About this Privacy Notice
This Privacy Notice sets out the basis on which I will use any personal data that I obtain from or about you when you first contact me about therapy services. Please read the following carefully, to understand how your personal data will be used at the initial stage of your enquiry.
If we decide to work together and you become a client, I will provide you with a formal Therapy Agreement that includes further privacy details, which I will ask you to review and sign before the commencement of therapy.
For the purpose of the General Data Protection Regulation and the UK Data Protection Act 2018, the “controller” of the personal data is Dr Kendra Gilbert, a Chartered Counselling Psychologist practicing in North London. You can contact me by email at firstname.lastname@example.org by telephone 07432 868010.
I may update this Privacy Notice from time to time. Any changes I make in the future will be posted on my website at http://kendragilbert.co.uk. Please check back regularly to see any updates or changes.
Compliance with professional ethics
As an independent practitioner psychologist, I work within the ethical guidelines of the two professional bodies I am registered with, namely the Health Care and Professions Council (HCPC) and the British Psychological Society (BPS). The BPS Code of Ethics and Conduct can be found at:
All personal data that I obtain about you, in connection with my work as an independent practitioner psychologist, will be kept private and confidential in accordance with the requirements of those professional bodies.
What is the lawful basis for processing your data?
At the initial stage of your enquiry at least one of the following applies to the processing of any personal data that I obtain about you:
- the processing is necessary for the performance of a contract for psychological therapy between you and me, or in order to take steps at your request prior to entering into a contract; and/or
- the processing is necessary for the purposes of the legitimate interests that I pursue in the course of my practice, consisting of the provision of psychological therapy services and related administrative matters (such as for the purposes of communication, invoicing and in case of emergency).
What types of personal data do I process?
At the initial stage of your enquiry you will be asked to provide me with some general contact information such as your name, phone number, and email address. I may also need to process some health-related data such as why you have contacted me. I will ensure that all such information is securely stored, and it will be deleted if we decide not to work together.
If we decide to work together and you become a client, I will need to process the same types of contact information. I may also need to process more detailed health-related data, known as ‘special category data’ in connection with the delivery of psychological services. In that event, I will provide you with a formal Therapy Agreement that includes further privacy details, which I will ask you to review and sign before commencement of therapy.
Who do I obtain personal data from?
The personal data that I obtain about you may come directly from you, or from a referrer such as another health professional.
How will your data be stored and protected?
In order to protect your personal data, I use secure passwords for the devices on which I have email (mobile phone and laptop) and do not share my devices with another person. If I need to email you or your insurance provider and thereby reveal your name, I will do so from my password protected email account. I will never use your name in the subject strip of an email.Any initial letters or reports I might receive from referrers are stored electronically as password-protected documents on a password-protected encrypted cloud drive. I do not store letters or reports on hard drives or removable drives such as USB sticks. I do not print hard copies of letters or reports.
Will your personal data be shared?
Your personal information will not be shared with any other individuals or organisations except in the following circumstances. Firstly, information may need to be shared with other health professionals involved in your care, in which case I will do so in accordance with my professional duties as set out in the BPS Code of Ethics and Conduct. Secondly, the organisation funding your future care may require information to ensure that my provision meets the terms of your policy.
How long is the personal data retained?
I will keep the personal data that you give me at the initial stage of your enquiry until the earlier of (i) the point that we decide not together and (ii) 6 months from the date of your initial enquiry (if we have not reached a final decision about working together by that point).
If we decide to work together and you become a client. I will keep a record of your data for as long as my records are retained. My policy on the retention of personal data about clients is in line with my professional body’s guidelines which is 7 years after completion of the service.
As a “data subject” you have the following rights:
- The right to request access to the personal data that we hold about you (also known as a “data subject access request”). This enables you to receive a copy of the personal information I hold about you and to check that I am lawfully processing it.
- The right to request rectification of the personal data that I hold about you.This enables you to have any incomplete or inaccurate information I hold about you corrected.
- The right to request erasure of the personal data that I hold about you (also known as “the right to be forgotten”).This enables you to ask me to delete or remove personal information where there is no good reason for me continuing to process it. You also have the right to ask me to delete or remove your personal information where you have exercised your right to object to processing (see below).
- The right to request restriction of processing about you.This enables you to ask me to suspend the processing of personal information about you, for example if you want me to establish its accuracy or the reason for processing it.
- The right to object to processing.Where I am processing your personal data solely on the grounds that there is a legitimate interest to do so, and there is something about your particular situation which makes you want to object to processing on this ground, then this enables you to challenge the processing. You also have the right to object where I am processing your personal information for direct marketing purposes.
- The right to data portability.This enables you to ask me to transfer your personal information to another party in certain circumstances.
- The right to withdraw consent.Where my processing of personal data is based on your having given consent, you also have the right as a data subject to withdraw that consent at any time. (Please note that I may still be entitled to continue processing the personal data on one of the other lawful bases of processing described in this Privacy Notice.)
If you wish to invoke any of the above rights, please notify me by emailing me at email@example.com. Please include the words DATA PRIVACY REQUEST in the subject line of your email.
Your right to complain to the Information Commissioner’s Office
You have the right to complain about my compliance with data protection regulations with the UK Information Commissioner’s Office. For more information, you can visit their website at www.ico.gov.uk.