DATA PRIVACY STATEMENT
I would like to provide you with information about the information I collect, what I use it for, with whom I share it and what rights you have. This is in preparation for the EU’s new data privacy law, the General Data Protection Regulation (GDPR) which comes into force on May 25th 2018. This version of my privacy statement is dated May 24th 2018.
The types of personal data I collect so that we can be in contact whilst working together:
Contact information – such as name, address, phone number, email address.
Emergency contact number and person.
Background information as part of the initial assessment.
How I collect personal data:
From your initial inquiry via email I will take your email address and phone number – depending on how you have contacted me.
At our initial consultation appointment I will record your name, address, emergency contact number and G.P. details. These will be kept securely so that only I may access them.
Why I process your personal data and the legal basis for the processing
I may use your personal data for the following purposes:
To contact you with regard to making and re-secheduling appointments.
To have a record of some aspects of our work together.
Security of your personal data
I will take appropriate technical and organisational measures in line with applicable data protection laws to use appropriate measures to protect your personal data.
Storage of your Personal Data
I will store your personal data for as long as may be required by law, or as required under any contract. If there is no legal requirement, I will retain information about you only for so long as is necessary for the purposes for which it was collected – our work together.
How to contact me
The controller of your personal data is myself, Kathy Osborne.
If you want to exercise your data subject rights or if you have any other questions concerning this Data Privacy Statement, please submit your request to me directly.
Updates to this Data Privacy Statement
I may update this Data Privacy Statement as and when necessary. Any changes to this Data Privacy Statement will become effective as of the date it is published, or as otherwise required by law. You will be advised of any updates and changes. (Last updated on: 1st November , 2018).
Information About You.
In order for me to be able to fulfil my responsibilities as a psychotherapist I will need to record some personal information about you. This information includes your name, address and contact details, and GP practice. Under an identifying code I will also takes notes of ‘assessment information’, that is relevant medical information and aspects of your personal social and family history that you choose to share with me. This information will be retained in separate locations (keeping your name and contact details apart from the assessment notes) in password protected files, on a password protected computer which has virus protection software installed as well as being fully encrypted. I am the only person who will have access to this information unless there are circumstances where I am unable to contact you for some reason.
Your contact details alone will be shared in exceptional circumstances with a colleague in the event that I am incapacitated so that they can contact you to explain the situation. The details of this arrangement are set out in my professional will.
Your contact details will be used solely to contact you. Other personal data such as your name, address and/or date of birth will be used to verify your identify if there is a need to contact your G.P. or a request for access to personal data from yourself or your representative or legitimate legal instrument such as a court order. Your contact details will not be used for any other purposes.
This personal information will be held for a period of three years after the cessation of our therapeutic relationship, except where there is a mutually agreed decision to retain it for longer or where I believe that it is in my best professional interests to do so. We will have agreed to this.
Information about our Work Together
I may make some notes of our work together under an identifying code. These notes when made will be a brief factual record of the session. The notes are held in a password-protected file in my password protected and encrypted computer to which no one else has access.
These notes will be held for a period of three years after the cessation of psychotherapy except where I agree with you to retain them for longer or where I believe that it is in my best professional interests to do so.
Records of Contact Between Us
I will hold your name and telephone number on my mobile phone until our work comes to an end and then I will delete it from my contact list. Appointments are kept in my digital calendar with initials. It is not available to anyone else and is coded.
If we agree to communicate by text or by email, these records are kept in the phone until they are deleted. My mobile phone is a smart phone and could therefore also have your texts, and email and email address available on it. The phone is password protected and details are stored in ‘the cloud’ so they can be restored if my phone is lost or stolen as well as destroyed through remote deletion. My suggestion is that we solely use email and texting for information exchanges related to times of sessions, lateness etc and not as a place for your personal process. If we agree on something more than that, then we would need to look at encryption applications. If you would like all emails to be encrypted I recommend using Protonmail which is a free app that we would both need to use to ensure emails are encrypted. Texts can be encrypted and sent via signal. Both have android and apple application options. Let me know if you would like to do this.
You have the right to ask to see any information held by me about you. To do this please either ask me, or submit a request in writing. You also have the right to ask for information that you believe to be incorrect to be rectified. I will endeavour to provide you with the information requested within four weeks.
If I become aware of a situation where your personal information may have accidentally or maliciously been obtained by a third party I will notify you within three days.
If you are concerned about the way that your information is being held please discuss this with me. If you are still unhappy you have the write to complain to the Information Commissioners Office.
Please sign this page to indicate that we have discussed and agreed how your personal information will be held for the purposes of psychotherapy and that there is permission to contact you via email and or phone.
If you would prefer encrypted email and or text messages please let me know.