General Data Protection Regulation (GDPR)
GDPR – Privacy Notice
Under the new GDPR guidelines, I have to inform you as my client about what, why, and how personal information is used, stored and disposed of. I hope the following information gives clarity of use;
Personal details, such as name, address, DOB, contact details, Gp details. All clients will be allocated a reference number within my personal filing system and the details listed above will be kept separate from any clinical / therapeutic information.
Private clinical / therapeutic
information, such as working agreement, assessment
information, background information, therapeutic information and any e mail
correspondence that’s relevant to your therapeutic process (this is usually
correspondence that you have sent to me) will be filed under an allocated reference
number, separate from personal contact details.
Personal details, these are held so that I am able to contact you if necessary and locate you within my own personal filing system or contact your G.P if necessary. (with consent unless under exceptional circumstances, such as you are at risk to self or others).
Private clinical / therapeutic information, Is a brief reminder of sessions , to record what work is completed or needs to be completed in future sessions.
Personal details, are used for contacting you directly. I will be keeping your mobile number on my phone in case I need to contact you when I am away from the paper copy records stored at my office. I will also store your e mail address in my contacts on my PC. ( unless you explicitly express that you do not want me to do so ) My phone and PC are PW protected.
I also produce invoices for remittance and am also required by HMIT to submit invoices for tax purposes. I need to be able to provide you with an invoice, you need to specify whether you wish to receive a paper copy or whether I have your permission to email you the invoice electronically. Some clients do not require an invoice and are happy to just bank transfer at the time of appointment.
My invoices to my accountant will only reference you by case or company ref in order to keep your identity private. Where I am invoicing to a company or LA I will adhere to their GDPR policy, i.e. reference you through the company’s allocated reference number so they can process accordingly.
I will not share your personal information with anyone unless I have your express consent to do so. If I do have permission to share information about you such as a report, I will password protect it prior to sending it electronically to the recipient who will need to phone me to obtain the password to open the document. If I am sending an e mail at your request or with your permission I will only use your initials, in order to try and maintain confidentiality on your behalf. However, in rare circumstances I need to break this confidentiality, if I feel that you are at risk to yourself or someone else or if I have been requested to share information by a court or legal process.
If you contact me directly in between sessions, I will acknowledge the e mail but discuss the content with you at the next session, this is to safeguard your personal information. This can be reviewed on a case by case basis and the privacy contract re visited.
I store all client details in a locked filing cabinet, I separate personal contact details from private case notes. The case notes are identified by a case ref number so that the personal details can’t be connected.
I do not retain any e mails or electronic documentation pertaining to you on my PC they are trashed and cleared periodically.
I keep records for 7 years after our work is complete or if you are a young person, I keep your records up to the age of 25. After that point I will shred all your notes.
PRIVACY NOTICE (Data Processing)
Who we are and how we process your personal data
FSK THERAPY complies with their obligations under the General Data Protection Regulation (GDPR) by keeping personal data up to date; by storing (and destroying it) securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We use your personal data for the following purposes
To deliver the services that clients have requested;
To contact my clients as necessary in accordance with the services they have requested;
To maintain my own accounts and records.
N.B. If any recorded data is used for research purposes, my own supervision or for the instruction or tuition of students, all such data will be sufficiently anonymised to the extent that individual clients cannot be identified. Should a client indicate that their data should not be used for these purposes, I would refrain from using that data.
Individual client data will never be passed to a
anyone else without your consent as the client. However, confidentiality may be
broken if my own safety or that of you the client, the client’s family members
or other members of the public is at risk, or if I am required by law to do so.
In accordance with my need to maintain the
possibility of access to client data as a result of returning clients or those
who may wish to lodge a complaint in respect of professional services to either
my professional body or my insurers (i.e. in all cases perhaps after a long
period of time has elapsed), I retain client data for a minimum period of 7
years. For clients under the age of 18, data will be retained until their 25th
birthday. The information will be shredded and deleted.
My Lawful Basis for processing client personal data
The client has given clear consent for me FSK THERAPY
to process their personal data for a specific purpose. Further, the
processing is necessary for both my client’s and my own legitimate interests.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following
rights with respect to your personal data:
The right to request a copy of your personal data which the I hold about
The right to request that I correct any personal data if it is found to be inaccurate or out of date;
The right to request your personal data is erased where it is no longer
necessary for me to retain such data;
The right to withdraw your consent to the processing at any time;
The right to request that I, (the data controller) provide you (data
subject), with your personal data and where possible, to transmit that data
directly to another data controller, (known as the right to data portability),
(where applicable) [N.B. This only applies where the processing is by
your consent or is necessary for the performance of a contract and if this is
the case, the data will be sent by automated means].
The right, where there is a dispute in relation to the accuracy or
processing of your personal data, to request a restriction is placed on further
The right to object to the processing of personal data, (where
applicable) [N.B. This only applies where processing is based on
legitimate interests (or the performance of a task in the public
interest/exercise of official authority); direct marketing and processing for
the purposes of scientific/historical research and statistics]
The right to lodge a complaint with the Information Commissioners
Office. (See below).
The client has the right to complain to the
Independent Commissioner’s Office (ICO) if they think there is a problem with
the way I am handling their data