Privacy Notice
Your privacy is extremely important to me and I make every endeavour to keep your information secure. I work in compliance with the EU General Data Protection Regulation (GDRP), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003. My ICO registration reference is ZA782055. Below are more details about what information is collected, how it is used and how I protect your information, from your first contact with me to after your last contact.
What Information Is Collected
I collect information of a personal and confidential nature about my clients which is used to provide treatment. This information can include:
• Personal information such as a name, DOB, address, phone number and other identifying information
• A record of appointments, visits, and phone or Zoom meetings
• Details of the treatment plan and notes and reports on sessions
• Information about other professionals involved in your care.
Other information as required for treatment may also be collected. This may include information about your health, race, sexuality, disabilities, prior mental health treatment or relevant health conditions and medications.
The information may be collected by phone, from records from past treatment or directly from you. It may be in the form of written documents, hard copy client notes, database entries, emails, text messages, visits to my website (www.samepage.uk) and any social media communication.
How Your Information is Collected
In the first contact: Information collected over the phone for the initial appointment is used exclusively to establish the reason for contact, and that I am the correct service for you, and to set up an appointment, if appropriate. This information is not shared with other services, professionals or third parties.
It may happen that your GP or other health professional sends me your details when making a referral or a parent or trusted individual may give me your details when making an enquiry on your behalf. If you decide not to proceed I will ensure all your personal data is deleted within 90 days. If you would like me to delete this information sooner, just let me know.
During assessment or treatment: everything you discuss with me is confidential. Confidentiality will only be broken if:
- you tell me that there is a risk of serious harm either to yourself or someone else, in which case, I will always try to speak to you about this first, unless there are safeguarding issues that prevent this.
- if you tell me that you are involved in a serious illegal activity, in which case I am legally obliged to notify the relevant authorities immediately.
Written Records: I will keep a record of your personal details for administration purposes. These details are kept securely in a locked filing cabinet and are not shared with any third party. I will keep separate, anonymised written notes of each session, these are kept in a locked filing cabinet and are not shared with any third party.
Visits to my website: When someone visits my website, I use a third party service, WebHealer/PHD Interactive Ltd to collect standard internet log information and details of visitor behaviour patterns. I do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. I do not make, and do not allow WebHealer/PHD Interactive Ltd to make, any attempt to find out the identities of those visiting my website. I use legitimate interests as my lawful basis for holding and using your personal information in this way when you visit my website.
I use WebHealer/PHD Interactive Ltd to manage the content on my site so that I can continually improve my service to you. Like most websites we use cookies to help the site work more efficiently - No user-specific data is collected by me or any third party. If you fill in a form on my website, that data will be temporarily stored on the web host before being sent to me.
Telephone calls: These are not recorded; however, text messages and voicemail may be stored for the duration of our work together. I may use your phone number to return your call, as per standard business practice.
If we agree to work together your telephone number will be stored with your first name, on my mobile device. In the event that I am unexpectedly incapacitated, only this information will be shared with a colleague so that they can inform you of the situation.
Text Messages: For security reasons I do not retain text messages for more than 90 days. If there is relevant information contained in a text message I will include this in my notes referred to above.
Emails: Any email correspondence will be deleted after 90 days if it is not relevant to our work together. If necessary I will include the details in my notes referred to above. Emails are processed by Microsoft and are therefore subject to their privacy policies. It is recommended that no sensitive information be shared via Email.
Social Media: Should you choose to contact me via social media, data will be processed subject to their privacy policy. It is recommended that no sensitive data is sent via social media/message applications.
Once our work has ended: Your records will be kept for 8 years from the end of our contact with each other and are then securely destroyed, as recommended by the HCPC's Records Management Code of Practice.
How Your Information is Used
Your information obtained in sessions is used in your treatment. In addition, it may be used to:
• Select the best treatment methods and make recommendations
• Evaluate and assess progress
• Evaluate the effectiveness of any treatment plan
I am sometimes required to share personal data with third parties, for example if you are using private medical insurance to cover the cost of your treatment. In such cases I will always ensure a lawful basis for disclosing any Member Data to the insurer in accordance with Data Protection Law.
How Your Information and Rights are Protected
All personal information in hard copy form is stored in a locked filing cabinet that only I have access to. All electronic devices are password protected and encrypted.
You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop processing your personal information. You can also ask me at any time to correct any mistakes there may be in the personal information I hold.
You also have a right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances. You can read more about your rights here.
If you are not happy with any aspect of how I collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). I would be grateful if you would contact me first if you do have a complaint so that I can try to resolve it for you.
For more information on the GDRP policy and the rights of individuals, please see the Information Commissioner's Office at ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.
