The General Data Protection Regulation (GDPR) is the most significant piece of privacy and data protection in twenty years. It takes effect on 25th May 2018 and from that date I am required to ensure that I gain data protection and privacy consent from you. Your consent is sought at the end of this notice.
This Privacy Notice explains how I, Lorraine Price, use and protect any information that you give me when you inquire about and/or use my psychotherapy services. I am registered with the Information Commissioner's Office (ICO) for safe keeping of this information. I understand GDPR practices and abide by them.
I am committed to ensuring that your privacy is protected. Should I ask you to provide certain information by which you can be identified then it will only be used in accordance with this privacy statement.
Information I may collect
You may give me information about you such as, but not limited to: name, address, email, phone number, date of birth, GP contact details, brief information about you and your immediate family member(s) mental health history, family and support structures, medications prescribed and non-prescribed, eating and sleeping patterns, and goals for therapy.
I will record session attendance and a may keep a brief general overview of what was covered in a session.
Why is data processed and stored?
- To manage relationship with you
- To fulfil contract
- To deliver service
- To manage payments
- To manage sensitive data as (UKCP) healthcare professional
- To fulfil legal duties
- To keep records
- To ensure safeguarding
- To comply with professional regulations and standards
How is data processed and stored?
Electronically in accordance with GDPR. Computer storage of minimal data, such as emails from you, is password protected. Paper files are securely stored in a locked filing cabinet. Mobile phone contact details are held on a password protected mobile device.
When is data processed and stored?
During our contract.
When it is in your best interest eg to fulfil contract.
When I have a legal duty eg. safeguarding concerns.
When it is in my legitimate interest ie running business, paying taxes.
When you consent.
How long and why is data kept?
When we have finished our work together your information will be put into archive storage, and subject to restricted processing. Records will be retained in line with my insurance company and governing body policies. Retention is a legal duty, necessary in case there are legal proceedings or complaints for which documentation is required. Records will be disposed of/deleted securely according to legal requirement.
Disclosure of your information
Any information I record about you is confidential and collected in order to carry out my professional and contractual obligations during our therapeutic relationship.
I maintain confidentiality in accordance with the UK Council for Psychotherapy (UKCP) Ethical principles and code of Professional Conduct – this can be viewed at https://www.psychotherapy.org.uk/registers-standards/standards-guidance-and-policies
If I have safeguarding concerns regarding either yourself, children, or other people that you are in contact with, I may need to share this information with other agencies. I will look to gain your consent if these situations arise, but I retain the right to break confidentiality without prior consultation with you, should I consider that the urgency of the situation requires me to act immediately to safeguard the physical safety of yourself or others.
I am obliged to share information if the courts order me to do so. Your consent will be sought where possible, and in writing. I have a legal obligation to report any information that relates to terrorism, money laundering and radicalisation.
Access to information
You can request access to the personal information that I hold about you, and you can transfer that information to a third party if you wish. I will provide this, except in the limited circumstances in which I am permitted not to. You may request amendments to the personal information that I hold about you that is inaccurate or out-of-date. If you request that I delete your personal information, I will take all reasonable steps to do so unless I need to keep it for legal, auditing or internal business purposes.
Complaints, questions, comments and access requests should be addressed to Dr. Lorraine Price at email@example.com
You can contact the ICO on 0303 123 1113, or find other ways to contact the ICO via ico.org.uk