Privacy Notice
New laws relating to General Data Protection Regulation (GDPR) are in effect from 25 May 2018. This document sets out how Deborah Finn and Therapy Online comply with these laws. Deborah Finn is the data controller for Therapy Online.
What personal data we process
I collect and process the following personal data from therapy clients:
- Personal data: basic contact information: name, address, email, contact number, video conference ID (if online therapy), and GP contact details.
- Sensitive personal data: Signed Consent to the Therapy Agreement, therapy records (therapist notes, letters, reports and/or outcome measures).
The lawful basis for processing personal data
Deborah Finn has a legitimate interest in using the personal data and sensitive personal data to provide treatment. It is necessary to collect this data to be able to provide psychological therapy to clients and to identify clients should an issue or risk arise when the GP needs contacting. No information you provide is passed on without your consent. We will never sell your information to others.
What we do with your personal information
We take your privacy seriously. We will only use your personal information to provide the services you have requested from us. If you do not provide the personal information requested, then we may be unable to provide a therapy service to you. We will not share your personal information with third parties for marketing purposes.
How long we store personal information
We will only store your personal information for as long as it is required by standard for our service and governing bodies. The sensitive personal data defined above is stored for a period of 7 years after the end of therapy. After this time, this data is deleted at the end of each calendar year. No card payment details are stored.
How your personal information is used
We use the information we collect to (1) Provide our services to you (2) Process payment for such services. (3) send you information related to a change in our services.
Sharing your information
We hold information about each of our clients and the therapy they receive in confidence. This means that we will not normally share your personal information with anyone else.
In exceptional circumstances, we might need to share personal information with relevant authorities:
- When there is need-to-know information for another health provider, such as your GP.
- When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.
- When the information concerns risk of harm to the client, or risk of harm to another adult or a child. We will try to discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else.
How we ensure the security of personal information
Information stored on the computer and work phone is password protected. Malware and antivirus protection are installed on all computing devices. Hard copy data is stored in locked cabinets.
Your right to access the personal information we hold about you
- You have a right to access the information we hold about you.
- We will usually share this with you within 30 days of receiving a request.
- There may be an admin fee for supplying the information to you.
- We may request further evidence from you to check your identity.
- A copy of your personal information will usually be sent to you in a permanent form (that is, a printed copy).
- You have a right to get your personal information corrected if it is inaccurate.
- You can complain to a regulator. If you think that we haven’t complied with data protection laws, you have a right to lodge a complaint with the Information Commissioner’s Office.
Deborah Finn reserves the right to refuse a request to delete a client’s personal information where this is therapy records. Therapy records are retained for a period of 7 years in accordance with the guidelines and requirements for record keeping by The British Psychological Society and The Health and Care Professions Council.