UK GDPR Privacy Policy for Career Guidance and Career Counselling

Effective date: 01/09/2021
Practitioner Name: Marc Truyens
Contact details: marc.truyens@marcr.net

Purpose of This Policy

This policy explains how I collect, use, store, and protect your personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
It applies to all personal information collected in the course of providing career guidance and career counselling, including information shared in face-to-face appointments, via email, and in written action plans or notes.

Information I Collect

I collect and store only the information necessary to provide an effective and professional service. This may include:

Contact details: name, address, phone number, and email address
Background information: education, qualifications, work history, skills, and career goals
Session notes and action plans: summaries of sessions, agreed actions, and progress
Email correspondence: communications relating to appointments, resources, or follow-up actions
Demographic or contextual information: (e.g. age group, location, or circumstances relevant to guidance), if appropriate

Sensitive or special category data (e.g. health or personal circumstances) may occasionally be discussed if relevant to your career planning, but I will only record such details where it is necessary and with your consent.

How I Use Your Information

Your personal data is used to:

Arrange and manage appointments
Provide tailored career guidance and career counselling
Record action plans and agreed steps to support your progress
Follow up on appointments and provide relevant information or resources
Meet professional, legal, and insurance requirements

Your data will not be shared with third parties outside of the school unless:

You give explicit written consent, or
Disclosure is required by law (for example, where there is a safeguarding concern or legal obligation).

Lawful Basis for Processing

Under UK GDPR, the lawful bases I rely on for processing your personal data are:

Contract: Processing is necessary to deliver the service you have requested.
Legitimate interests: To maintain professional records and provide ongoing support.
Legal obligation: Where record retention is required for professional or insurance purposes.
Consent: For storing or sharing any sensitive personal information or sending optional resources by email.

You may withdraw consent at any time by contacting me in writing.

Email Communication

Email is used to confirm appointments, share career resources, and exchange relevant information.
To protect your privacy:

I will avoid sending sensitive personal details via email where possible. Where not possible I will encrypt any emails and information.
Emails are stored in a secure, password-protected account.
Emails are retained for 12 months after our last contact, after which they are securely deleted unless there is a professional reason to retain them (e.g. ongoing client support or legal requirement).

If you prefer not to communicate by email, please let me know, and an alternative method can be arranged.

Retention of Written Action Plans and Notes

Written notes and action plans are stored securely, either in a locked physical cabinet or within encrypted digital files. I keep the retention of written records to a strict minimum as they are uploaded to a school system (Unifrog).
These records are retained for 7 Years from the date of the last appointment, or 6 months after you leave the school I worked in with you, in line with professional and insurance guidance for career practitioners. After this period, records are securely destroyed (shredded or digitally erased).

If you are under 18 at the time of your appointment, records will be retained for 7 years after your 18th birthday, in line with safeguarding best practice. (https://learning.nspcc.org.uk/research-resources/briefings/child-protection-records-retention-storage-guidance ). Where our meetings and action planning take place in a school setting, action plans on my system will be deleted at the latest 6 months after you leave the school I work in.

Data Security

I take appropriate measures to protect your data, including:

Secure physical and digital storage of records
Password protection and encryption for electronic devices and files
Limiting access to authorised personnel only (in most cases, this will be the practitioner alone)
Regular review of data security practices

Your Data Protection Rights

You have the right to:

Access a copy of the personal data I hold about you
Rectify incorrect or incomplete information
Request erasure of your data (unless retention is required by law or professional guidance)
Restrict or object to certain types of processing
Request data portability (to transfer data to another provider, if applicable)

Requests should be made in writing to marc.truyens@marcr.net or by letter through your school. I will respond within one month.

Complaints

If you are concerned about how your data is handled, please contact me directly in the first instance.
If you are not satisfied, you can contact the Information Commissioner’s Office (ICO):
Website: https://ico.org.uk

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.