HOW I USE AND PROTECT YOUR DATA
I am committed to protecting your privacy and any data about you that I may hold. I will use the information that I collect about you in accordance with the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003.
WHO I AM AND WHAT I DO
I am Amanda Hart and my therapy business is called Life Insight Therapy. My business is providing private therapy or counselling for individuals, couples or groups, clinical supervision to other practitioners or professionals working in a similar field and services or training to organisations. To carry out my business I need to collect and store (process) a certain amount of data about my clients or those interested in my services. I aim to be clear when I collect your data and not do anything with it that you wouldn’t reasonably expect. However, to carry out my work I need to have a good understanding of my clients, their background, their work, their relationships and their physical and emotional wellbeing, therefore I may need to ask for some personal or sensitive information about you. In line with therapy best practice, and following the Ethical Code of the British Association of Counselling and Psychotherapy (BACP) of which I am a registered member, I always treat my clients’ personal information confidentially. This privacy policy sets out the ways in which I use and store your data and how you can hold me accountable for that.
I am a sole trader therefore no other individual has access to your information or data about you that I hold. I take the security and privacy of my clients’ data seriously and I am registered as a Data Controller with the Information Commissioner’s Office (ICO). The lawful bases for collecting and storing your data may be either, or both, consent or/and contract. The nature of my business also means that I may need to process data of the type classified as sensitive (including, but not limited to, information about your health, your ethnic origin, sexual orientation or other sensitive personal data). The lawful basis for collecting and storing this type of information is explicit consent.
WHAT INFORMATION ABOUT YOU I MAY NEED
I need to process a certain amount of personal information about you in order to be able to correspond with you, contact you about your appointments or your therapy and to provide relevant services to you. This might include information about:
- Your name(s) and contact details (telephone numbers, address(es), email address)
- Your age or date of birth (this may be relevant to what services I may provide to you or fees applicable)
As well as the above information, I might ask you to provide me with other information that will be relevant to the work we will do together, this may include:
- Your marital status and current living arrangements
- Information about your partner, past partner(s), family or children
- Your occupation or past occupations and/or your education or past education
- Your religion or faith and whether this is important to you
- Any current or past medical problems and any medications taken (this may impact whether I can take you on as a client)
- Your weight and height if relevant to the work we will do together
- Your GP’s name or GP surgery name – I require this information in case I ever have a serious safeguarding concern about you or someone else. In some cases, I may want to contact your GP about your treatment but unless there is an emergency, I will always discuss this with you first.
- Lifestyle information such as your exercise, diet and eating habits, your sleep patterns, whether you smoke, drink alcohol or use recreational drugs – this information may be relevant to your treatment plan
- Information about recreation and your social life – again this may be relevant to your treatment
In addition to the above I will ask you about your reason(s) for seeking therapy with me and how it affects you. I may make notes from what you tell me about the above, for my own use only.
In the case of clinical supervision, I will ask for information about your work and your client cases, however your clients’ identities will not need to be disclosed, and all information will be kept confidential except in the case of risk of serious harm to self or others.
HOW I KEEP YOUR DATA SAFE
Information that I collect about you is stored and used as follows:
I may make brief notes of some of the information you provide. My initial intake notes and, sometimes, brief session notes are kept on paper and are stored securely in a locked filing cabinet to which only I have access. They are filed according to a unique client reference number and do not contain any information that might identify you. Your name and contact details are securely stored in a separate location. Your name and contact details, plus brief details of each session (date and basic treatment notes) are also securely stored in my online practice management software (Cliniko – see below).
My professional insurers advise me to securely store your records for a period of 7 years following our work together, or for 7 years after your 18th birthday if you were under 18 when you became my client. The practical basis for storing your records is in case you decide to return for more therapy at a later date. The legal basis for storing your records is to investigate any complaints or for future court orders. After 7 years have passed, I will delete or securely dispose of any records or information about you.
For accounting purposes, I maintain statistics about client attendance and payments, however this data is anonymised and does not contain any of your personal information. These are stored digitally on a password protected secure cloud-based server (see below).
While you are my client, I may store your client reference number and your initials with your phone number and/or email address on my business phone, to enable me to contact you if necessary and to identify your calls to me. I will remove your contact details from any mobile devices approximately one month after the end of our work together.
