The lawful basis for processing your data
I process your personal data in line with GDPR legislation (General Data Protection Regulation) (EU) 2016/679. The lawful basis for processing your data is legitimate interests. In order for me to fulfil my role as a psychologist, I take notes on each session and store these notes in your file. My notes allow me to reflect on our sessions, and to make informed clinical judgment about your therapy. I only use your data in ways you would reasonably expect and which have a minimal privacy impact.
How I collect information about you
I obtain information about you in the following ways:
When you visit my website
When you enquire about my services via email and I reply to you via email, I cannot guarantee that your email, or my reply is 100% secure. It is important that you understand that no data transmission over the Internet can be guaranteed to be 100% secure. If you wish to email me confidential information please password protect your documents before sending them to me. You can give me your password in a separate email or telephone me and provide me with your password over the phone.
If you choose to ring me I may collect information from you as a prerequisite for offering you an assessment appointment
When you attend for psychological therapy I collect and record data from you in order to get to know you, to understand the difficulties you are experiencing, and to create a plan for therapy.
When we have arranged an assessment appointment I will ask you to complete a Client Information Form which will ask you to provide personal information, including your name, date of birth, address and GP details. I will also ask you to complete some clinical questionnaires which help me to gain a picture of the problems you are facing.
I may receive information about you from third parties which may include other health professionals or your health insurance company. Third parties including analytics providers provide me with information that helps me ensure my website is user-friendly and provides my website visitors with the information they seek. If you have any concerns about whether the above third parties are GDPR compliant, please contact them directly. I will never knowingly obtain data about you from any third party without your knowledge or consent.
The type of information which is collected
I may collect personal information from you either at the pre-assessment stage (on the phone/via email/via my website, or face to face, throughout the course of therapy and this includes information such as your name and contact details.
Some of the health-care related information I collect from you will be classified as sensitive such as your current physical and psychological symptoms and family and relationship history. I collect this data to ensure that the service I provide to you is appropriate for you and for monitoring and evaluation purposes.
What I use the information for
I process personal information in order to provide psychological assessment and therapy. This may include liaising with other health professionals involved in your care, liaising with referrers and communicating with you regarding your treatment/ appointments
Who your information may be shared with
There may be occasions when I need to share the personal information I process about you with third parties such as your insurance company or other health professionals involved in your care. When I do so I comply with all aspects of the Data Protection Act 1998 (DPA).
Your insurance company or rehabilitation company
If you are claiming the cost of your sessions through your insurance company they may request details of your treatment in order to authorise further funding for your treatment. Under these circumstances I will share the minimum amount of information necessary with them.
Your referring health professional
When you are referred to me by another health professional such as a GP or psychiatrist I will usually write to them at the beginning and end of therapy as part of good practice to keep them informed of your treatment and progress.
There are three situations where I would share your information with third parties without your consent:
If I am required to disclose data about you for legal reasons.
Safeguarding children and safeguarding vulnerable adults
If I am concerned about the risk to a child or vulnerable adult.
Risk to self or others
If I consider that there is a risk of serious harm to yourself or others and you are unable to discuss options with me.
How long I keep your data
I will keep your data for seven years after your last contact with my practice. I use two main criteria for determining the retention period. Firstly, according to the Limitation Act 1980, you, as my client, have six years within which to bring against me a complaint of breach of contract, breach of trust or a claim in relation to negligence. It is therefore in both our interests that I store your data for this length of time. Secondly, if a client returns for further therapy in the future, they normally do so within seven years. Once you are discharged from my service, your file is stored securely and all data held on computer is encrypted.
Security of information shared over the internet
I work to protect your personal information after I have received it, however:
1. You acknowledge that the privacy of your communications and personal information can never be completely guaranteed when it is being transmitted over the internet.
2. You acknowledge and agree that you share and transmit the information at your own risk.
Links to other websites
My website contains links to other websites which may be relevant to you. However, if you follow a link to any of these websites please note that they have their own privacy policies and that I do not accept any responsibility or liability for these policies.
Your Individual Rights
You have a number of rights (including Right to be informed, Right to access, and Right to lodge a formal complaint) when it comes to your personal data. Please refer to the ICO’s website for full details of your rights.
Right of Access
You may request details of personal information which I hold about you under the Data Protection Act 1998 and in line with GDPR legislation. Requests for information must be put in writing.
Right to rectification
If you believe that any information I am holding on you is incorrect or incomplete, please let me know in writing and I will promptly correct any information found to be incorrect.
Right to lodge a formal complaint
If you believe that your rights under the GDPR regulation have been infringed, or that the processing of personal data relating to you does not comply with this Regulation, you can inform the Information Commissioner’s Office.
Please check this policy regularly as any changes to this policy in the future will be posted on this page.