Data Protection Policy
– Effective 25th May 2018
How I use your information
In order to provide you with therapy services, I need to gather and use certain personal information from you, which may include your identity, email, contact number and GP contact details. In the case of therapy, additional details may be taken to provide the service you are expecting such as notes about your sessions, personal history, sexual preferences, relationships etc.
I take your privacy seriously and I will only use the information I collect to provide my services to you and to process payment for such services. I will not share your personal information with third parties for marketing purposes.
Your obligations to provide data
You are under no obligation to provide information to me. However, if you do not provide the personal information requested, then I may be unable to provide a therapy service to you.
The lawful basis for processing personal data
My basis for processing your information is legitimate interests. This is information that both you and I might reasonably expect to be provided and maintained in order to provide the service or information you want. It is necessary for me to collect this data to be able to provide therapy to clients. I may also ask for information on how you found my service for the purpose of my own marketing research. No information you provide is passed on without your consent. I will never sell your information to others.
How long I store personal information
I will only store your personal information for as long as it is required, in accordance with my insurance company.
Emails received directly and related to services I am providing you will be kept only as long as I am working with you and will typically be deleted within 30 days after we cease working. The sensitive personal data defined above and basic contact information held on my mobile phone is stored for a period of seven years after the end of therapy. After this time, this data is securely destroyed at the end of each calendar year and contact information is deleted from my phone. For clients under the age of 18, this data will be stored until the client’s 25th birthday.
How I ensure the security of personal information
I will keep personal data secure against loss or misuse. No other organisation processes personal data as a service on my behalf.
Personal information is minimised in phone and email communication. Any sensitive personal data i.e. reports etc will be sent to you in an email attachment that is password protected. Email applications use private (SSL) settings, which encrypts email traffic so that it cannot be read at any point between our computing devices and our mail server. I will never use open or unsecure Wi-Fi networks to send any personal data. Personal information is also stored on an office computer. This is password protected and has malware and antivirus protection installed. In cases where data such as therapy notes are collected and stored in paper format, it will be kept securely where unauthorised personnel cannot access it. Printed data will be shredded when it is no longer needed. All possible technical measures are in place to keep data secure such as passwords, mobile security and antivirus software.
In the case of Skype sessions, all Skype-to-Skype voice and video messages are encrypted. This protects you from potential eavesdropping by malicious users. For more information about Skype, please visit https://support.skype.com/en/faq/FA31/does-skype-use-encryption.
Who I might share personal information with
Data received from you will be used only by me for the purposes you and I reasonably expect for the services being provided. I do not release data to recipients outside of my business. However, in exceptional circumstances, I might need to share personal information with relevant authorities when there is need-to-know information for another health provider, such as your GP; when disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order or when the information concerns risk of harm to you, or risk of harm to another adult or a child. I will discuss such a proposed disclosure with you unless I believe that to do so could increase the level of risk to you or to someone else.
Your right to access the personal information I hold about you
A complete summary of your rights is available at the Information Commissioner’s Office website. You may request copies of data I hold on you and I must provide this information free-of-charge within 30 days. However, if your request is unreasonable or you have made repeated requests for the same information, I may refuse to comply unless and until a fee is paid or an agreement reached on the data to be provided. You always have the right to file a complaint with the Information Commissioner’s Office if you feel I have violated your rights under the GDPR. I will do my best to provide your information in a format that you can understand and use. I reserve the right to refuse a request to delete a client’s personal information where this is therapy records. Therapy records are retained for a period of seven years (or until the client’s 25th birthday when the client is under the age of 18 at the time of therapy) in accordance with my insurance company.
Automated Decision Making
I do not engage in any automated decision making with your data.