I provide psychological assessment (including expert witness/medicolegal assessments), therapy and supervision services. This privacy notice provides information about the personal information I process about you as a data controller, in compliance with the General Data Protection Regulation (GDPR). My ICO registration number is A8272463. Please contact me at firstname.lastname@example.org with any questions or requests about the personal information I process.
1. What are your rights?
I am committed to protecting your rights to privacy. They include:
• The right to be informed about what I do with your personal data
• The right to have a copy of all the personal information I process about you
• The right to rectification of any inaccurate factual data I process, and to add to the information I hold about you if it is incomplete
• The right to be forgotten and your personal data destroyed
• The right to restrict the processing of your personal data
• The right to object to the processing I carry out based on legitimate interest
2. Why do I collect information about you?
I will collect information about you if you are a client, patient or supervisee. This includes you if you are an individual I assess as part of a legal or litigation claim.
I process data because it is in the legitimate interests as a Clinical Psychologist or expert witness to do so. I need to see and analyse documents containing this information in order to provide psychological services.
As a client or patient my lawful reason for processing “special category data” is that it is necessary for the purposes of the provision of health or social care or treatment.
Another lawful reason for me processing your data may be Legal Obligation. If I am processing “special category data” about you, this is my second lawful reason to do so. This is likely to apply if you are being assessed as part of a litigation claim.
3. What information do I collect about you?
For potential clients enquiring regarding psychological assessment and/or therapy
* Phone number
* Email address
* Details of who is funding your therapy, e.g. insurance company or self funding
* Your description of presenting difficulties (this is not required but it is something you may wish to share, along with any other personal details you consider relevant at this point – please note that if sharing this via email that this is not guaranteed to be completely secure, so you are responsible for any additional information you share through this medium besides the requirements of your name and phone or email address)
Please note, if your therapy is funded externally I may receive information about you, including other health information or assessment reports, from the company funding your therapy in order to arrange therapy with you.
For clients engaging in a contract of psychological assessment and/or therapy
* A client registration form with these details:
- Title (so I know how to address you)
- Phone number
- Email address
- Date of birth (to help identify you in case data needs to be shared in a risk situation, as outlined below)
– Address (in case needed for invoicing purposes or in case of a risk situation, as outlined below)
- GP name and address (in case of a risk situation, as outlined below)
- Whether or not you consent to receive text reminders for appointments through the service 10 to 8.
- Insurer details (if applicable)
* Psychometric questionnaire scores
* Notes I make from your assessment session
* Notes I make from any attended therapy sessions
* Payment details / invoices (if applicable)
* Psychological reports I write for any relevant third parties, e.g. health insurers, solicitors (if applicable)
For medico-legal clients
* Your name, address, phone number and email address
* Details regarding your claim, e.g. the nature of the accident and its impact upon you
* Psychological history and current difficulties.
* Any current or historical use of substances, including alcohol
* Medical records from applicable sources, e.g. GP records, hospital records
* Relevant assessment reports that relate to your claim, e.g. by other health professionals
* Psychometric questionnaire scores
* My expert report
I may be given some of this information from your solicitor or the party instructing me for the purposes of litigation, and some of this information will be collected directly from you. In many cases, an individual has consented to the transfer of their personal data to me. Where an individual has consented, he or she may withdraw it by notifying me at email@example.com
* Your name, address, email address and telephone number
* Professional body registration details
* Personal data in supervision contracts
* Personal and sensitive data relating to professional practice (taking the initials or first name of any clients you discuss)
* Your payment details / invoices
4. How do I store the information about you and how long is it stored for?
In compliance with Article 32 of the General Data Protection Regulation, I have implemented appropriate and reasonable physical, organisational and technical measures to ensure the rights to privacy of all data collected about individuals is protected when stored through the following methods:
* Phone: Your name and phone number will be stored as a contact on my phone, so I can contact you if required. The phone is password protected. I will delete these details within a week of you confirming you are stopping using my services, unless you then consent for me to hold these details for longer (e.g. if you think you may want further sessions in the future and would like me to be able to contact you about this). If I do not hear back from you about continuing with any psychological services, then I will delete these details after a month.
