07938 278856
Privacy Notice
1 May 2024
I am a Clinical Psychologist offering assessment and treatment of psychological difficulties for adults. I offer supervision and consultation to other psychologists and trainee psychologists.
​
This policy describes the information that I collect when you use my services. This information includes personal information as defined in the General Data Protection Regulation (GDPR) 2016 and the subsequent UK Data Protection Bill 2018. The policy also describes how I manage your information when you use my services, if you contact me or when I contact you. In accordance with these laws, I am registered as the data controller with the Information Commissioner’s Office (ICO).
1. Why do I collect information about you?
My use of your personal data will always have a lawful basis. This will usually be because it is necessary for my performance of a contract with you or because you have consented to my use of your personal data. I will ask you to sign a consent form at the beginning of any work. Some of the data I collect is considered “Special Category Data” under GDPR, meaning that it is considered to be of a particularly sensitive nature. However, collection of this data is justified because it is a necessary part of providing a health intervention.
​
There may be occasions where I will collect or process information about you because of a lawful obligation or because I have legitimate interests as a business to do so. It might, for example, be necessary for me to collect and process your data to protect your safety or that of others (see below) or to comply with UK tax law.
​
2. What data do I collect?
I collect information about you that may include personal or sensitive information, such as:
-
Name
-
Address
-
Telephone numbers
-
Email address
-
Date of birth
-
GP details, and details of any other professionals involved in your care.
-
Gender
-
Sexuality
-
Relationships & children
-
Occupation
-
Medical conditions (if relevant)
-
Prescribed medication
-
Psychological history and current difficulties
-
Forensic history (including alleged offences)
For supervisees, I may also collect additional information such as:
-
Your professional qualifications and memberships of professional bodies
-
Your qualifications to practice using specific therapies
-
Details of your professional indemnity insurance
​
I also process personal data pursuant to our legitimate interests in running my business such as:
-
Financial information, including bank account details
-
Invoices and receipts
-
Accounts, VAT and tax returns
3. How do I collect this data?
Much of this data is collected from you directly, but some may be collected from third parties. This will usually be an insurance company or solicitor if they are involved in arranging your sessions with me. I may also collect data from other third parties (e.g. friends and relatives), but will only speak to these people with your consent.
4. What do I use this data for?
In addition to using data about you to provide you with therapy/supervision, I may also use your data in the following ways:
-
To communicate with you
-
To create your invoice. This may be sent to your insurer or solicitor if they are to be invoiced. Some companies may use this data for auditing, in accordance with their own policies.
-
To provide updates to any insurers, consultancy companies or solicitors that are involved with your case, in line with their instructions and policies. I will always discuss this with you beforehand.
-
To notify your GP and any mental health professionals involved in your care that you are receiving therapy.
-
To contact you through Acuity – Square Space for booking purposes.
​
I will not use your data (share any of your data with others) for marketing purposes.
5. Under what circumstances will I share your data, and with whom?
Much of the content of therapy/supervision is confidential, and I adhere to HCPC standards of conduct and ethics. In keeping with guidance, I will only share identifiable information about you if I have your consent; if the law allows it; or if it is to prevent risk of serious harm to you or others. Under most circumstances, this means that will only speak to others (e.g. friends and relatives) if you consent to this. However, as part of your care I will share some of your with certain other parties routinely. I have summarised these below.
​
Secretary
I have a secretary who will process some of your personal data as part of their duties. This will usually be to complete invoices, respond to routine emails or to send reports to appropriate parties. In accordance with the law, the information they would have access to will be kept to the minimum necessary.
​
Acuity – Square Space
With your consent, I will share your telephone number and email address with Acuity – Square Space, the online booking system. This is solely for the purposes of scheduling your sessions and sending email or SMS reminders. This data will be kept and used in accordance with Acuity – Square Space's privacy policies.
​
GPs and other mental health professionals
It is a condition of my service that I will notify your GP and any other mental health professionals that you are receiving therapy from me. I will also notify them when our work has ended. I will not disclose any information about the content of our sessions unless I have your consent, or unless it is in the interests of managing a risk issue (see below).
