INTRODUCTION

​

In accordance with the General Data Protection Regulations (GDPR) 2018, this privacy policy outlines your rights and my responsibilities to you with regard to the collection and processing of your personal information. This privacy policy applies my psychotherapy, supervision and coaching practice including my website, services offered in person and online, online, by telephone or email.

 

OWNER AND DATA CONTROLLER

​

As an independent sole trader of an independent psychotherapy practice, under GDPR regulations, I am listed as the ‘data controller’ and my business is registered with the Information Commissioners Office, the UK authority for upholding data protection. (www.ico.org.uk) Registration number 00014430063

 

THE LEGAL BASIS FOR PROCESSING

​

I collect and process your information on the lawful basis of legitimate interest as a Psychotherapist, Supervisor and Coach. This means that I am using your data in a way that you would reasonably expect me to do so, using contact details and brief records of sessions to assist with ongoing therapy and support.

The lawful basis for processing special category sensitive data is for ‘the provision of health or social care or treatment’.

 

WHEN DO I COLLECT YOUR PERSONAL DATA?

​

Personal and Sensitive Data is collected in the following ways:

·       Communicating with me by post, phone, email.

·       During initial assessments meetings and ongoing sessions.

 

WHAT PERSONAL DATA DO I COLLECT and HOLD?

​

The Personal Data I collect from you from you may include:

​

• Identity Data may include your first name, last name, date of birth.

• Contact Data may include your address, email address and telephone numbers

• Occupations

• GP details

• Who to contact in case of emergency.

• Sensitive information – may include background information about physical and psychological health and history, medications; prescribed and non- prescribed drug use, any criminal offences or alleged offenses, family circumstances, lifestyle and identity, relationships, spiritual and cultural background as well as reasons and hopes for therapy.

​

Brief session notes. I keep brief notes of each session. These notes are for my use only and help to keep a track of what is being discussed. I write these directly onto the Kiku system and they are held securely within Kiku. (wearekiku.com). In line with industry guidelines, these notes will be kept securely for up to seven years after your therapy comes to an end. After this time, they will be deleted from the system.

​

HOW AND WHY DO I USE YOUR PERSONAL DATA?

​

As a Psychotherapist, I take your privacy very seriously. I keep certain information about you so that I can work safely and ethically with you in line with the guidelines of my professional organisation, UKCP and my professional insurance.

 

The Data privacy law allows this as part of my legitimate interest in understanding you and delivering the best possible service.

 

HOW I PROTECT YOUR PERSONAL DATA

​

All records are stored securely. To support the administration of my practice, I now use the secure, encrypted and password protected practice management platform, Kiku (wearekiku.com) to collect and store your personal and sensitive data.  Your data is stored securely in Kiku. It is protected through the use of 2 factor authentication. I am the only person who has access to this system (apart from in the event of an emergency absence see below). I use Kiku to store your name, contact details, agreements and GP details. I also use Kiku to store brief session notes.

 

Occasionally I may need to keep paper records. I will keep this to a minimum. Any paper records will be kept in a locked filling cabinet in my house, filed by reference number.

​

In addition to the data stored on Kiku, I may store your contact details on my mobile phone. I will limit these details to your first name, initial of surname and phone number. My phone is password protected.

​

Your e-mail address is stored on my google account on a password protected computer and will only be used for the purposes of setting up online Zoom meetings or to pass on information as agreed.

​

If you choose to contact me via Zoom, the contact details that you use are stored, but no therapy related information is stored on this platform.

 

I will take every reasonable precaution to protect your data. In the unlikely event of a data breach, I will notify you and the ICO within 72 hours where I am legally required to do so and take the appropriate action to limit any impact of the breach.

 

HOW LONG WILL I KEEP YOUR PERSONAL DATA?

​

I will only retain your personal data for as long as is necessary to for the purpose of our work together, including for the purposes of satisfying any legal, accounting, or reporting requirements.

​

·       E-mails sent for the practical purposes such as Zoom invitations will be deleted after the session is held. Emails exchanged with more personal and/or sensitive data would normally be uploaded onto Kiku (and then deleted from my email account). Occasionally they may be printed and stored alongside any other personal or sensitive data in a secure place before being deleted.

·       I will usually hold your personal details and session notes and my supervision notes for a period of seven years once our work together has ended, should you decide to return and in order to comply with my with my insurance terms and conditions. However, I may need to hold information for longer than this, in order to defend myself in a claim situation.

·       I keep financial information for 7 years, as advised by HMRC. If your name appears on any of my bank statements, it will be redacted.

 

Once the retention period expires, Personal Data will be deleted from the computer and written records will be destroyed.

 

HOW I MAY SHARE YOUR PERSONAL DATA?

​

• I am required to attend regular clinical supervision with another professional therapist as part of ongoing accreditation with UKCP. They abide by the same UKCP Code of Ethics and Professional Practice and discussions will not include identifying details about you.

• My administrator may see your name and bank account details on bank statements, when managing my accounts. They also may be given your name and contact details to facilitate the sending of invoices or receipts.

• Professional Will – In the unfortunate event of me being unable to work (eg death, accident, serious illness) and not being able to contact you myself, my administrator would apply to Kiku to be given access to my client data. In conjunction with a trained colleague, they would access the data to enable them to inform clients of the situation and deal with any records, destroying them where necessary.

• LIMITATIONS TO CONFIDENTIALITY – It may become necessary to share your data with a third party if I feel that there is a significant risk of harm to self or other, including child protection. Unless the risk is imminent, I will aim to discuss this with you before appropriate disclosure. I do have a legal obligation to break confidentiality in compliance with a court orders requesting information regarding therapy as well as knowledge regarding money laundering, drug trafficking and act of terrorism.

 

YOUR RIGHTS

        

·       Right to Access: You have the right to make a request in writing for a copy of the personal information that I hold about you. In extremely rare cases, this right may be refused where the result of that disclosure could cause serious harm to an individual’s own or another’s physical or mental health (including children)

·       Right to verify and seek rectification: If you believe that any information I am holding on you is incorrect, incomplete or needs updating, please let me know and I will make the appropriate changes.

·       Right to have their Personal Data deleted: You can request to have your personal information deleted, unless I have legal obligation to retain, in a claim situation or to comply with my insurance terms and conditions.

·       Right to object: You have the right to bring a claim before the competent data protection authority.

 

HOW TO EXERCISE YOUR RIGHTS

 

Any requests to exercise your rights can be directed to me, through the contact details provided in this document. These requests can be free of charge and will be addressed by me within one month

 

DETAILS ABOUT THE RIGHT TO OBJECT

 

As your personal data is processed on the legal basis of ‘legitimate interests’, you may object to such processing by providing a ground related to your particular situation to justify the objection.

 

CONTACTING THE INFORMATION COMMISSIONER’S OFFICE (UK)

 

If you are not happy with any aspect of how your data is collected and used, I would be grateful if you would contact me first, so that I can try to resolve it for you.

 

If you have any issue with how your Data has been handled or are not satisfied with the response you have received to any request, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues by calling 0303 123 1113 or going online to www.ico.org.uk.