I am committed to comply with the terms of the General Data Protection Regulation (GDPR) regarding the responsible and secure use of your personal data. I will need to process personal data in order to provide therapy and group classes and am therefore registered with the Information Commissioner's Office (ICO). The purpose of this statement is to let you know how I collect, use and manage your data. When you undertake psychological therapy with me or join group classes, you will be asked to consent to the processing of your data under the terms of this policy.
What information do I collect?
I collect personal data such as your name, date of birth, GP/medical
practitioner details, telephone number, email and Skype addresses. During the course of our work together, I will also learn about your personal and family background, alongside potentially sensitive data relating to medical and mental health conditions.
What do I use your information for?
To provide you with psychological therapy or teaching that is most appropriate for your needs.
To notify you about changes to your appointments or other services that I provide.
To fulfill any administrative, legal, ethical and contractual obligations.
What information do I share?
I will not share any information about you with other organisations or people, except in the following situations:
Consent – I will share information with relevant medical professionals or others whom you have requested or agreed I need to contact.
Serious harm – I may share your information with the relevant authorities if I have reason to believe that this may prevent serious harm being caused to you or another person.
Compliance with law – I may share information when the law requires me to - i.e. in case of safeguarding, terrorism, drug trafficking or serious crime.
Clinical Will– I have a clinical will which means in the event of sudden death or a serious accident or illness, a named colleague will be able to access the contact details of current clients to notify them.
Supervision– It is an ethical requirement for registered clinicians to have regular supervision to discuss their work. All my supervisors are registered clinicians bound by the same ethical framework.
How do I keep your information safe?
All information that you provide to me is stored as securely as possible. I take all reasonable precautions to prevent the loss, misuse or alteration of information given.
My process notes of our sessions are kept separate from your identifiable personal information.
All paper forms and correspondence are kept in locked filing cabinets. All electronic files are kept on password-protected devices with virus protection software.
Whilst I endeavor to keep my systems and communications protected against viruses and other harmful effects, I cannot bear responsibility for all communications being virus free.
Client notes and other documentation are destroyed seven years after the end of therapy.
Any known data breaches will be reported to the Information Commissioner's Office (ICO) within 72 hours.
Under the GDPR, you have the right to:
Access your personal data, rectify or restrict your data, object to the processing of your data, and /or request transfer of your data. Requests for personal data need to be made directly to me and will be supplied within one month.
You may withdraw consent for me to hold and process your data at any time. You can do this by stating this in an email to Grobler.email@example.com. However, if you do this while actively receiving therapy, we will need to discuss whether it is possible to continue treatment.
If you have any concerns about the way that I handle your data please contact me at Grobler.firstname.lastname@example.org. If you feel after this that your issue has not been resolved effectively, you have the right to contact the Information Commissioners Office (www.ico.org.uk)
Changes to this policy
This document is a work in progress and may be modified from time to time.