General Data Protection Regulation (GDPR)
Under GDPR, you have certain rights:
The right to be informed.
The right of access.
The right to rectification.
The right to erasure.
The right to restrict processing.
The right to data portability.
The right to object.
Under GDPR, I must have a lawful basis for holding and processing your personal data. If you contact me because you are considering therapy then I use the lawful basis of contract to use your information as necessary for the performance of our contract. If you have had therapy with me and it has ended, I use legitimate interest as the lawful basis for holding and using your personal information.
The GDPR also makes sure that we look after any sensitive personal information that you may disclose to me appropriately. This type of information is called special category personal information. The lawful basis for me processing any special categories of personal information is that it is for the provision of therapy and necessary for a contract with a therapist.
Information I collect about you and how I use it
When enquiring about therapy, basic personal information will be collected for contact and identification purposes. I need to keep your contact details to be able to get in touch with you to offer or alter appointments.
I collect and store personal information such as name, email address, phone number, date of birth, address and name of GP - I would only contact your GP under certain circumstances.
Under GDPR the lawful basis I use for storing and processing your personal data is contract. This is because I am providing you with a service and I require information to be able to provide you with that service.
How I keep and use your data
Your phone number and email address are stored in my phone, which is password protected, for purposes described above. Your client agreement is kept in a locked file cabinet.
I you use the contact form on this website to make an enquiry, your information is kept securely on a password protected laptop.
In accordance with insurance guidelines, I keep client agreements and any notes attached to them for 7 years after therapy has ended, after which time they will be destroyed.
If you would like to amend any of the contact details we hold about you, please email email@example.com and I will amend your records.
Clients may sometimes wish to exercise their rights under GDPR and request a copy of any data I hold about you. If you wish to obtain a copy of some or all of your information, please put your request in an email to firstname.lastname@example.org and I will respond to your request within 30 days.
I take your privacy seriously and will take all reasonable steps to ensure the protection of your data. In the event of a data breach I would follow GDPR guidelines and notify you and the ICO within 72 hours.
Under GDPR guidelines, you have the right to be forgotten and your information deleted. Please note that your right to be forgotten may not override the legal requirements of mandatory periods. You can request a copy of any data held about you by submitting a subject access request as detailed above.