Privacy Policy

General Data Protection Regulation (GDPR)

This EU legislation that took effect in May 2018. It is a GDPR requirement that a privacy policy be provided to all clients. This privacy policy details what information I hold about you and how I am permitted to use it. For more information, please visit the Information Commissioners Office website at www.ico.org.uk.

Under GDPR, you have certain rights:

  • The right to be informed.

  • The right of access.

  • The right to rectification.

  • The right to erasure.

  • The right to restrict processing.

  • The right to data portability.

  • The right to object.

This privacy policy aims to cover all of these rights and explain how I keep your data. When you make a first appointment I will email you a client agreement which includes information about confidentiality and data usage. This client agreement will need to be completed and returned to me when you begin therapy.

Under GDPR, I must have a lawful basis for holding and processing your personal data. If you contact me because you are considering therapy then I use the lawful basis of contract to use your information as necessary for the performance of our contract. If you have had therapy with me and it has ended, I use legitimate interest as the lawful basis for holding and using your personal information.

The GDPR also makes sure that we look after any sensitive personal information that you may disclose to me appropriately. This type of information is called special category personal information. The lawful basis for me processing any special categories of personal information is that it is for the provision of therapy and necessary for a contract with a therapist.

Information I collect about you and how I use it

When enquiring about therapy, basic personal information will be collected for contact and identification purposes. I need to keep your contact details to be able to get in touch with you to offer or alter appointments.

 

I collect and store personal information such as name, email address, phone number, date of birth, address and name of GP - I would only contact your GP under certain circumstances.

 

Under GDPR the lawful basis I use for storing and processing your personal data is contract. This is because I am providing you with a service and I require information to be able to provide you with that service.

How I keep and use your data

Your phone number and email address are stored in my phone, which is password protected, for purposes described above. Your client agreement is kept in a locked file cabinet.

I you use the contact form on this website to make an enquiry, your information is kept securely on a password protected laptop.

In accordance with insurance guidelines, I keep client agreements and any notes attached to them for 7 years after therapy has ended, after which time they will be destroyed.

Your rights

If you would like to amend any of the contact details we hold about you, please email lpomfret987@hotmail.com and I will amend your records.

Clients may sometimes wish to exercise their rights under GDPR and request a copy of any data I hold about you. If you wish to obtain a copy of some or all of your information, please put your request in an email to lpomfret987@hotmail.com and I will respond to your request within 30 days.

I take your privacy seriously and will take all reasonable steps to ensure the protection of your data. In the event of a data breach I would follow GDPR guidelines and notify you and the ICO within 72 hours.

Under GDPR guidelines, you have the right to be forgotten and your information deleted. Please note that your right to be forgotten may not override the legal requirements of mandatory periods. You can request a copy of any data held about you by submitting a subject access request as detailed above.

 

Logo.png