Data Processing means  obtaining, recording or holding information. The definition is very wide, and most of what I do involves a degree of processing. I  process the personal data I have collected as controller. I maintain records of personal data and processing activities and hold responsibility should there be a breach.

Consent:  This is a primary concern and is separate to other terms and conditions. As my client, you can withdraw consent at any time. I hope to offer you choice and control. As a clinical therapist and supervisor who occasionally uses creative interventions, I want to ensure you know that any drawings or art done in session is yours. A copy may be kept in your data by agreement and will be stored safely and disposed of in a timely manner. I will never use any of your data/artworks for writing, publishing, research or training purposes.

I have monthly ongoing supervision to support and ensure my practice is safe. When I share client material this is always done confidentially, protecting your identity. I name my own supervisors in my supervision agreement to be transparent to those I supervise. Nobody but me has access to any of your data. I will keep this process under review and refresh it if anything changes.

Note keeping:  I do not keep process notes. I keep minimal content notes which I hold for seven years. After this time frame, they're disposed of securely. You have a right to see the information I hold about you should you wish to. You have a right to change any information which you consider to be incorrect. You can also ask me to delete all/any of the information that I hold. There are however some details I need to keep due to legal and professional obligations.

Data Storage:  I promise to keep all sensitive data safely. This involves my anonymising, using passwords and encrypted documents. I keep all sensitive data in a lockable storage facility. I dispose of data by cross cut shredder. I dispose of emails on an appropriate basis eg those with clinical content are maintained as part of your data as part of legal and professional obligations.

While we work together I will store your name and phone number on my smartphone. I only contact you in response to you or concerning appointments. When we discontinue working I will delete your number. I do not engage with clients through any social media.

In the event of a complaint:  Please contact me directly. And if we cannot resolve this you could then contact the Information Commissioner Office ( ICO). I am registered with them and my reference is A       .

https://ico.org.uk/concerns/handling/ or Guidance for GDPR Compliance.

Clinical will:  In the event of a sudden cessation of practice eg through an accident, illness, or death, I have appointed a clinical professional executor who will manage things on my behalf. This is arranged for your welfare as my client and every step is taken to ensure GDPR standards are met.

Your data held through my website with 1&1 consists of:

Name

Email Address

Message (the words you typed into the online form)

Email contents and attachments.

Email, electronic and online privacy:  My web site is protected by a Secure Sockets Layer (SSL) certificate which means that transferred data has a level of level of encryption that is particilarly important for the exchange of sensitive data.  You can identify my website is protected by the SSL protocol by checking the URL address displayed in the browser starts with https:// or "lock icon".

SSL encryption may help to increase your trust in my website.  The encryption strength is up to 256 bits, but the encryption strength actually used between the server and browser is set at the beginning of a session both need to support 256 bits. Otherwise, the next lower level is automatically chosen. For this reason, you advised to always use the latest version of your browser.  1&1 SSL certificates are provided in collaboration with market leader in security technologies, Symantec™.

My computer is protected by firewall and a secure router. The computer is password protected and has a screen saver which times out when inactive after 10 minutes. Data storeage includes any letters that you may have requested I raise on your behalf with your involvement and consent.

Mobile: my smartphone will store your mobile number and your texts. It is password protected and the screen is secured after 60 seconds inactivity.

Hardcopy data privacy: you may have completed some assessment forms for your first session with me and the content is listed below. You were invited to provide information about yourself that you felt would be relevant to me providing you with psychotherapeutic services. Hardcopy materials are kept in lockable storeage.

1. Self-Report Questionnaire:
   1. who to contact if you are at risk (explained in the working agreement) and any risks to you both historical and present;
   2. your current difficulties, the symptoms you experience and over time. What treatment you sought and how this helped or didn’t help you.
   3. What your experience of your daily life is like and your commitments
   4. who supports you now (eg your partner) and was/is in your life and a brief introduction to your family members and quality of your relationship with them.
   5. If you experience any risk behaviours or you or your child(ren) are at risk from other’s behaviour(s)
   6. Whether you are being supported by prescription medication(s), or risk issues eg prescription medication misuse or your use of recreational drugs or over the counter medications.
2. Assessment Screeners:
   1. PHQ-9: measures your levels of low mood
   2. GAD7: measures your levels of anxiety
   3. Robson Self Concept Questionnaire: gives an indication about how you feel about yourself.
   4. CORE-10: measure your levels of distress.
   5. AQ10: a referral guide for Autistic Spectrum Conditions as this group of individuals commonly find engaging in psychological therapies challenging. Knowing if someone may have these challenges enables me to discuss and offer a modified psychological therapy to anyone scoring 7/10 or above.
   6. My Goals: what you would like to achieve in your sessions with me.
   7. EDEQ6: eating disorders screener which measures 4 aspects (restricting behaviours, eating concern, weight concern and shape concern)
   8. SEDS: Diagnostic tool for eating disorders to measure Anorexic and bulimic cognitions and behaviours plus measures on 4 underlying factors (perceived external control, assertion, self-esteem and self-directed hostility)

You are under no obligation to complete any of these questions and you may still have access to sessions with me. Please contact me on 07740 587822 if you would like to talk about the information in any of these documents and your concerns.

Your personal data will never be shared with third parties without first obtaining your consent, however, there are times when information, legally, has to be given even without your consent, these would include; child protection, prevention of harm to yourself or others, the investigation or prevention of serious crime including terrorism, or a Court Order.