General Data Protection Regulation (GDPR) – Privacy Policy

In therapy, I collect information during the initial client consultation, which includes the client’s name, postal address, telephone numbers, email address etc.  In order to give clients a more thorough service, I may also collect data on their preferred contact method, their doctor’s name and surgery, any medication they are taking and whether they have any physical or medical conditions.  Information may be gathered by me on issues that are concerning clients, how much previous experience they may have had of therapy and an indication of what they perceive as their goal for therapy with me.  This information will be gathered on a form, which is completed at the first client meeting.

I also write notes during client sessions about what has been discussed.

I collect all this information for the following reasons:

• To prepare a working contract between us.
• To contact clients for administrative purposes such as changing appointments or to discuss payments, or to share relevant information.

• To inform each therapy session and to provide the client with appropriate therapy services and information.
• To conform to my insurer’s requirements with regard to keeping notes on client sessions. This information is kept in paper format and held securely in a locked filing box.
• To comply with any applicable laws and regulations.

None of the information I hold is shared with a third party unless the client gives written permission, I am required by law, or if the client is a danger to themselves or others.

All information is held for a maximum of 8 years after our work has ended, to comply with my insurer’s requirements.

Individuals’ rights

I will endeavour to resolve any individual’s rights issues within the statutory time period (30 days).  I aim to store legitimate, relevant and accurate information about my clients.  Clients have the right to request the following.

• Obtain personal information that I have stored
• Change personal information if inaccurate
• Have their data erased (where it does not infringe on me carrying out contractual obligations or other overriding regulations – eg, storage of data for accounting purposes or for legal reasons).

Lawful basis for processing personal information

1. Contract: The lawful basis for collecting and processing client information is that we have a contract.  From the outset clients have sought my services and I have agreed to provide them and this constitutes a verbal (it may also be written) contract. Therefore, having agreed what I will offer, when and how regularly we will meet and what the fee is for this service, this contract is the lawful basis on which I can store and process client personal information.
2. Legitimate interest: The second legal basis for collecting and processing client personal information is that having this information is necessary for me to be able to deliver the therapy I’ve agreed to offer them, and clients would be unable to receive my service without giving me this information – so therefore it is in both our ‘legitimate interests’.

Consent

Clients are required to sign a form ‘An overview of how I collect and use your information’, which sets out everything the client needs to know to manage their personal information, held by me.

Elizabeth Payne

Business Owner – Positive Changes Within

May 2018