​
Funders
If my work being funded by a third party (e.g. an insurance company or solicitor), they may request information regarding my input. This will usually take the form of a report. We can discuss this during your initial session and/or where necessary.
​
Working within a multidisciplinary team
I may be working with you as part of a team of professionals involved in your care (e.g. occupational therapists, case managers, social workers). This is known as a multidisciplinary team (MDT). If this is the case, then I will routinely share information about our work with the MDT. This is to ensure that we are able to work together to provide you with the best possible care.
​
Risk/emergencies
If information is disclosed that leads me to believe there is a risk of serious harm to an individual (either you or another person), I have a duty take necessary steps to ameliorate this risk. This will almost inevitably mean that I will need to breach confidentiality. Except for the most urgent situations, I will always notify you before breaching confidentiality and will only disclose the minimum amount necessary.
6. Your Mental Capacity
I will always work in compliance with the Mental Capacity Act 2005. This means that, whilst I assume capacity, there may be circumstances in which I have reason to believe otherwise. If you do not have mental capacity to consent to collecting or sharing of data, I will always act in your best interests, or in line with the instructions of your LPA appointee or Court Appointed Deputy.
​
7. How do I protect your data?
Paper
It is common for clinical psychologists to write notes during sessions. These will be kept in a file and locked in a secure filing cabinet. You are welcome to see these notes during sessions and can request copies of the notes if it is agreed this would be helpful for you. You will be asked to complete a contact detail form prior to our initial session, and will also be asked to sign a contract/consent form which will also be securely stored.
​
Mobile phone
Your first name and initial of your surname will be stored to identify your telephone number. This enables me to contact you in case of emergencies and to communicate with you via SMS regarding appointment times, cancellations, etc. I do not provide therapy via SMS and will not contact you for marketing purposes via SMS.
​
Video Calls
I use video conferencing technology that adheres to strict standards around privacy, encryption and data use. I never record video calls you make to me, only use your initials when setting up meeting rooms and ensure that all meeting rooms that I set up are password protected.
​
Your email address and any email correspondence will be stored in my email account. This is an encrypted email service and is compliant with GDPR.
​
Electronic
Some information (e.g. invoicing information, electronic copies of reports and correspondence) may be store securely on a PC and backed up on a cloud-based backup. All of this data is encrypted and password-protected.
8. How long will I keep your information for?
I will keep the personal information you provide for as long as it is reasonable and necessary for the purpose of the processing (ICO regulations) and in line with my own professional guidelines. I delete/destroy all paper and paper records by shredding at seven years after our last contact. This is in line with guidance provided by the British Psychological Society (BPS) and Health and Care Professions Council (HCPC).
​
If you contact me and provide me with some personal information but decide not to engage prior to having had any sessions, your information will be deleted/shredded after one year.
Invoices and other business-related information will be stored electronically for a period of five years as specified by HMRC. After this time they will be deleted.
​
9. What rights do you have?
Under GDPR you have rights which you can exercise free of charge which allow you to:
-
know what I am doing with your information and why I am doing it
-
ask to see what information I hold about you (subject access request)
-
ask me to correct any mistakes in the information I hold about you
-
make a complaint to the Information Commissioner's Office
Depending on my reason for using your information you may also be entitled to:
-
ask me to delete information we hold about you
-
have your information transferred electronically to yourself or to another organisation
-
object to decisions being made that significantly affect you
-
object to how I am using your information
-
stop me using your information in certain ways
I will always seek to comply with your request however we may be required to hold or use your information to comply with legal duties. Please note, your request may delay or prevent me delivering a service to you.
For further information about your rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner's Office (ico.org.uk) on individuals’ rights under GDPR.
​
10. Further Information
For more information, to ask a question, or to make a complaint about how your data is handled, or to find out how to contact the Information Commissioner’s Office (an independent regulator) please email me on leigh@leppardpsychology.co.uk.