Privacy Policy - Psychotherapy
Your privacy is very important to me and you can be confident that your personal information will be kept safe and secure and will only be used for the purpose it was given to me. I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016/679) (the GDPR), the Data Protection Act 2018 and the Privacy and Electronic Communications (EC Directive) Regulations 2003.
This privacy notice tells you what I will do with your personal information from initial point of contact through to after your therapy has ended, including:
* Why I am able to process your information and what purpose I am processing it for
* Whether you have to provide it to me
* How long I store it for
* Whether there are other recipients of your personal information
* Whether I intend to transfer it to another country,
* Whether I do automated decision-making or profiling, and
* Your data protection rights.
I am happy to chat through any questions you might have about my data protection policy and you can contact me via email.
‘Data controller’ is the term used to describe the person/organisation that collects and stores and has responsibility for people’s personal data. In this instance, the data controller is me.
I am registered with the Information Commissioner’s Office, #ZA913733/ Permit Full Expression Ltd
The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data. I have explained these below:
If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information.
If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract.
The GDPR also makes sure that I look after any sensitive personal information that you may disclose to me appropriately. This type of information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is that it is for provision of health treatment (in this case psychotherapy) and necessary for a contract with a health professional (in this case, a contract between me and you).
How I use your information
Initial contact.
When you contact me with an enquiry about my psychotherapy services I will collect information to help me satisfy your enquiry. Alternatively, your GP or other health professional may send me your details when making a referral or a parent or trusted individual may give me your details when making an enquiry on your behalf.
If you decide not to proceed I will ensure all your personal data is deleted within one week. If you would like me to delete this information sooner, let me know.
While you are accessing counselling.
Rest assured that everything you discuss with me is confidential. That confidentiality will only be broken if I believe you are a risk to yourself or others. I will always try to speak to you about this first, unless there are safeguarding issues that prevent this.
I will keep a record of your personal details to help the counselling services run smoothly. These details are kept securely in digital format and are not shared with any third party.
For security reasons I do not retain text messages for more than on week. Likewise, any email correspondence will be deleted after one week if it is not important.
Your rights
I try to be as open as I can be in terms of giving people access to their personal information. You have a right to ask me to delete your personal information, to limit how I use your personal information, or to stop processing your personal information. You also have a right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances. You can read more about your rights at ico.org.uk/your-data-matters.
If I do hold information about you I will:
* give you a description of it and where it came from;
* tell you why I am holding its, tell you how long I will store your data and how I made this decision;
* tell you who it could be disclosed to;
* let you have a copy of the information in an intelligible form.
You can also ask me at any time to correct any mistakes there may be in the personal information I hold about you.
To make a request for any personal information I may hold about you, please put the request in writing addressing it to kb@permitfullexpression.com.
If you have any complaint about how I handle your personal data please do not hesitate to get in touch with me by writing or emailing to the contact details given above.
If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint.
Data security
I take the security of the data I hold about you very seriously and as such I take every effort to make sure it is kept secure, using encrypted devices.
Visitors to my website
When someone visits my website, I use a third party service, Squarespace, to collect standard internet log information and details of visitor behaviour patterns. This information is only processed in a way that does not identify anyone. I do not make, and do not allow Squarespace to make, any attempt to find out the identities of those visiting my website.
I use legitimate interests as my lawful basis for holding and using your personal information in this way when you visit my website.
Like most websites we use cookies to help the site work more efficiently. No user-specific data is collected by me or any third party.
Digital Policy - Psychotherapy
This digital policy aims to address and contain the most likely eventualities that may arise where psychotherapy and the digital world meet, and also with reference to maintaining privacy and data protection.
This document acknowledges the complex world of digital media and tries its best to address issues that may impact the therapeutic relationship. The guidelines are based on my own research and the choices I have made with regard to my own online activities; I am open to changing my positions on it. In the meantime, I ask all my clients to read through this document so they can be familiar with these positions.
