Privacy Notice for Website Visitors
Your privacy is very important to me. I have a few fundamental principles that I follow:
- I don’t ask you for personal information unless I truly need it.
- I don’t share your personal information with anyone except to comply with the law, deliver the service you have requested, or protect my rights.
- I don’t store personal information on my servers unless required for the on-going operation of my site.
Like most websites, this one collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. My purpose in collecting non-personally identifying information is to better understand how visitors use my website.
The contact form asks for your name and email address so that I can respond to your enquiry. This information is emailed directly to me and not stored on the website. My telephone number is available on the contact page if you prefer not to contact me via the website.
Privacy Notice for Clients
From 25th May 2018 the General Data Protection Regulation (GDPR) replaces the Data Protection Act 1998. GDPR states that you have the right to be informed about what information I hold about you and how I store and process it.
I am registered with the Information Commissioner’s Office as a data controller. The lawful basis I use for storing and processing your personal data is Contract, because I need to store and process data to fulfil my contract with you.
The records I keep and what I use them for:
Personal details: At the start of therapy I ask for your name, address, contact details, GP details and an emergency contact. I will use this information to contact you to arrange or change appointments and to support you in case of an emergency.
Session notes: After each therapy session I write brief notes on the main themes of the session. I use these to reflect on my work and as a reminder of anything I want to take to Supervision.
How I store your information and how long I keep it for:
I will store your phone number(s) in my mobile phone, using only a first name. I will store your email address in my email account. I store all other information online using secure client management software, bacpac. I will scan your contract into bacpac then destroy the original. I will delete any email or text correspondence as soon as I have read it. I will delete your phone number(s) and email address from my phone and computer one week after your final therapy session. I will keep your notes for seven years after your final therapy session, as required by my insurance.
Who I may share your information with:
My Supervisor: I regularly see a Clinical Supervisor who supports my work and my professional development to ensure I am giving you the best possible service. If I mention you in Supervision I will use only your first name and no other identifying information.
Third Parties: I will not share your information with third parties unless I am legally compelled to do so, or, in extreme circumstances, I consider it necessary to protect you or someone else from serious harm. Wherever possible I would discuss this with you first.
My Executor: another therapist has a passcode that enables them to access your name and contact details in bacpac if I become unable to practise, for example due to serious illness or death. They would contact you and help you to find alternative support if required.
I use Yahoo Mail, which is not encrypted, so I recommend using this only to arrange appointments. If you prefer not to use it, you can contact me by phone or text instead.
You have the right to be informed about what data I hold about you and how it is stored and processed. You have the right to see the information I hold about you and to ask me to rectify any incorrect, incomplete or misleading information. You have the right to request that I send any data you have given me directly to another controller. You have the right to have your data erased, but this is limited by my insurance, which requires me to keep data for seven years after your final session.
If you want to exercise any of these rights, ask me during a session or contact me at any time via the contact details at the top of this document. I will comply with your request as soon as I can and within one month.
If you have any concerns:
If you have any concerns about my compliance with GDPR, you can speak to me in a session or contact me via the details at the top of this notice and I will attempt to resolve the issue with you as soon as possible. If you want to raise a concern with the Information Commissioner’s Office, there is information about how to do that here: https://ico.org.uk/make-a-complaint/your-personal-information-concerns/
My ICO Registration Number is ZA343669.