Privacy Policy

Privacy Policy

The Data Protection Act 2018 (including GDPR) means that you have the right to know about what happens to information about you, this policy aims to lay this out clearly.

This policy governs the way in which I collect, store and share information collected from clients. The lawful basis of this data collection is under legitimate interest. It applies to the practice, website, social media and services offered by me within my private practice.

Clients seeking therapy will be sent a link to this Privacy Policy where possible before therapy commences and a paper copy can be provided on request or where it is not possible to share a link or access the webpage.

Social media: I have social media accounts for my practice on Facebook, LinkedIn, Twitter and Instagram. If you make contact via any of these accounts, then data held will be subject to their privacy policies. Direct messages will be held for the duration of our work together and deleted 12 months following the end of our work or last contact unless we discuss the possibility of continuing work together in future.

Website: My website is run through WordPress, so if you already have a WordPress account and use this to comment on my blog, this information will be available to myself and other readers. Their privacy policy is available here: https://en-gb.wordpress.org/about/privacy/. I use various web analytics tools to help analyse how users engage with the site. These tools use ‘cookies’. You have the ability to accept or decline cookies by modifying the settings in your browser. You can see the privacy policy for the web analytics tools I use here: https://yoast.com/privacy-policy/.

Working online: I use Zoom for online working because it is GDPR compliant and offers end-to-end encryption for video, audio, screen sharing, and chat content if we both use the Zoom app, and this ensures that our data is kept safe (see https://blog.zoom.us/facts-around-zoom-encryption-for-meetings-webinars/). You can find more about their privacy policy here: https://zoom.us/privacy

Personal information I collect on initial contact and consultations

  • Name/Telephone number/Email address (whatever contact details information shared)

 

I keep this information long term so that I can keep track of enquiries, manage my waiting list and track repeat enquiries. I may also make some notes on what we discuss if we have a consultation and I store these securely on Dropbox Paper (see below for their privacy policy).

Personal information I collect from clients

  • Name/DOB/Gender you identify as/Pronouns
  • Preferred contact number
  • Email address
  • Address (if agreed)
  • GP contact details (if agreed)

 

Other information: I keep track of the number of sessions we’ve had and our agreed fee and I may make notes on our sessions to maintain professional standards and for professional development such as accreditation. Further information about this is available on request. I also collect some information in relation to outdoor therapy that is relevant to assessing risk and is shared with you.

How I store information

Mobile Phone: I use a screen lock on my mobile phone and it is only accessible using a password. I store your name, contact number, email address on this (and address/GP contact details if we have agreed this is necessary). I keep track of our appointments with Google Calendar using your name, and information about their privacy policy is here: https://cloud.google.com/security/gdpr/. I use Dropbox Paper for making notes. Dropbox has their own privacy policy here: https://www.dropbox.com/en_GB/privacy.

Correspondence and records: Texts, emails and records of calls on my mobile phone are kept for the duration of our work together and deleted 12 months following the end of our work or last contact unless we discuss the possibility of continuing work together in future.

Zoom: A record of previous Zoom meeting details (your name/date/time and joining instructions) is held on my Zoom account for less than a month.

Documents held

Contract: Each client is issued with a copy at the start of our work together and a copy is held by me for reference in a secure place (either electronically on my laptop or a hard copy in a locked filing cabinet at my home). Any amended contracts are shared with you and also kept on my laptop which is password protected. I also hold a copy of the risk assessment we complete for outdoor work which forms part of the contract of how we are working together.

Session information: I keep a spreadsheet of information about the number of sessions we’ve had and the agreed cost of the session.

Other documents: At times, I am asked by clients to confirm they have attended sessions or write a letter in support of them. These are kept for the duration of our work together (stored on my lap top) and deleted 12 months following the end of our work or last contact unless we discuss the possibility of continuing work together in future.

How I transport information

For the most part, information I have about you is stored on my phone or my laptop. These are password protected, and only I have access to them. Where you sign a hard copy of our contract, this is transported to my home in my car.

How I share your information

Supervision: I attend monthly supervision to ensure my practice remains safe and ethical. Session details may be shared with my Supervisor. At times, I also attend peer supervision. In these instances, you are not directly identified and these people are bound by the same respect for your confidentiality.

Death and illness: In the event of my death or an illness that prevents me from contacting you, I have appointed someone who will contact you and support you in making alternate arrangements if this is what you want. Your name, contact details and the number of sessions we have had will be shared with this person and they are bound by the confidentiality agreed between us. This information is stored in Dropbox and their Privacy Policy is available here: https://www.dropbox.com/en_GB/privacy

Legal requests: If you discuss something in our work together that you later decide you want to take criminal action about then I may be requested to provide information.

ICO registration: ZA715478 (see http://www.ico.org.uk for further information)

Other considerations: If you call me, then this will appear on your bill and your telephone provider will also have a record of calls to and from you telephone even if you delete the information from your telephone. Your number will also appear on my telephone bill should I need to call you. If you pay by bank transfer, your details will be held by my bank, and may be visible to HMRC or other financial bodies should they request evidence of my income. My details will also be visible on your own banking records.

At any point in our work, you are welcome to ask for any information I hold about you and for any information that is incorrect to be rectified. If you have concerns about how your information is held or any objections to this policy, please get in touch (see contact page).

Last updated: 25/07/2021