Privacy Policy

The following constitutes my Privacy Policy for working with people both face-to-face and online.

I treat all of your personal information as confidential. The only exceptions are ion learning about a child or vulnerable adult were at risk of harm,  or if I were legally obliged to do so (e.g. terrorism), and wherever possible I would discuss this with you first.

I may discuss your case with my supervisor in anonymised form. Supervision is a requirement of professional practice in the UK.

Confidentiality & Security at My End


I take the following precautions to protect your data and confidentiality:
 

  • I do not store personal data on paper. Any forms that you complete or notes that I make on paper are transferred to computer immediately after a session and then destroyed.
     

  • My computer is password protected with a complex password. A complex password is one adhering to the following rules: at least 12 characters long, containing uppercase and lowercase characters, at least one number, and at least one special character, e.g. £ or $.
     

  • In addition, my computer and other storage devices are all encrypted.
     

  • Data is backed up to external storage devices that are also encrypted.
     

  • All of my computer equipment is physically accessible only by me.
     

  • I adhere to the principles of the GDPR and Data Protection Act 2018 and am registered with the Information Commissioners Office (ICO), see https://ico.org.uk/ESDWebPages/Entry/ZA318370
     

  • I process data for three main purposes: therapy, education, and research. However, I will not use your personal data for research purposes without your prior consent.

 

The lawful basis for retaining client data is a) consent, and b) processing of special category personal data is necessary for the provision of healthcare. I retain data for the following periods:

Category of Data

Client notes and contact details.

 

 

 

Finanical records.

 

Research data.

Retention Period

8 years from the date of the last session.

 

 

 

7 years from date of the last transaction.

 

12 months fater completion or publication of the research study.

Purpose

To facilitate clients who wish to return to work with me and pick up from where they left off. This is also a requirement of my insurers & the CNHC.

To meet financial regulations and requirements for tax purposes, etc.

To assist in answering follow-up queries about the research.

There may be exceptions to the above where you have consented for me to keep your personal data for a specific purpose, e.g. email reminders about peer-support groups or your willingness to participate in future research. This will be made clear to you at the time and you are free to opt out of these at any time by letting me know.

I am happy to facilitate requests to see any data that I may hold that relates to you. Please just contact me if you wish to do this. However, it may be necessary for me to verify your identity to avoid releasing personal data to people who do not have a right to see it.

Confidentiality & Security at Your End

When working online, it is important that you take steps to ensure data security and confidentiality at your end. It is my responsibility to make you aware of this and provide some basic guidance. In general I recommend that you familiarise yourself with the topics covered at www.getsafeonline.org

 

  • Avoid using any public computer, e.g. in a library or Internet café, or even your own mobile device on a bus or train. People may be looking over your shoulder and public computers, as well as private ones, usually keep records of websites visited and usernames and passwords.
     

  • Protect your computer and other devices with a complex password. A complex password is one adhering to the following rules: at least 8 characters long, containing uppercase and lowercase characters, at least one number, and at least one special character, e.g. £ or $.
     

  • Do not share your password with anyone.
     

  • Ideally, ensure that your computer or other devices are encrypted. Some technical knowledge may be required to encrypt your computer. However, most up-to-date mobile devices have a tick box to turn encryption on in their settings.
     

  • Consider who else, e.g. friends or family, may have physical access to your computer or other devices and set up a private user account wherever possible.
     

  • To prevent other people seeing where you have been online, consider turning off or clearing your web browser cache, see https://www.lifewire.com/how-to-clear-cache-2617980