I am registered with the ICO (Information Commissioners Office). This means I need to tell you what data I am collecting from you and what I intend to do with it.
What data do I keep and why do I need it?
Your full name and date of birth – these are used as identifiers if I need to contact your GP.
Address, email and phone number(s) – these are kept so I can contact you. They may also be used as identifiers if I need to speak to your GP.
GP details – if you disclose information that leaves me concerned for your welfare, I may need to contact your doctor. As discussed in the confidentiality policy, I will endeavour to discuss this with you before communicating with your GP.
Next of kin – I take this information in case of emergencies only, such as you become very unwell during a session and I need to pass the details onto a medical professional (i.e. paramedic).
Will I share your data and if I do who will I share it with and for what purpose?
It is very unlikely I will share your data and I will not sell it on or use it for unethical reasons. There are occasions where I may need to share your information with other professionals. These are:
Your first name will be shared with my clinical supervisor.
If subpoenaed by the court I may need to share my notes.
If you disclose information that raises legal or safeguarding concerns including serious risk of harm to yourself or others, a child or vulnerable adult, I have a duty of care to disclose that information to the appropriate authorities.
If I need to contact the emergency services on your behalf.
In the event of unforeseen circumstances and I am unable to continue working with you, I have appointed a Clinical Executor. If such an event occurs, they will have access to your details and will contact you to as soon as possible.
How is your data stored?
Paper documents are kept in a locked filing cabinet.
If I store your phone number on my phone, I will use a unique identifier (created by me) to maintain your anonymity. I will only store your information on my phone if it is necessary to do so (i.e. if this is your primary way of contacting me). My phone is password protected and only accessed by me.
Any information about you stored electronically will be password protected. My laptop will be locked, and password protected when I am not present.
How long will I store your data for and how will I dispose of it?
I will keep your session notes, your name and your unique code for 5 years. This is the time frame requested by my insurance company. I will shred/burn all other documentation relating to you one month after our work finishes.
I will delete your phone number (if stored) from my mobile phone one month after our work finishes.
All emails from you will be deleted as soon as they are no longer required and at least within one month of us finishing working together.
Under the GDPR (General Data Protection Regulation) you have the right to say what happens to the data I keep regarding you. This includes a right to request to see, have amended or have destroyed any data I may keep about you.
If you would like to exercise any of your rights, you can request it verbally or in writing. I will respond to your request within 30 days.