As a Psychotherapist, I comply with the General Data Protection Regulation (GDPR) which is effective from 25th May 2018 and I am registered with the Information Commissioner's Office (ICO). It is always my intention to act within the law and to behave ethically in my business, to maintain total confidentiality to protect your personal information.
This page provides further information about the data I collect, why we collect it and how I use it. It also provides guidance on what you can do if you would like to request a copy of your information or patient record, make a complaint or delete your personal information.
I keep this information electronically but use a code rather than your name. This is information likely to consist of your full name, address and date of birth. As part of your assessment and ongoing therapy, I keep accurate session records. Written notes are stored securely in a dedicated and securely locked filing cabinet and electronic records are securely stored and password protected.
Our appointment times and dates are recorded in my electronic diary. I use a code instead of initials or any identifying detail.
Who has access to your records?
Your personal data will not be shared with anyone without your knowledge and permission. If the need should arise for me to share information it will only be done with your full consent.
There are three exceptions to this rule: there is a legal requirement to do so, or if there is a child or adult safeguarding issue, or a perceived risk of harm.
Anonymised Client Information
In accordance with my professional requirements, I work within the ethical framework of the UKCP (United Kingdom Council for Psychotherapy). I am required to be supervised in my practice. I discuss my work with an external supervisor, but your identity is not revealed; The supervisor does not see the notes and does not know your name or initials.
Anonymised data is used for the purposes of accounting and research.
The right to be forgotten
The right to be forgotten appears in Recitals 65 and 66 and in Article 17 of the GDPR. It states, “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay”. Should you wish to exercise this right, please make the request directly to email@example.com
I keep an electronic password protected data record of the dates on which we meet and brief notes of what happened. This helps me to recall our discussions and to keep the continuity of our explorations. You are recorded by the above code and there are no identifying details recorded. My notes are kept securely as per the instructions of the Information Commissioners Office: registration number ZA205225. My notes are kept securely via professionally recognised data encryption and are required to be retained for 7 years after completion of our work together.
In times of incapacitation
Should I be incapacitated; my Therapeutic Executor holds your contact details. This enables you to be contacted should the need arise.
You have the right to have your documents erased, to have inaccuracies put right and to access your data at one month’s notice. Your data will not be used for purposes other than as described above. I am a Data Controller with the Information Commissioners Office (ICO) and you have the right to complain to them.