I aim to be fully compliant
with current General Data Protection Regulation (GPDR) legislation and to let you know how I use and protect the data you’ve given me. GDPR replaces the previous Data Protection Act. I wish to be
transparent with regard to the processes I have in place. Identifiable information, if shared, will only be used in accordance with this privacy statement. I follow guidance from my governing
bodies, United Kingdom Council for Psychotherapy (UKCP) and my insurers Howden.
As a private clinical
practitioner and supervisor, I’m considered the data processor and controller in my practice. As the data controller, I process some of your personal data. During the assessment process
information such as GP, next of kin, family members and medication are gathered and held. This is anonymised, coded and securely stored. No one but me can access this information.
Data Processing
means obtaining, recording or holding information. The definition is very wide, and most of what I do involves a degree of processing. I process the
personal data I have collected as controller. I maintain records of personal data and processing activities and hold responsibility should there be a breach.
Consent: This is a primary concern and is separate
to other terms and conditions. As my client, you can withdraw consent at any time. I hope to offer you choice and control. As a clinical therapist and supervisor who occasionally uses creative
interventions, I want to ensure you know that any drawings or art done in session is yours. A copy may be kept in your data by agreement and will be stored safely and disposed of in a timely manner.
I will never use any of your data/artworks for writing, publishing, research or training purposes.
I have monthly ongoing
supervision to support and ensure my practice is safe. When I share client material this is always done confidentially, protecting your identity. I name my own supervisors in my supervision agreement
to be transparent to those I supervise. Nobody but me has access to any of your data. I will keep this process under review and refresh it if anything changes.
Note keeping: I do not keep process notes. I keep minimal
content notes which I hold for seven years. After this time frame, they're disposed of securely. You have a right to see the information I hold about you should you wish to. You have a right
to change any information which you consider to be incorrect. You can also ask me to delete all/any of the information that I hold. There are however some details I need to keep due to legal and
professional obligations.
Data Storage: I promise to keep all sensitive data safely. This
involves my anonymising, using passwords and encrypted documents. I keep all sensitive data in a lockable storage facility. I dispose of data by cross cut shredder. I dispose of emails on an
appropriate basis eg those with clinical content are maintained as part of your data as part of legal and professional obligations.
While we work together I will
store your name and phone number on my smartphone. I only contact you in response to you or concerning appointments. When we discontinue working I will delete your number. I do not engage with
clients through any social media.
In the event of a
complaint: Please contact me directly. And if we cannot resolve this you could then
contact the Information Commissioner Office ( ICO). I am registered with them and my reference is A .
https://ico.org.uk/concerns/handling/ or Guidance for GDPR Compliance.
Clinical will: In the event of a sudden cessation of practice eg through an accident, illness, or death, I have appointed a clinical
professional executor who will manage things on my behalf. This is arranged for your welfare as my client and every step is taken to ensure GDPR standards are met.
Your data held through my website with 1&1 consists of:
Name
Email Address
Message (the words you typed into the online form)
Email contents and attachments.
Email, electronic and online
privacy: My web site is protected by a
Secure Sockets Layer (SSL)
certificate which means that transferred data has a level of level of encryption that is particilarly important for the exchange of sensitive data. You can identify my website is protected
by the SSL protocol by checking the URL address displayed in the browser starts with https:// or "lock
icon".
SSL encryption may help to increase your trust in my website. The
encryption strength is up to 256 bits, but the encryption strength actually used between the server and browser is set at the beginning of a session both need to support 256 bits. Otherwise,
the next lower level is automatically chosen. For this reason, you advised to always use the latest version of your browser. 1&1 SSL certificates are provided in collaboration with market leader in security technologies,
Symantec™.
My computer is protected by
firewall and a secure router. The computer is password protected and has a screen saver which times out when inactive after 10 minutes. Data storeage includes any letters that you may have requested
I raise on your behalf with your involvement and consent.
Mobile: my smartphone will store your mobile number and your texts. It is password protected and
the screen is secured after 60 seconds inactivity.
Hardcopy data privacy: you may have completed some assessment forms for your first session with me and the content is listed below. You
were invited to provide information about yourself that you felt would be relevant to me providing you with psychotherapeutic services. Hardcopy materials are kept in lockable storeage.
- Self-Report Questionnaire:
- who to contact if you are at risk (explained in the working agreement) and any risks to you both historical and
present;
- your current difficulties, the symptoms you experience and over time. What treatment you sought and how this helped or didn’t help
you.
- What your experience of your daily life is like and your commitments
- who supports you now (eg your partner) and was/is in your life and a brief introduction to your family members and quality of your
relationship with them.
- If you experience any risk behaviours or you or your child(ren) are at risk from other’s behaviour(s)
- Whether you are being supported by prescription medication(s), or risk issues eg prescription medication misuse or your use of
recreational drugs or over the counter medications.
- Assessment Screeners:
- PHQ-9: measures your levels of low mood
- GAD7: measures your levels of anxiety
- Robson Self Concept Questionnaire: gives an indication about how you feel about yourself.
- CORE-10: measure your levels of distress.
- AQ10: a referral guide for Autistic Spectrum Conditions as this group of individuals commonly find engaging in psychological therapies
challenging. Knowing if someone may have these challenges enables me to discuss and offer a modified psychological therapy to anyone scoring 7/10 or above.
- My Goals: what you would like to achieve in your sessions with me.
- EDEQ6: eating disorders screener which measures 4 aspects (restricting behaviours, eating concern, weight concern and shape
concern)
- SEDS: Diagnostic tool for eating disorders to measure Anorexic and bulimic cognitions and behaviours plus measures on 4 underlying
factors (perceived external control, assertion, self-esteem and self-directed hostility)
You are under no obligation to complete any of these
questions and you may still have access to sessions with me. Please contact me on 07740 587822 if you would like to talk about the information in any of these documents and your
concerns.
Your personal data will never be shared with third
parties without first obtaining your consent, however, there are times when information, legally, has to be given even without your consent, these would include; child protection,
prevention of harm to yourself or others, the investigation or prevention of serious crime including terrorism, or a Court Order.