Privacy Policy 

I am a Chartered Clinical Psychologist registered with the British Psychological Society (BPS) and the Health and Care Professions Council. (HCPC). As such I am obliged to comply with the Codes of Practice set out by these organisations. 

In order to provide you with clinical psychology services, I need to collect and process your personal information. I am obligated to process your personal data in compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.  

 Within my practice I am the Data Controller of your personal information. This privacy notice describes the information I collect about you, how it is used and shared, and your rights regarding it.  I will take all possible steps to protect personal information. I will ensure that I do not do anything that may infringe your rights or undermine your trust.   In the case of Video Therapy only GDPR compliant platforms will be used such as Zoom or Skype. Any email correspondence relating to you will be sent using an encrypted email service. 

I am registered with the Information Commissioner’s Office and my ICO registration number is ZA819558. You can check my registration on the ICO’s Data Protection Register here. If you need to contact me about your personal information and how I process it please contact me at chrissie@therapyni.co.uk

What Personal Data do I process about you? 

To provide services to you I will need to process the following type of personal information: 

  • Basic contact details, including your address and telephone number, 

  • Next of kin information 

  • Financial information or details relating to your Health insurance where this is relevant 

  • Details relating to your background, education and employment 

  • GP details 

  • If you complete an online enquiry form, I will also your have internet protocol (IP) address and email address

I will also need to process sensitive data relating to your health information such as that held in therapist notes, reports and referral letters. Where relevant this may also include information from Social Services.  On occasion, if shared with me I may also hold personal data relating to criminal convictions and offences. 

Where do I obtain your personal data from? 

The vast majority of the information that I hold about you is provided by you to me in the course of your therapy. I will also obtain information from other sources when appropriate, such as 

  • Medical Notes & Records 

  • Referral Letters 

  • Health Professionals and Therapists  

  • Information from employers, social services, educational establishments 

  • Information in legal documents 

  • Health insurance providers 

 I use your personal information for the following purposes: 

  • To provide psychological assessment and therapeutic services; 

  • To manage and administer my practice; 

  • To comply with all regulatory and professional obligations 

  • Communicate with you about my services 

  • To communicate with other relevant third parties when appropriate, such as your GP.

 My lawful basis for processing your information 

In order that I can provide clinical psychology services I must process your personal data. The General Data Protection Regulation (the GDPR) requires that where I process personal data I must have a lawful basis for doing so. The lawful bases identified in the GDPR that I seek to rely upon are as follows:  

  • Your specific consent to process your data for the provision of therapeutic services. You will also have the right to withdraw your consent at any time.  

  • To comply with my contractual obligations 

  • Compliance with a legal obligation  to comply with various regulatory and professional obligations. 

  • To ensure your vital interests for safeguarding and risk management. 

  • To achieve the legitimate interests of my practice and your interests as a client of my practice. These legitimate interests include but are not limited to the purposes set out above. 

Processing Special Category and Criminal Offence Data: 

The GDPR specifies that where I process special category data, such as medical information or information relating to criminal offences, I must rely upon certain exemptions in order to do so lawfully. The following exemptions are applicable in my practice 

  • I have your explicit consent to do so;

  • It is necessary for the provision of therapeutic services 

Who I might share personal information with 

I hold information about each of my clients and the therapy they receive in confidence. This means that I will not normally share your personal information with anyone else. However, there are exceptions to this when there may be need for liaison with other parties: 

  • If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then I will share appointment schedules with that organisation for the purposes of billing. We may also share information with that organisation to provide treatment updates.

  • In cases where treatment has been instructed by a solicitor, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.

  • For the purposes of accounting, I need to share bank statements with my accountant. If you pay for your services with me through bank transfer, it is possible your name will appear on my bank statements depending on how you have set up the bank transfer details. All information and data handled for accounting purposes adheres to GDPR guidelines and is strictly confidential.

  • In exceptional circumstances, we might need to share personal information with relevant authorities: 

    • When there is need-to-know information for another Health and Social Care provider, such as your GP or Social Services

    • When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order. 

  • When the information concerns risk of harm to the client, or risk of harm to another adult or a child. I will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else.

How long will I retain your information? 

Data is retained at the end of service provision in line with Department of Health and BPS guidance. The retention period is 7 years post treatment for adults and until age 18 plus 7 years for children and young people. Your data will be stored electronically on an encrypted and password protected system.

  • Once this retention period has expired, I will delete your information unless: 

    • There is an unresolved issue, such as a claim or dispute; 

    • I am legally required to; or 

    • There are overriding legitimate business interests to do so.

    Where your data is no longer required, all hard copy and electronic data will be deleted in accordance with my Data Protection Policy.

    Email enquiries will be deleted after one month if you are not proceeding with my assessment or therapeutic services.

Your rights 

 The GDPR gives you specific rights in terms of your personal data. These are as follows:

  • You have the right of access to the information I hold and what I use it for;  you can ask for a copy of the personal information I hold about you;  

  • You can ask me to correct any inaccuracies with the personal data I hold 

  • You can ask me to stop sending you direct mail, or emails,  or in some circumstances ask me to stop processing your details.  

Finally, if I do something irregular or improper with your personal data you can complain to the ICO if you are unhappy with how I have processed your information or dealt with your query. You may also seek compensation for any distress you are caused or loss you have incurred.  

 Accessing and correcting your information 

 You may request access to, correction of, or a copy of your information by contacting me at chrissie@therapyni.co.uk  

You can find out more information from the ICO’s website:  Home | ICO