This policy explains how I use and protect any data that I collect about you when you access my service. I will provide a hard copy for your reference if we proceed to therapy and you will be asked to sign this to confirm your consent to my use ad storage of your data for these purposes.
What information I collect and why
If you decide to submit the contact form this information is stored on my website and deleted monthly. My Personal Assistant (who is GDPR compliant) will access the submitted form and respond to your enquiry.
Following this, to access my one-to-one therapy service, Untroubled programme or EMDR intensive week we will collect personal information on the Client Registration Form in order to correspond both to you and any other health care providers about your care. I therefore collect enough information to identify you for this purpose. This includes:
Date of Birth
Landline and mobile
I also collect information about your GP and an emergency contact in case I become concerned about your wellbeing and need to liaise with them to get extra support arranged. Therapists are required to keep client records, these include the main points discussed in session including any therapeutic interventions. As part of this I will document information pertaining to your psychological difficulties and history related to this.
How I store this information
Paper: Your client record and Client Registration form is stored securely in a locked metal filing cabinet according to the standards set out by the Information Commissioner’s Office (ICO).
Digital: The digital information I hold on you includes any correspondence on email and text, plus any letters/reports that I write. I retain these for the duration of your treatment for good continuity of care and then delete these from my account/phone. Any letters and reports are password protected before being emailed. Hard copies are then stored with your paper notes and deleted from the memory stick.
Website: Any personal information collected on my website (hosted by Wix) is deleted after use. The Wix site also collects cookies.
Third party websites: I use Mailerlite and Interact for sending newsletters and hosting quizzes. They are GDPR compliant websites. I only hold your name and email address on here if you’ve subscribed to one of my online opt-in forms (such as a quiz or signed up to receive a newsletter). I only use the information stored there to contact you with news about my business and to inform you of new services that I offer. Your name and email address that is stored on Mailerlite will be deleted from there if you unsubscribe from my mailing list.
Social Media: You may choose to follow my business social media pages, these sites include Facebook, Instagram, Twitter, Tiktok and Linkedin. These sites have their own GDPR policies. I will not use this information to follow you back or forward to other people. You can choose to unfollow these social media pages when every you wish.
Sharing information with third parties
I will not share your information with anyone else without your consent. The exception to this are times when I feel concerned about you or another person mentioned in a therapy session, in these situations I have a duty of care to share information to relevant statutory services to get the correct support to keep you/them safe.
A part of a Clinical Psychologist's code-of-conduct is to receive regular supervision from another psychologist regarding their clients' care. This is for the purpose of ensuring that good quality therapy is being provided. I do not share client identifying details with my supervisor, if this becomes necessary for any reason then they are also bound by the same rules of patient confidentiality as I am.
You have the following rights:
To be informed of what information I hold about you (as outlined by this document).-
To see what information I hold about you, I can show you this during your therapy session at your request.
To rectify any inaccurate or incomplete personal information.
To withdraw consent to me using your personal information in the ways outlined in this document.
To request your personal information is erased. However, in some cases I will need to consult external parties such as the ICO, my accountant or my indemnity insurer regarding any further legal reasons I may need to retain information regarding your care. I may decline if the information is needed for me to practice lawfully and competently.
How long is information retained and how is it destroyed?
The British Psychological Society and NHS guidance recommends retaining records for 7 years which I adhere to. This is so I have reference to our work in situations where you seek further psychological support. After this time, I securely destroy notes using Viridor secure waste collection at Prometheus. I delete all digital data from my memory stick, email system and phone.
How to securely correspond with me?
Email correspondence is not considered a secure medium for communicating. Therefore, please do not email me sensitive/private information. Doing so is allowed but this will be at your own risk. If you would like to send me private information I recommend password protecting it first and informing me of the password by phone or face-to-face.
What if you are unhappy with how I have processed your data?
If you have any concerns about how I have handled your data you can complain to the Information Commissioners Office (ICO) on 0303 123 1113