* Email: If you contact me through email (directly, via the website or via Counselling Directory) then your email address and the content of your email will be stored on the email server, gmail, as will any emails received from a third party regarding you. Any content considered beneficial to keep for the provision of psychological services will be copied into an encrypted document. All emails will then be deleted within a month of receipt.
* Notes and documents: All notes, documents, invoices and reports will be stored as encrypted documents on my laptop, which is password protected. All documents are periodically backed up on Microsoft OneDrive, which is GDPR compliant. In line with British Psychological Society guidelines and professional indemnity requirements, this data will be stored for seven years after the end of therapy or for seven years after the age of 18 years for clients under the age of 18 years at the time of service end. Any paper copies of these documents will be stored in a locked cabinet during therapy and shredded at the end of your engagement with me. Medical records received for medico-legal clients will be returned to the solicitor within three months of the date of my report.
* Online diary system: For therapy clients, your name and phone number will also be stored on the online diary system 10 to 8, which enables me to plan and record appointments with you, send text message reminders of appointments (if you consent specifically to this) and keep a record of your payments for tax purposes. This service is GDPR compliant and you can find more information on the service help page: https://10to8.com/diary/sgzgon-free/#/help/ In line with HMRC guidelines, your data will be stored on this system for six years.
* Bank statements: If you pay through bank transfer then your name will be recorded on my nationwide bank statements. You can request to enter an alternative ID.
5. Who do I share your personal information with?
Your information is kept confidential wherever possible, but your information may need to be shared in certain circumstances. In most circumstances, I will not disclose personal data without consent.
Psychological assessment and/or therapy clients
* I am required professionally to have supervision of my clinical work. I will only share your first name or initials (whichever I consider least identifiable). The supervisor does not live or work in the same geographical area as myself.
* Your information may be shared with outside organisations if they are directly involved in your care/case, e.g. your insurer if they are funding your treatment. I will discuss with you who I would discuss your care with, and what details I would share with them. All reports or invoices sent about you to a third party will be emailed as encrypted documents, with passwords sent separately.
* If I believe that you are at serious risk of harm, either from yourself or others, I will share your information with an appropriate professional (e.g. GP, mental health service, or emergency service). Where possible I will inform you of this in advance.
* If I become aware of your intent to cause harm to another person/organisation, the law may require that I inform an authority without seeking your permission. In such a situation, the law may require that I share your personal information without your knowledge.
* The expert witness report and invoice with your name, date of birth and address are shared with the solicitor who has instructed me as an encrypted document.
* Data about you and your practice will only be shared with a third party if I am legally or ethically obliged to do so (e.g. if instructed to by the Court or if I have concerns about malpractice and need to report to a professional body).
6. How can you access your information and correct it if necessary?
You can request verbally or in writing for the following details about your information:
• A description of all data I hold about you
• Information regarding how it was obtained (if not supplied by you)
• For what purposes I am holding it
• What categories of personal data is concerned
• Who your information could be disclosed to
• The retention periods of the data
• A copy of the information in an intelligible electronic form, unless otherwise requested
You may ask me to correct or remove information you think is inaccurate. For medico-legal enquiries regarding correction, please refer enquiries through your solicitor.
7. Right to erasure, otherwise known as the right to be forgotten
Under GDPR, you may have the right for information to be erased if this is within professional and legal parameters.
8. Complaints or queries
I try to meet the highest standards when collecting and using personal information. For this reason, I take any complaints I receive about this very seriously. I encourage people to bring it to my attention if they think that my collection or use of information is unfair, misleading or inappropriate. I would also welcome any suggestions for improving procedures. If you do have a complaint, contact me via phone (07544187605), email (firstname.lastname@example.org) or in writing (C/O The Turner Centre, 52 North Hill, Colchester, CO1 1PY)
If you are not satisfied with the response from me or believe I am not processing your personal data in accordance with the law, you have the right to raise your complaint with the Information Commissioner’s Office (ICO)
9. How do I deal with data breaches
Breaches which carry any risk to data subjects will be reported to the Information Commissioner's Office (ICO) within 72 hours, together with a summary of the nature of the breach, the steps taken to reduce the risk to data subjects, and measures to prevent the breach from happening again. The company has a data breach policy. If the risk to you is high, it will be reported to you individually if possible.