Data Security & Privacy Notice
The following statement is designed to offer transparency about the way I collect and use personal data in my clinical practice.
Mindful Action Limited is registered with the Information Commissioners Office (ref ZA356893). As company Director, I am responsible for ensuring that my services comply with the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR) 2018. I also follow the rules set out by my professional regulators: The Health and Care Professions Council (HCPC) and the British Psychological Society (BPS).
Reasons for collecting personal information
I collect personal information about my therapy clients in order to provide effective psychological treatment, for safeguarding purposes and for billing and processing payments. I also collect personal data to maintain my company accounts and promote my clinical services. I never share personal data with third-parties for marketing or political purposes.
What personal information do I collect?
I only collect information relevant to the provision of effective psychological treatment. This may include personal data e.g. your name, address and phone number. I also keep sensitive data e.g. notes about your sessions, your gender and personal history.
How is personal information collected?
- Electronic enquiry form (from website)
- Written assessment forms and psychological reports
- Symptom questionnaires
- Hand written case notes
- Electronic records
- Email and text communications
Who will I share your information with?
I will treat everything you disclose to me as confidential. However, there are exceptions to this, when the need may arise for liaison with other parties, such as:
- When there is a risk to your safety, the safety of other adults and/or children. To keep you and/or others safe, I may share your personal information with other healthcare professionals (e.g. your GP), social and welfare organisations (e.g. Social Services, The Police). I will discuss the need for disclosure with you first, unless I judge that doing so will increase the level of risk to you or someone else.
- When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.
- When you are referred by your health insurance provider or otherwise claiming through a health insurance policy to fund therapy, then I will share appointment schedules with that organisation for the purposes of billing. I may also share information with that organisation to provide treatment updates.
The BPS guidelines for clinical practice recommend that psychologists receive regular Clinical Supervision to ensure the quality and standards of their therapeutic work. Information provided by you (such as the nature of your problems and your response to therapeutic interventions) may be shared in supervision but I will not reveal your personal identity. My clinical supervisor is bound by HCPC and BPS rules of confidentiality and is also compliant with General Data Protection Regulation.
How I keep your personal information safe
I protect your privacy and the security of your data by using encrypted products for data storage and electronic communication service providers (e.g. Zoom, Microsoft) that are compliant with GDPR. I store personal information in encrypted, password-protected electronic files and in paper files which are kept in a locked filing cabinet in a secure location.
How and when personal information is destroyed
Sensitive information relating to our work together will be destroyed 7 years after the work is completed. By law, this is the length of time I am required to keep records. Paper and digital therapy records will be destroyed to an international standard (e.g. incinerated, pulped or shredded using a cross cut shredder under confidential conditions; rendered inaccessible to users of the operating system with a metadata stub demonstrating that the record has been destroyed).
Access to your information and corrections
You have the right to request a copy of the information that I hold about you. If you would like a copy of some or all of your personal information, please email me at firstname.lastname@example.org or write to me at The Cloisters Clinic, Lower Leam Street, Leamington Spa, CV32 1DJ. There is a small administrative charge for this service. You may ask me to correct or remove information that you think is inaccurate. If it is not possible for me to delete personal data for legal reasons, then I will discuss this with you at the time.
If you have a concerns about the way I manage your data please contact me in the first instance at email@example.com. If you feel I cannot resolve your concerns adequately, you have the right to complain to the Information Commissioners Office: www.ico.org.uk.
t. 07793 006723