Privacy policy.

Privacy Policy

This Privacy Policy governs the manner in which I collect, use, maintain and disclose information collected from clients of my practice. This Privacy Policy applies to the practice, website and services offered online or by phone.

I am committed to safeguarding the privacy of my website visitors and individual clients.  

This policy applies where I am acting as a data controller with respect to the personal data where I determine the purposes and means of the processing of that personal data.

In this policy, “I”, "me" and "my" refer to Deborah Vickerman.

Personal details and how they are stored:  I am registered with the Information Commissioner's Office (ICO) and in accordance with the General Data Protection Regulations (GDPR) 2018, any records relevant to our sessions will be kept confidential and held in a secure manner. Electronic documents will be encrypted and any hard copies kept in a locked cabinet. The following personal details will be held on file:

Personal data: name, address, email, contact number, and GP contact details.

Sensitive personal data: signed therapy client agreement, therapy records (therapist notes, letters, reports and/or outcome measures).

Financial data: If you pay by BACS your name will be on my bank statements.

If you complete a web-based enquiry form, I will also collect the information provided. All web services I use are GDPR compliant.

Client session notes will be held securely on file for 7 years and then destroyed.

If you are referred by your health insurance provider, then I will also collect and process personal data provided by that organisation. This includes basic contact information, referral information, health insurance policy number and authorisation for psychological treatment.

Purposes of processing data: I may process your personal data for the purposes of operating my website, the processing of replying to contact information requests, providing my services, generating invoices and payment-related documentation. The legal basis for this processing is my legitimate interests, namely providing my clients with psychotherapy along with the proper administration of my website, services and business.  This includes a contract between you and me and/or taking steps, at your request, to enter into such a contract.

Relationships and communications: I may process contact data, account data, and communication data for the purposes of managing our relationships, communicating with you excluding communicating for the purposes of direct marketing by email, SMS, post and/or telephone, providing support services and complaint handling. The legal basis for this processing is my legitimate interests, namely communications with my website visitors, individual clients, the maintenance of relationships, and the proper administration of my website, services and business.

Research and analysis: I may process usage data for the purposes of researching and analysing the use of my website and services.  The legal basis for this processing is my legitimate interests, namely monitoring, supporting, improving and securing my website, services and business generally.

Record keeping: I may process your personal data for the purposes of creating and maintaining my records, back-up copies of my records generally. The legal basis for this processing is my legitimate interests, namely ensuring that I have access to all the information I need to properly and efficiently run my business in accordance with this policy.

Providing your personal data to others: I do use an accountant for my tax returns, and they have access to my bank statements, detailing payments from clients. My accountant adheres to client confidentiality. However, if this causes you any concern, please let me know and we can discuss alternatives to protect your personal information.

I will not disclose any information to a third party other than in the event that in my opinion there is a threat to your own safety or to the safety of others, or if I am obliged to do so by law.  If it becomes necessary to disclose information for these purposes I would always try to do this in discussion with you and with your prior consent. My governing body the BACP requires me to have appropriate supervision for all clients. 

Legal claims: I may process your personal data where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is my legitimate interests, namely the protection and assertion of my legal rights, your legal rights and the legal rights of others.

Legal compliance and vital interests: I may also process your personal data where such processing is necessary for compliance with a legal obligation to which I am subject or in order to protect your vital interests or the vital interests of another natural person.

Retaining and deleting personal data: Personal data that I process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. Your personal information will only be stored for as long as it is required.  Basic contact information will be deleted within 6 months of the end of therapy.

The sensitive personal data defined above is stored for a period of 7 years after the end of therapy. After this time, this data is deleted at the end of each calendar year.

I may retain your personal data where such retention is necessary for compliance with a legal obligation to which I am subject, or in order to protect your vital interests or the vital interests of another natural person.

Sharing your personal information: Information about clients and the therapy they receive is held in confidence. This means that your personal information will not normally be shared with anyone else. However, there are exceptions to this when there may be need for liaison with other parties:

If you are referred by your health insurance provider, or are otherwise claiming through a health insurance policy to fund therapy, then we will share appointment schedules with that organisation for the purposes of billing. We may also share information with that organisation to provide treatment updates.

In cases where treatment has been instructed by a solicitor, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.

In exceptional circumstances, it may be necessary to share personal information with relevant authorities:

When there is need-to-know information for another health provider, such as your GP.

When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.

When the information concerns risk of harm to the client, or risk of harm to another adult or a child. I will always try and discuss such a proposed disclosure with you unless to do so could increase the level of risk to you or to someone else.

I do not sell, trade, or rent client personal identification information to others.

Your rights:  You have a right to access the information held about you. This will usually be shared this with you within 30 days of receiving a request.  I may request further evidence from you to check your identity. A copy of your personal information will usually be sent to you in a permanent form (that is, a printed copy).  You have a right to get your personal information corrected if it is inaccurate.

If you think that data protection laws have not been complied with, you have a right to lodge a complaint with the Information Commissioner’s Office.

These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

You may exercise any of your rights in relation to your personal data by written notice to us, using the contact details set out below.  I reserve the right to refuse a request to delete a client’s personal information where this comprises therapy records. Therapy records are retained for a period of 7 years in accordance with the guidelines and requirements for record keeping.

Amendments: I may update this policy from time to time by publishing a new version on my website.  You should check this page occasionally to ensure you are happy with any changes to this policy.

I will notify you of significant changes to this policy by email.

My details: This website is owned and operated by Deborah Vickerman

My principal place of business is at Unity, 26 Roundhay Road, Leeds, LS7 1AB.

You can contact me:

(a)                 using my website contact form;

(b)                 by telephone, on the contact number published on my contract if you are a client; or

(c)                  by email, using the email address published on my website.

 

Credit: This document was created using a template from Docular: https://seqlegal.com/free-legal-documents/privacy-policy