The Data Protection Act 2018 controls how your personal information is used by organisations, businesses or government and is the UK's implementation of the General Data Protection Regulation (GDPR).
Your Information
Amanda Rose Therapy will be the 'Controller' of any personal data provided to us. Upon starting therapy, basic personal information will be collected for contact and identification purposes. We do not collect and information not needed. During your therapy meetings, an assessment of your psychological health will be completed, and notes will be taken during sessions. These will include personal and sensitive details about your life. The assessment and notes are used solely for the delivery of a therapy service to you. Amanda Rose Therapy will not share any information about you with third parties without your consent with the exception of that detailed in the Confidentiality section of our Code of Conduct policy.
Hard Copies
Hard copies of documents are stored ……
Electronic Data
Any electronic notes written about the work will be stored in a password protected file on …..
Emails:
If you have emailed Amanda Rose Therapy and/or have consented to Amanda Rose Therapy emailing you, your email will be stored in an account that is password protected. If you use the contact message form on the Amanda Rose Therapy website, this information will be sent to a password protected email address that is only accessible to our administration team or the therapist appointed to you. Please note that whilst the email accounts used by Amanda Rose Therapy comply with the latest data protection regulations, we cannot guarantee the security and privacy of your communication due to our hosted services terms & conditions.
Telephone Calls and Text Messaging:
Our therapists will not store your number, but if a call is made or a text sent, your number could appear on the call history or inbox. This will not be linked to your name or other identifiable information and the phone used is protected by a pin number that only the therapist has access to. Please note that if you choose to use a standard telephone service, we cannot guarantee the security and privacy of your communication as these are not encrypted.
Video Calls:
The method of communication for therapy sessions requested to be remote and online, is by pre-arranged video call. The preferred videoconference application of Amanda Rose Therapy is an encrypted platform called Google Meet. Our therapists use a unique private meeting link for these sessions. You can either access the online meeting room via a link that your therapist will send in an email, or directly from the Google Meet app on your desktop or mobile. This is a secure service.
What are Your rights?
You have a right to see and personal data that Amanda Rose Therapy holds to verify the accuracy or to ask for it to be supplemented, deleted, updated or corrected. You have the right to request a copy of the information that that Amanda Rose Therapy holds about you. If you would like a copy of some or all of your personal information, please email or write to your therapist or via the contact form on the homepage of our website. Information will be provided to you within 30 days if this is appropriate.
You are entitle to request that any information is corrected or removed if you think is inaccurate. You have a right to request the transfer of your data to another individual or company. If you are concerned or have a complaint about how Amanda Rose Therapy is handling your data, please contact us directly if possible. You have the right to complain to the Information Commissioner’s office (ICO): https://ico.org.uk/
How Long is your Data Retained for?
Your information is kept for the time necessary to provide the therapy service requested. At the end of therapy, any hard copy documents will be converted to digital copies. The hard copies will then be securely destroyed (shredded). Amanda Rose Therapy will hold your details and session notes electronically for a period of 7 years following the end of treatment to comply with legal obligations set by our insurers. In the case of a children and young people, records will be kept for 7 years after they reach the age of majority (18). After this date, all data will be securely deleted.
Sharing of data
There may be times where your information needs to be shared with third parties. ……..will explicitly ask your consent before doing so, and the data will be sent to third parties securely. In the event of sudden illness, or even death, …..has a secure process in place which enables you to be informed of the circumstances and, if you wish, be supported to access further psychological input. In this situation, ………would gain access to you name and email address held on a secure shared folder. Your details would only be accessed by …….in this instance and for no other reason. Your name and email address will automatically be added to the list held on a secure network for this purpose. If you do not wish for your details to be held for this purpose, please inform ……at the start of your work.
If …..feels that you / your child is putting themselves or others at risk, then …..may have to break confidentiality and inform the relevant parties. This maybe statutory bodies e.g. Social Services or maybe parents if the child is under 18 years of age. If possible, ……will discuss this with you / your child before sharing the information.
Security of your data
Information will be kept securely and confidentially in line with the data retention policy as stated above.
Lawful basis for processing your information
The lawful basis for …….holding and using your information is in relation to the delivery of a contract to you as a health care professional. As an accredited member of ………….operates under a strict code of confidentiality and is legally obliged to lawfully process your data in line with this Privacy Policy.