How I use your information
In order to provide you with services such as therapy, training and consultation I need to gather and use certain personal information from you, which may include your identity, address, email, contact number and GP contact details. In the case of therapy, additional details may be taken to provide the service you are expecting such as a signed therapy contract, notes about your sessions, medical records, reports/outcome measures, personal history, sexual preferences, relationships etc. If you are referred by your health insurance provider, then I also collect and process personal data provided by that organisation. This includes basic contact information, referral information, and health insurance policy number and authorisation for psychological treatment.
In addition to any requirements of the GDPR, this information may be further protected by the British Psychological Society code of ethics and the regulating body Health and Care Professions Council.
I take your privacy seriously and I will only use the information I collect to provide my services to you and to process payment for such services. I will not share your personal information with third-parties for marketing purposes.
Your obligations to provide data
You are under no obligation to provide information to me. However, if you do not provide the personal information requested, then I may be unable to provide a therapy service to you.
The lawful basis for processing personal data
My basis for processing your information is legitimate interests. This is information that both you and I might reasonably expect to be provided and maintained in order to provide the service or information you want. It is necessary for me to collect this data to be able to provide psychological therapy to clients. I may also ask for information on how you found my service for the purpose of my own marketing research. No information you provide is passed on without your consent. I will never sell your information to others.
How long I store personal information
I will only store your personal information for as long as it is required, in accordance with my professional organisation and insurance company.
Basic contact information held on my mobile phone is deleted within three months of the end of therapy. Emails received directly and related to services I am providing you will be kept only as long as I am working with you and will typically be deleted 30 days after we cease working. The sensitive personal data defined above is stored for a period of seven years after the end of therapy. After this time, this data is securely destroyed at the end of each calendar year. For clients under the age of 18, this data will be stored until the client’s 25th birthday.
How I ensure the security of personal information
I will keep personal data secure against loss or misuse. No other organisation processes personal data as a service on my behalf.
Personal information is minimised in phone and email communication. Any sensitive personal data i.e. reports etc will be sent to you in an email attachment that is password protected. Email applications use private (SSL) settings, which encrypts email traffic so that it cannot be read at any point between our computing devices and our mail server. I will never use open or unsecure Wi-Fi networks to send any personal data. Personal information is also stored on an office computer. This is password protected and has malware and antivirus protection installed. In cases where data such as therapy notes are collected and stored in paper format, it will be kept in a locked filing cabinet where unauthorised personnel cannot access it. Personal identifiable information is not stored with paper therapy process notes. Printed data will be shredded when it is no longer needed. All possible technical measures are in place to keep data secure such as passwords, mobile security and antivirus software.
In the case of Zoom sessions, all Zoom voice and video messages are encrypted. This protects you from potential eavesdropping by malicious users. For more information about Zoom, please visit https://support.zoom.us/hc/en-us/articles/360000126326-Official-Statement-EU-GDPR-Compliance
Who I might share personal information with
Data received from you will be used only by me for the purposes you and I reasonably expect for the services being provided. I do not release data to recipients outside of my business. However, there are exceptions to this when there may be need for liaison with other parties:
– If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then I will share appointment schedules with that organisation for the purposes of billing. I may also share information with that organisation to provide treatment updates.
– In cases where treatment has been instructed by a solicitor, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.
– In exceptional circumstances, I might need to share personal information with relevant authorities when there is need-to-know information for another health provider, such as your GP; when disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order or when the information concerns risk of harm to you, or risk of harm to another adult or a child. I will discuss such a proposed disclosure with you unless I believe that to do so could increase the level of risk to you or to someone else.
Your right to access the personal information I hold about you
A complete summary of your rights is available at the Information Commissioner’s Office website. You may request copies of data I hold on you and I must provide this information free-of-charge within 30 days. However, if your request is unreasonable or you have made repeated requests for the same information, I may refuse to comply unless and until a fee is paid or an agreement reached on the data to be provided. You always have the right to file a complaint with the Information Commissioner’s Office if you feel I have violated your rights under the GDPR. I will do my best to provide your information in a format that you can understand and use. I reserve the right to refuse a request to delete a client’s personal information where this is therapy records. Therapy records are retained for a period of seven years (or until the client’s 25th birthday when the client is under the age of 18 at the time of therapy) in accordance with the guidelines and requirements for record keeping of The British Psychological Society and The Health and Care Professions Council.
Automated Decision Making
I do not engage in any automated decision making with your data.
effective 25th May 2018