Under the General Data Protection Regulation 2018 your privacy and rights regarding your personal data are set out below. I am registered with the Information Commissioners Office (ICO). This document provides information about what data I collect about you, how it is stored, with whom and when it is shared, how long it is kept and your rights regarding that information.
Who is the data manager?
I am the sole data manager
What information is collected and why?
Personal details such as your name, address, date of birth, GP/medical practitioner details, telephone number, email address, clinical information regarding problems for which you are seeking help. This information is required for organising appointments, providing clinical interventions tailored to your needs, invoicing and sharing information when required (see below regarding when and why information is shared with third parties.
How is information stored and for how long?
There are no paper files. Information is electronically stored and password protected. Files are kept for the duration stipulated by professional insurance companies and professional organisations. Any known data breaches will be reported to the ICO within 72 hours.
When is information shared and with whom?
In general information about you is not shared. Exceptions to this rule are:
- when you have given consent or requested me to share information with relevant medical professionals.
- with other relevant authorities if there is any evidence that you or another person is at risk of serious harm.
- in compliance with the law, for example information regarding safeguarding concerns, terrorism, trafficking and serious crime.
- In clinical supervision: it is a professional requirement for any clinician offering psychological therapy to engage in regular supervision. This is done anonymously as it is not necessary to disclose your personal identifiable data for this purpose.
Your rights under GDPR
You have the right to:
- be informed about what data is held about you and what is done with it
- request a copy of the data that is held about you
- correct any inaccurate data
- request erasure within constraints imposed by insurance and professional guidelines
- restrict the amount or type of data that is used
- request the transfer of your data to another provider
Requests can be made in writing, verbally, in person or by telephone and will be responded to within 30 days.
If you decide to book an appointment you will be sent a consent form to sign to indicate that you agree with these conditions. You have the right to withdraw your consent at any time but please be aware that I will need to collect some personal data in order to offer a service and if you are not happy with that then I will not be able to offer a service.