Privacy Policy
Privacy Policy
I am aware of my obligations under the General Data Protection Regulation (GDPR) and am committed to protecting the privacy and security of your personal information. This privacy notice describes, in line with GDPR, how we collect and use personal data about you during and after your time as a client of this practice. It also sets out how we use that information, how long we keep it for and other relevant information about your data.
This notice applies to current and former clients.
Data protection principles
In relation to your personal data, I will comply with data protection law. This says that the personal information I hold about you must be:
-processed fairly, lawfully and in a clear, transparent way
-collected only for valid reasons that I find proper for the course of your time as a client and not used in any way that is incompatible with those purposes
-only used in the way that I have told you about
-accurate and up to date
-kept only as long as is necessary for the purposes I outline
-processed it in a way that ensures it will not be used for anything that you are not aware of or have consented to (as appropriate), lost or destroyed
-kept securely
Client Data
All clients in a therapeutic contract with Be Kind To Yourself Therapy have their personal data stored in a variety of ways. Personal data stored is: Full name, contact phone number; emergency contact phone number; email address; physical address; GP name, address and contact details; date of birth; gender, occupation; employment status; medication and fee level. Data about partners and/or dependants include relationship length and status; age; gender and occupation.
The above data (known as the client registration form) is stored and collected via soft copy format that is password protected.
Client Notes
In addition to the above, I may make and keep brief weekly client session notes in a paper format accessible only by me. Online and phone access is password protected and known only by me. Personal data is not used or referred to in the making of client notes.
I am obliged to keep all client session notes for 6 years. These are kept and maintained online under password protection known only by me and then deleted once 6 years has passed.
Each client has assigned a unique ‘client code number’ as a client-identifying reference in place of your name when making session notes. In order to correctly match clients to their appropriate session notes, I keep a separate online ‘file key’ with your full name and assigned code number together. This enables me to identify clients where the contract has long ended. This file is kept for 6 years and under additional security password protection to ensure that both the ‘key’ and the session notes cannot be accessed with the same password.
Keeping of Client Data
Client registration forms are kept securely online and are password protected throughout the duration of the therapeutic contract (except a separate recording or ‘record log’ of your name and contact number which is to be accessed by a nominated person other than me, to contact you in the event of my incapacitation or death). Client registrations forms and record logs are destroyed once the therapeutic contract has ended.
Any personal data stored in an online format is kept securely under password protection known only by me throughout the duration of the therapeutic contract and is deleted once the therapeutic contract has ended. *, with some exceptions (see below).
Confidentiality and Anonymity
My therapeutic contract with you stipulates that all sessions are confidential with the exception* of the following:
-If I assess you to be at risk of harm to yourself or others
-If I assess that you are involved in or have information about others involved in terrorism
-In medical emergencies
-To fulfil legal requirements
Supervision
I share some contextual details of the therapeutic relationship with my supervisor, who is bound by the same ethical agreements as me, and only your first name is declared for the benefit of the supervisory session. My supervisor throughout the duration of our therapeutic contract keeps brief supervision notes and my supervisor knows only your first name. Only under extreme circumstances stated above, will confidentiality be broken.
I also keep a Supervisory Log in order to assess how I allocate my client load within the supervision session. It is kept online under the same protection protocol as stated above for online personal data. Only your first name appears on this log and it is kept as an on-going document throughout my contract with my supervisor and will be deleted when my supervisory relationship ends, or after 6 years, whichever is sooner.
Website
I do not collect any personal data from visitors to my website unless they fill in my contact form. In this situation, any personal information given is stored in my emails and the admin section of my website. Both of these areas are secure and are password protected.
Your rights in relation to your data
The law on data protection gives you certain rights in relation to the data I hold on you:
• the right of access. You have the right to access the data that I hold on you. To do so, you should make a subject access request.
• the right for any inaccuracies to be corrected. If any data that I hold about you is incomplete or inaccurate, you can request I to correct it.
• the right to be informed. This means that I must tell you how I use your data, and this is the purpose of this privacy notice. I also must inform you of any changes to how we use your data.
• the right to have information deleted. If you would like me to stop processing your data, you have the right to ask me to delete it from my systems where you believe there is no reason for me to continue processing it.
• the right to restrict the processing of the data. For example, if you believe the data I hold is incorrect, I will stop processing the data (whilst still holding it) until I have ensured that the data is correct.
• the right to portability. You may request to transfer the data that I hold on you for your own purposes. If you want to access your data, review, verify or correct your data, request I erase your personal information, object to the processing of your personal data, or request that I transfer a copy of your personal information to another party, please contact me via email
What I may need from you
I may need to request specific information from you to help confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Right to withdraw consent
Where you have provided consent to the collection, processing and transfer of your data, you have the right to withdraw that consent at any time. There will be no consequences for withdrawing your consent. However, in some cases, I may continue to use the data where so permitted by having a legitimate legal reason for doing so.
To withdraw consent, contact [email protected]
Email Collection and GDPR Compliance
By providing your email address, you are giving your explicit consent to be added to our mailing list. In accordance with the UK General Data Protection Regulation (GDPR), this means you agree to receive emails from us that may include updates, resources, offers, and promotional content related to our services. Your personal data will be processed lawfully, fairly and transparently, and will never be sold or shared with third parties without your consent, unless required by law. You have the right the right to withdraw your consent at any time by clicking the unsubscribe link in our emails or by contacting us directly.
Making a complaint
If you have any questions about this Privacy Notice or how we handle your information, please contact me in my role of Data Protection Officer at
You have the right to make a complaint at any time to the supervisory authority in the UK for data protection matters, the Information Commissioner’s Office (ICO).