My email correspondence with you is stored on a secure email server and deleted after 12 months, except for any information relevant to your treatment which may be transferred to your stored data. Emails sent and received on a mobile device (phone or tablet) are deleted after one month. My mobile devices are protected by passcodes and can be remotely wiped if they are lost or stolen.
If required by UK law I may be asked to provide client details to the police or law courts. Should this be requested I will always seek legal advice from my professional insurance provider before disclosing any client information. I am not legally obliged to inform my clients if I am asked for their information under a court order, and in some cases to do so would be illegal.
THIRD PARTY SERVICES TO WHOM I MAY TRANSFER YOUR DATA
I will never pass on your information to any other individual, except in the case that I become unable to work and cannot contact you myself, when a suitable trusted person I have delegated may contact you on my behalf.
In order to operate my business effectively and securely, I use some third-party service providers who may require access to some of your data, you will find more details below. I will not share any of your personal data with any other third parties without your agreement, unless required in order to fulfil my contract with you, or allowed by law. Whenever I share your data with a third party I will always do so securely and in line with current legislation on data sharing. I have taken steps to verify that the third-party services I use are also compliant with the relevant and current data protection legislation and that therefore they also protect your data to the required standards. Where necessary I have signed data processing agreements (DPA) with suppliers to safeguard any data processed outside the EU/ EEA.
In general, the third-party providers I use to facilitate the service I provide to you will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to me. These providers include my practice management software provider, Cliniko, email service provider Google, phone and telecoms providers, my web host and online directories on which I advertise who may handle client enquiries on my behalf (including the BACP, the National Counselling and Psychotherapy Society (NCPS), the Counselling Directory and the National Centre for Eating Disorders).
When you pay me for my services by bank transfer, credit card (via Stripe), PayPal or cheque some of your data may be transferred to my card payment processor, my bank, Stripe or PayPal, in order to process your payment. I will never store your credit card number or security details such as PIN number.
I use secure online client management software which is provided by Cliniko, who are specialists in client data management for clinics and medical practices. The data that I may enter onto this system includes your title, your name, address, phone number(s), email address and date of birth. Cliniko also logs details of your appointment dates, attendance and your payments (but does not require or store details of your credit card or bank details). Cliniko allows me to send you booking confirmations and appointment reminders by email or text message, should you opt in to these services, and also allows me to give you access to an online booking facility whereby you can select and book an appointment in my online diary at a time of your choosing (when available). Only I have access to your personal information in Cliniko, nobody else can see your records or online bookings and the data is encrypted.
PROTECTING YOUR RIGHTS
I will only contact you about our work together during our therapeutic or professional alliance, unless you ask me to keep you informed of any services or information about my business. If you do opt in to receive updates you may opt out from these communications at any time and I will make it clear on my communications how you can do this.
YOUR RIGHTS
You have the following rights related to your personal data:
- The right to request a copy of personal information held about you
- The right to request that inaccuracies be corrected
- The right to request me to stop processing your personal data (however please note that if you ask me to delete your personal data, I may seek guidance on whether there is a legal basis for me to maintain your data).
- The right to lodge a complaint with the Information Commissioner’s Office
WEBSITE AND COOKIES
This site uses cookies to aid its functioning and to analyse data about webpage traffic. This helps me to meet my clients’ needs. A cookie is a small file which asks permission to be placed on your computer’s hard drive. The cookies used by this site do not collect any private or personally identifiable information about you. The information is used for statistical analysis purposes only and then the data is removed from the system. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
Like most websites, this site makes use of analytics software to help me to understand the trends in popularity of my website and of different sections. The analytics make no use of personally identifiable information in any of the reports generated. I use Google Analytics who provide details of their privacy policy on the Google website. To opt out of being tracked by Google Analytics across all websites visit: http://tools.google.com/dlpage/gaoptout
CHANGES TO THIS POLICY
I may change this Privacy Policy from time to time. If I make significant changes to the way I treat or manage your personal information I will make this clear on my website or by contacting you directly while you are a current client.
CONTACT OR COMPLAINTS
Please contact me by email on hello@lifeinsight.co.uk if you have any questions or complaints about this privacy policy or use of your data. If I am not able to resolve a complaint to your satisfaction, you may contact the Information Commissioner’s Office (ICO) on 0303 123 1113.