client will be used publicly without their written consent
  • All letters and printed emails that disclose personal details of clients will be kept in a locked filing cabinet, separate to their notes
  • If a letter or email is received from a client that could be purposefully used in publicity, permission will always be sought from the writer
  • Regarding phone calls. If returning a landline phone call to a client, 141 should be dialled first to prevent other members of the client’s household tracing the call. Texts to client’s mobiles should be discreetly worded. Any client numbers left on the voicemail service should be removed as soon as possible and any notes made during the conversation revealing the client’s details should be shredded or stored in a locked filing cabinet
  • An email regarding an appointment or personal client information will be deleted as soon as possible. If the correspondence is such that it is needed to be kept with their records it will be printed and stored in a locked filing cabinet and then deleted from the email account

In order to comply with the requirement of the GDPR that personal data be kept safe from unauthorised or unlawful access or processing and protected against accidental loss destruction or damage, all staff will:

  • Be aware of and follow the security requirements applicable to the personal data upon which they work, to files and documentation, and which cover access to their work areas;
  • Ensure that personal data is disposed of in accordance with the The Haven Data Retention Policy.

Confidentiality of Supporters on the Mailing List

  • All supporter’s information that is stored on the computer will be kept up to date and will not be used outside the charity in anyway
  • This data will be stored in a folder with a password. Only the Administrator, Project Manager will have access to this information. This information will not be shared with anyone else unless there is need to do so on grounds their being a significant risk to those involved
  • All written information about supporter’s and correspondence will be stored in a locked filing cabinet in the office or shredded if no longer needed
  • Only what is needed will be kept about supporters, as soon as someone would like to be removed from our mailing list we shall do so instantly

Confidentiality for Supporters who give Financially

  • All supporters who give financially will be seen on the online bank statements and so those who have access to this will only know who the regular givers are: these are the people appointed as financial signatories of the organisation by the Trustees
  • Gift aid forms are stored in a locked filing cabinet and will be kept indefinitely in compliance with HMRC. It is the responsibility of the person who filled out the form to make us aware of any changes to their circumstances which mean we can no longer claim gift aid on their behalf

Disciplinary Action

  • Disregarding this policy or failing to comply with the requirements of any Code of Practice or instruction issued in order to implement it may result in disciplinary action.