Protecting your personal information
I am committed to your support, and that includes ensuring my practice is compliant with data protection guidelines. You can be confident that your personal information will be protected and will only be used for the purpose it was given. I adhere to current data protection legislation including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
This notice tells you how I will look after your personal information when you visit my website or engage with my services. It tells you about your rights to privacy and how the law protects you. I am happy to chat through any questions you might have about my data protection policy and you can contact me via email.
‘Data controller’ is the term used to describe the person/ organisation that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is me. I am registered with under the Data Protection Act (1988), (registration reference: ZA237980), and with the Information Commissioner’s Office.
My postal address is: Cornerstone Integrated Therapy, 26 The Chase, Coulsdon, Surrey CR5 2EG.
My telephone number is: 020 8668 7527.
My email address is: firstname.lastname@example.org.
- My lawful basis for holding and using your personal information
GDPR states that I must have a lawful basis for processing your personal data and there are different lawful bases depending on the stage at which I am processing your data. The GDPR also ensures I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is that it is either: a) for the provision of health treatment (therapy or supervision) and necessary for a contract with a health professional (in this case, a contract between me and you); b) for the development and provision of services (training and business).
If you are in contact with me to consider therapy/supervision/training, or are currently in therapy/supervision/training with me, I will process your personal data where it is necessary for the performance of our contract. If you have had therapy/supervision with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information.
- What information do I collect?
Personal information or data includes any information about an individual from which they may be identified. It does not include anonymised data.
Initial contact: When you contact me with an enquiry, regarding therapy, supervision, or training, I will collect information to help me satisfy your enquiry. This is likely to include your name and contact details. I may also make notes to help me recall the details of your enquiry.
Working together: To fulfil my responsibilities as a therapist, supervisor, or tutor, I will need to keep personal information about you. This information will include your name, address, and contact details, and any further information given in self-referral forms, assessments, agreements and/or application forms. Where applicable to our working relationship, this will also include notes made during working together, therapy or supervision notes, which are kept securely locked in my therapy suite or private office.
My mobile phone is a smart phone and may therefore also store your texts, and emails. The phone is password protected and details are stored in ‘the cloud’ so they can be restored if my phone is lost or stolen.
Please note that payments by bank transfer may appear on my bank statement with your name. If you would prefer to avoid this, please ask me for a code to apply to the transfer.
- Why do I collect your information?
Therapy & Supervision: I keep records in order to a) enable me to contact you, b) to help me in recollection of your circumstances, c) to comply with my professional body guidelines, and d) for your benefit, by helping me clarify the progress and direction of our work together. My therapy notes do not represent a legal record. In order to maintain confidentiality, identifying details such as your name and contact details will be stored separately from any session notes which are stored with an identifying code; any records stored electronically (mobile phone and computer) including contact details, emails or letters, are password protected on access. These records are not a legal record and do not constitute part of your official health record.
Everything that happens in our sessions and your data remains private and confidential, with the following exceptions:
- I will discuss aspects of our work in my supervision, but your identity will remain protected using a pseudonym or code.
- I may contact your GP or other medical professionals involved if I believe you or others may cause serious injury to yourself or others. It is my strong preference to always discuss this with individuals first. However, I may do this without consultation with you if concerns warrant urgency or if you are not able to discuss other options with me.
- When there is a specific legal requirement for me to do so.
(For example, this could include discussion about acts of terrorism, serious crime or risk of harm to self or others; it could also include data, or information revealed about children or vulnerable adults being at serious risk).
- In the event of a criminal investigation, it is possible that my therapy notes could be considered a reasonable line of inquiry. If so, investigators must demonstrate this and seek your consent to review them. If you give consent and if I believe releasing them would not cause you significant harm, notes specific to their investigation could be shared.
- If subpoenaed to give evidence in court, then I would be under obligation to comply.
- On receipt of a request from you or your representative, where I consider the release of notes is not likely to cause you or another person serious harm.
