Privacy Policy

Privacy Policy

The Data Protection Act 2018 (including GDPR) means that you have the right to know about what happens to information about you, this policy aims to be really clear about this.

This policy governs the way in which I collect, store and share information collected from clients. The lawful basis of this data collection is under legitimate interest. It applies to the practice, website, social media and services offered by me within my private practice.

Clients seeking therapy will be sent a link to this Privacy Policy where possible before therapy commences and a paper copy can be provided on request or where it is not possible to share a link or access the webpage.

Social media: I have social media accounts for my practice on Facebook, LinkedIn, Twitter and Instagram. If you make contact via any of these accounts, then data held will be subject to their privacy policies. Direct messages will be held for the duration of our work together and deleted 12 months following the end of our work.

Website: My website is run through WordPress, so if you already have a WordPress account and use this to comment on my blog, this information will be available to myself and other readers. Their privacy policy is available here: https://en-gb.wordpress.org/about/privacy/. I use various web analytics tools to help analyse how users use the site. These tools use ‘cookies’. You have the ability to accept or decline cookies by modifying the settings on your browser. You can see the privacy policy for this here: https://yoast.com/privacy-policy/.

Working online: I use Zoom for online working because it is GDPR compliant and offers end-to-end encryption for video, audio, screen sharing, and chat content if we both use the Zoom app, and this ensures that our data is kept safe (see https://blog.zoom.us/facts-around-zoom-encryption-for-meetings-webinars/). You can find more about their privacy policy here: https://zoom.us/privacy

Personal information I collect

  • Name/DOB/how you identify your gender
  • Preferred contact number
  • Email address
  • Address (if agreed)
  • GP contact details (if agreed)

 

Other information: I keep track of the number of sessions we’ve had and our agreed fee and at times I may make notes on our sessions to maintain professional standards and for professional development such as accreditation. Further information about this is available on request.

How I store information

Mobile Phone: My mobile phone is locked and is only accessible using a password. I store your name, contact number, email address (and address/GP contact details on this if we have agreed this is necessary). I keep track of our appointments with Google Calendar using your name, and information about their privacy policy is here: https://cloud.google.com/security/gdpr/. At times, I use Evernote for making notes. Evernote has their own privacy policy and information about GDPR here: https://evernote.com/privacy/gdpr.

Correspondence and records: Texts, emails and records of calls on my mobile phone are kept for the duration of our work together and deleted 12 months following the end of our work or last contact.

Zoom: A record of previous Zoom meeting details (your name/date/time and joining instructions) is held on my Zoom account for less than a month.

Documents held

Contract: Each client is issued with a copy at the start of our work together and a copy is held by me for reference in a secure place. Any amended contracts are also kept on my laptop which is password protected and shared with you.

Session information: I keep a spreadsheet of information about the number of sessions we’ve had and the agreed cost of the session.

Other documents: At times, I am asked by clients to confirm they have attended sessions or write a letter in support of them. These are kept for the duration of our work together (stored on my lap top) and deleted 12 months following the end of our work.

How I transport information

For the most part, information I have about you is stored on my phone or my laptop. These are password protected, and only I have access to them. Where you sign a contract, this is transported to my home in my car.

How I share your information

Supervision: I attend monthly supervision to ensure my practice remains safe and ethical. Session details may be shared with my Supervisor. At times, I also attend peer supervision. In these instances, you are not directly identified and these people are bound by the same respect for your confidentiality.

Death and illness: In the event of my death or an illness that prevents me from contacting you, I have appointed someone who will contact you and support you in making alternate arrangements if this is what you want. Your name, contact details and the number of sessions we have had will be shared with this person and they are bound by the confidentiality agreed between us. This information is stored in Dropbox and their Privacy Policy is available here: https://www.dropbox.com/en_GB/privacy

Legal requests: If you discuss something in our work together that you later decide you want to take criminal action about then I may be requested to provide information.

ICO registration: ZA715478 (see http://www.ico.org.uk for further information)

Other considerations: If you call me, then this will appear on your bill and your telephone provider will also have a record of calls to and from you telephone even if you delete the information from your telephone. Your number will also appear on my telephone bill should I need to call you. If you pay by bank transfer, your details will be held by my bank, and may be visible to HMRC or other financial bodies should they request evidence of my income. My details will also be visible on your own banking records.

At any point in our work, you are welcome to ask for any information I hold about you and for any information that is incorrect to be rectified. If you have concerns about how your information is held or any objections to this policy, please get in touch (see contact page).