GDPR and Privacy:
This privacy notice provides you with details of how we collect, store and process your data. All your personal information will be handled in line with the requirements of the General Data Protection Regulation (GDPR) 2018.
Data Protection [GDPR] Privacy Notice and Confidentiality
General Data Protection Regulations [GDPR], 2016
The GDPR replaces the 1998 Data Protection Act to ensure your personal and sensitive data is kept private and held securely and being processed as agreed with you. When we work together personal information is collected to help me provide safe and effective therapy for you.
Who am I and how I process your personal data
- My contact details are Joanne Waine, email firstname.lastname@example.org. I am the data controller and use your information to provide my best professional service to you.
- I collect information about you; i.e. the reason you are using the service; medical history and medical information; family situation; lifestyle; interests, and complete ongoing treatment records. The information is collected from you via telephone, email and/or during our face to face sessions.
- Your data will only be used/processed when there is a lawful reason to do so. I use your personal data to deliver therapy; to contact you before and between therapy sessions and to maintain my accounts and records. You will have given me clear consent for me to process your data, you have no legal requirement to share information, but this is necessary for safe and effective therapy.
- All hardcopy personal data is stored in a locked cabinet in a locked private building. My mobile phone is secured with a pin code, my email account has a user name and password. Card Payment details perhaps are not kept, except for my receipt which doesn’t show your whole card number.
How long will you hold my information for?
I will not keep your personal data for longer than is necessary. I must hold your data for a minimum of 8 years after your final session in line with my professional body, insurance and NHS regulations for holding data. After this time personal data will be destroyed by shredding or deletion if stored electronically.
I am the only person to access your information, your personal data will be treated as strictly confidential and not shared with any third parties. If there is an unforeseen need to share anything, this will be done with your permission. The exceptions to this are if there is a legal requirement for example a court order, you will have given specific permission, or if I have cause to believe that you, myself or others may be harmed if I do not disclose information to the appropriate authority. I may discuss anonymous/unidentifiable elements of our sessions for purpose of supervision to ensure I am working effectively.
Your rights and your personal data
Unless subject to an exemption under the GDPR you have the following rights with respect to your personal data:
- Rectification – if you think my records are incorrect or out of date you can ask me to change them.
- Portability – you can ask me, in writing, to send your information to someone else
- The right to request a copy of your personal data, by requesting it in writing.
- The right to request your personal data is erased where it is no longer necessary.
- The right to withdraw consent to the processing at any time
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing
- The right to object to the processing of personal data where applicable
- The right to lodge a complaint regarding data handling with the Information Commissioners office. https://ico.org.uk/concerns/