My authorial activities
It is important for you to be aware that I have written and published articles and books on mental health and illness in the past. Some of these, which I believe offer useful and valuable resources for maintaining mental health and recovering from depression, are listed on my website here.
I hold my duty of care and confidentiality to my psychotherapy clients as sacrosanct and consider my authorial work to be completely separate from my clinical work.
Keeping Boundaries:
The nature of online presences can blur interpersonal boundaries, so it is important to be as clear as possible about how boundaries may be compromised. As a general rule, I like to keep clinical work in the consultation room as much as possible. However, the nature of the digital world can sometimes stretch these boundaries, so I offer the best clarity I can below.
I am not currently using an e-mail encryption programme, so any emails we send to each other may be vulnerable to viruses or human error. For this reason, it is best to be thoughtful about what you include in emails to me, and which email address you choose to use with me. Often it is best to rely on email for non-confidential communications such as managing session times. In an effort to keep confidential and psychological material in our sessions it is best avoided in emails unless we discuss it beforehand. I will always request your preferred email address from our first session.
If you choose to communicate with me by email, be aware that all emails are retained in the logs of Internet Service Providers. Furthermore, they can be vulnerable to viruses and unintended forwarding or replication. If you are concerned about the confidentiality of your emails, you may wish to discuss this with me in a session.
I endeavour to respond to all emails within 24 hours. If I am away for an extended period, you will receive an automated response. Emails should never be used in the event of an emergency, in which case you should contact emergency services.
Text messages
You may contact me by text message to alert me if you are running late for a session or for similar reasons. However, because of the lack of context of text messages, it is generally not the best method for communicating with me about more important matters.
As a private practitioner I am unable to offer an emergency service, even by phone. Should you experience an emergency please contact either the emergency services or if you are feeling suicidal, ring The Samaritans: 116 123. If you feel that this may be an issue, please discuss it with me.
Zoom and Skype
When engaging in sessions via video conferencing, eg Zoom or Skype, we both agree not to record sessions. It is also advisable that the environment from which you are working with me on these technologies is safe, secure, and private.
Social Media
I, like many others, maintain personal profiles on several social media platforms and I would prefer that our relationship remain as much as possible between us in our sessions. I will not knowingly enagage with clients over social media. I do not add or accept current or former clients as connections on social media platforms.
I avoid encountering information about you that does not come directly from you, and I do not Google my clients. I am aware, however, that clients will often Google prospective therapists as part of their process in choosing one. If you did so with me, and this produced any questions, I would be happy to address them with you. Going forward, I have found it is best to find out from each other what we need to know face-to-face.
Addendum: General Data Protection Regulation
You have a right to know what information I keep about you. I also keep notes about our sessions together. These notes are kept in protected digital documents. There are never kept alongside information that identifies you.
These notes are not shared with anyone other than anonymously within supervision, which I am ethically obligated to participate in. Under rare circumstances, notes can be subpoenaed in a court of law. Because of this, I try to keep my notes to a minimum. I will keep your notes for the period to which I am obliged which can be anywhere from 3 to 7 years, after which they will be destroyed.
You have the right to request any information I keep about you. As these notes are for my own use only, I would advise that we discuss together your reasons for requesting them in therapy. After this conversation, should you request a written copy, I will require time to type them up and you can have them within one calendar month.
I also keep your contact information, email, phone number, address, and GP details in in protected digital form so I can contact you if necessary. I take care to keep my digital devices and services invulnerable to cyber attacks but these contacts may be vulnerable to hacking.
Emails may also be vulnerable to hacking or miss-sending by human error. If you would prefer not to communicate by email, please let me know. Otherwise, it is best to use email only for logistical purposes (changing session times, etc).
You have the right to have the information I hold about you erased. If you would like me to delete your information, let me know. However, as above, I may need to retain your notes for a required period of time, after which they will be deleted. In general, I will only hold the minimum of information I need about you to carry out my duties, and will regularly audit and clear such data.