Privacy Policy

UK GDPR and Data Protection

​

• I keep information about you in order to provide you with a service, to process payments and for service improvement.
• I cannot work with you unless you allow me to keep records.
• I follow the law, and the codes of practice set down by the HCPC
• I have systems in place to protect your data.
• You are entitled to request a copy of your data free-of-charge, and to have
inaccurate information corrected.
• I aspire to the highest data privacy standards. If you have questions, concerns or
feedback then please let me know so that I can address them.
• You can complain to the Information Commissioners Office (ICO) if you think that I
am acting unlawfully: visit ico.org.uk/concerns or phone 0303 123 1113.

​

Why I keep information:
My professional registration requires me to keep information about my clients and the work that I do. I cannot offer you services unless you allow me to keep data about you and our work together.

The legal basis
I have what is known as a legitimate interest for keeping data. I am registered with the Information Commissioners Office (ICO) to do so. I follow the rules set down by my professional regulator (the Health and Care Professions Council; HCPC), and the British Psychological Society (BPS).

The information that I keep:
I keep personal data e.g. your name, address, phone number. I also keep sensitive data e.g. notes about our meetings, your gender, social history.

​

What I do with the information:
I use the data I collect for four reasons: (1) to provide you with services, (2) for billing and processing payments (3) to help prevent serious harm, (4) for service audit and improvement.

You have the right to:
o request details of all the information that I keep and to receive it within one month at no fee.
o have information corrected if you consider it inaccurate or incomplete.
o complain if you think that I am acting unlawfully (see The basics, above).

​

How long I keep data:
I keep client data throughout my work with clients and in line with professional guidance. All data is deleted after the ‘retention period’, and no later than the first working Monday of the January following it.
o For therapy clients aged 18 and over, the retention period is 7 years after the work has ended.
o For therapy clients aged under 18 after the work has ended, the retention period is 7 years after the client’s 18th birthday.
o For people enquiring about therapy (who do not become clients) the data retention period is 1 year.

​

Where I store data:
o in my online clinic management software: WriteUpp (writeupp.com)
o in my online accounting software (sage accounts)
o In my mobile phone
o In my email system
o In my email systems (outlook)

o Information from contact forms completed is stored within my website editing platform (Wix.com)
o My website uses cookies so that I can see how many people have visited and which pages are most popular. Google may send additional cookies if you use the google map links on the site. Cookies are anonymous and contain no personal data. You can turn cookies off in your website browser if you wish to.

​

How I keep data safe:
o WriteUpp data is encrypted in flight. This means that no one can read data being sent to, or coming from, my WriteUpp account. My account is locked with a strong password and two-step verification.
o My mobile phone is encrypted and, each time I use it, must be opened with a password.
o My email, website and accounting systems are secured with a password.
o Access to the analytics on my website are secured with a strong password.

Online meeting security:
o For online meetings I use Zoom, an end-to-end encrypted video calling service. If we agree to meet online you will need to download Zoom to your smartphone, computer or tablet.
o Zoom is free to download from the web (Zoom) or from your device app store; you can read more about how Zoom protects its users here: zoom.us/docs/enus/privacy-and-security.html.