Your Right to Privacy
What Data Is Processed
In addition to the data you provide to us within any enquiry forms, we will collect a registration form at the initial contact, to get to know more about the nature of the difficulties experienced and how to best get in contact with you in case of an emergency. This is to ensure your safety and it is our duty of care, within professional guidelines.
We also keep session notes in accordance with guidelines from our professional body and there may be letters, notes or outcome measures associated with the work we do with you.
If you are referred by a health insurer or solicitor, they will provide us with information relevant to your claim/treatment, including contact information, referral information and policy number.
If you provide a paper copy of registration forms, these will be stored in a locked box. If an electronic copy is provided, these will be stored on a password protected, encrypted laptop/folder.
When you submit an enquiry through the website it will be sent securely via email to us. The email server used is GDPR compliant. Any emails which come through on my mobile phone are secured with a password/mobile thumb print/facial identification software. We avoid sending personal information in the body of the email and subject heading of emails. Any other information, such as session notes, reports etc are stored on a password protected, encrypted laptop/folder, with anti-virus software and regularly backed up.
Session notes, registration forms and identifiable information will be kept for a minimum period of 6 years. After this period they will be deleted/destroyed at the end of each calendar year.
Website enquiry forms, if any, will be deleted within 6 months of therapy ending by us.
Why We Collect Data (the lawful basis for doing so)
We have a legitimate interest in using this data to provide psychological treatment, in accordance with the guidelines of our governing body. We will only use your data for the purpose of providing these services to you and for processing payment for these services.
Who We Might Share Information With
We take the protection of your data seriously and no information you provide is passed on without your consent. However, there may be circumstances where we gain consent to share your information for payment reasons (e.g. such as with your health insurance provider for the purpose of billing) or linked to your claim/assessment (e.g. a solicitor where an assessment/treatment has been instructed).
We may also request consent to share information with other agencies/people where we think it would be beneficial to your treatment or administration purposes. However, we would not do so unless you give us consent for this.
Therapy sessions are confidential. In exceptional circumstances, we may need to pass information on to other agencies/parties without consent. This would be in cases of risk where there is a need to keep you safe, such as serious self harm. For example, if we were seriously worried about your safety we would generally pass this information to the appropriate agency (unless we thought this would put you at further risk of harm) even if consent was withheld.
This also applies when a disclosure is in the public interest (e.g. the safety of others) or where there is a legal duty (e.g. a serious crime has been committed/miscarriage of justice). We are duty bound to do this by our professional guidelines. Whilst we are not obliged to gain your consent for this, we will always discuss this with you first (unless doing so would increase the risk to you or another person).
To ensure good practice, all Psychologists also maintain professional registration via supervision with another qualified professional. Not all cases/patients would be discussed with a supervisor, though if you were discussed, full names would not be used and the supervisor would also be compliant with GDPR. Only ‘need to know’ information would be shared, for the purposes of advice and consultation and to ensure you are receiving optimal treatment.
If you wish to raise a complaint about our practice you can contact us on firstname.lastname@example.org. If you think we haven’t complied with data protection laws you can also complain to the Information Commissioner’s Office.
Your right to access (Article 15)
If you wish to change your registration forms, you can complete a new copy and send them to us. If you wish to retract your registration forms and thereby retract your consent to hold your records (by doing so this would terminate sessions for you as we are unable to practice without this information), you can notify us and we will terminate any sessions outstanding.
If you would like to see your session notes, please discuss this with your Psychologist, who may need to discuss this with the governing body (HCPC) and British Psychological Society (BPS) depending on the nature of the request.
Your right to rectification (Article 16)
If factual errors or omissions have been made in either the registration forms you have provided, or in reports/correspondence we have provided to you about you, then you can request that these be amended. If this information has been shared with another agency, we will contact the recipients to inform of the amendments.
Your right to erasure (Article 17)
If you would like your registration forms and data erased please put this request in writing to email@example.com.
Your right to restrict processing (Article 23)
If you put sessions on hold/terminate sessions, we will no longer take session notes/liaise with professionals about your case (except where there is serious risk).
Your right to data portability (Article 20)
Should you wish to move to another practitioner and you would like your notes to be transferred over, we can provide them with your background information and a summary of works completed/a phone discussion, with your consent. Should you want a more in depth report, there may be a charge associated with this.
Your right to object (Article 21)
We will not email you with marketing information and will not pass your details on to other organisations unless it is to contact your insurers for billing purposes or to the Patient billing company to enable them to collect this payment.
Your right not be subject automated decision making (Article 22)
Judgments will not be made about your care based on algorithmic decision-making.
If your rights under GDPR or any of the above information is unclear, please do not hesitate to discuss this with us.