Training organizations/Training enquiries/Delegates: I keep records in order to manage our relationship, to process your enquiries and to notify you about training opportunities. I may also contact you to enquire about your training needs and interests relevant to your practice.
In exceptional circumstances, such as my death, your records will be destroyed by my named agent. In the event that I am incapacitated your contact details alone may be shared either with my named agent, or with my supervisor, so that they can contact you to explain the situation.
- How long do I keep records?
If we decide not to work together, I will ensure your personal data is deleted within 3 months. If you would like me to delete this information sooner, please let me know.
Client records are kept for a period of 36 months after therapy has ended and then confidentially destroyed on a date set annually for document review, (within 1 year of the 36 month period), unless exceptional circumstances indicate it is in your or my best interests to retain them for longer. If we communicate by text or by email, these records may also be kept for the same duration as any therapy notes. I will store your contact details on my mobile phone for 3 years after our working relationship ends and then I will delete them from my contact list.
Supervision records are kept for a period of 36 months beyond the conclusion of work with individual clients, or after our working relationship has ended, unless exceptional circumstances indicate it is in your or my best interests to retain them for longer. If we communicate by text or by email, these records may also be kept for the same duration as any supervision notes. I will store your contact details on my mobile phone for 3 years after our working relationship ends and then I will delete them from my contact list.
Teaching records are kept in accordance with the training provider’s requirements. I will keep student and delegate details for 36 months beyond the event date, or with permission, until I no longer provide training. Please refer to PICT Therapy & Training Privacy Notice for information relating to PICT students and delegates.
- Website visitors
When someone visits my website, data is collected to build a log of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone.
If you fill out a request for information on the website, that data is temporarily stored by the web host before being sent to me. To avoid this, please email me directly using the email address given, as exemplified at the bottom of this page. I do not make, and have not authorised wordpress to make any attempt to discover the identity of anyone visiting my website.
Where I provide links to websites of other organisations, this privacy notice does not cover how that organisation processes personal information. I encourage you to read privacy notices on the other websites you visit. To find out how these companies use your data and how you can control the way they use your data please refer to their privacy policies, which should be available on their websites.
- Online Therapy
Unfortunately, it is impossible to guarantee 100% security with online therapy. However, I use secure online platforms like Zoom or VSEE which are encrypted and supported by my professional bodies. I conduct sessions from my therapy rooms, which provide a private environment where neither party will be overheard or seen. I take further precautions to support security by:
- sending you an invitation to our session each time we meet
- sending you a meeting password
- using the waiting room facility to ensure that I admit only you, by name, for your session
- securing (the online term is ‘locking’) the meeting room once you have joined to ensure that that no-one else can enter the session once we have started; this does not prevent you from leaving if you wish.
I advise you to:
- always use a password to access your computer; it is best to change this frequently
- keep your computer security software (virus protection, firewall) up to date
- regularly check for updates for your video and audio communication software
- ensure you have a comfortable, private space, which may include ensuring others in your location know not to disturb nor to interrupt you
- close other open browsers and programs on your computer as these can affect the connection, either slowing it down or causing the screen to freeze
- remember, computers automatically keep a history of web pages visited, and may save graphics, cookies, and other files. If it is important that others cannot discover which websites you have visited by looking through your history or cache file, you may choose to clear your history or empty your cache file in your browser’s settings.
- Your rights
You can read more about your rights at ico.org.uk/your-data-matters.
You have the right to see your records, to ask for corrections or erasure to be made where appropriate, to limit how I use your information or to object to the use of your personal data in some circumstances. You also have the right to ask for your data to be transferred.
To make a request for any personal information I may hold about you, please put the request in writing and send it to my email: email@example.com. If you have any complaint about how I handle your personal data please do not hesitate to get in touch with me by writing to me, or emailing me using the contact details given above. I would welcome any suggestions for improving my data protection procedures.
If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint.
If you want to share personal or confidential information, please send an email to this address: firstname.lastname@example.org in a separate message.