Updated 21st May, 2018
I am the registered Data controller with ICO (Information Commissioner’s Office). Reference number: ZA331616
If you have any concerns, or feel your rights have been breached, you can make a report here https://ico.org.uk/for-the-public/
For my clients
Information will be gathered in advance of the first session using a secure form held on Google Forms. No paper copies of the Terms and Conditions will be held. Old copies, from the time before I went electronic, are locked in a secure cabinet.
Notes will be taken throughout the sessions to aid with the treatment plan. You have the right to request to see these notes, with reasonable notice and on providing sufficient proof that you are the data subject.
Notes do not contain any sensitive information. Notes cover a brief summary of the presenting issue and a brief description of interventions used. Notes are stored securely in an encrypted Dropbox location. This site is password protected and Dropbox have signed up fully to the GDPR Privacy shield requirements. Notes do not contain any identifiable information other than the date of each session and first name. Notes are held in a separate location to the terms and conditions. Personal data, held in terms and conditions agreed prior to our sessions, will be kept in line with professional guidelines for a minimum of 8 years.
I have gained this information from you directly and through no other means. Your information is NEVER shared without your consent and you have the right to have it removed at ANY time (within reason, as some basic information I am legally required to hold for HMRC purposes.)
I have an obligation under my membership of the CNHC to continue my professional learning and development and therefore I may share case histories with my Supervisors and peer-support groups. All information will be anonymous and this will not be a breach of professional confidentiality.
I will ensure that your confidentiality will be maintained in all but the most exceptional circumstances and all information collected during the sessions will be protected at all times. Information will only be disclosed under a Court Order (civil, criminal or coroner’s Court) or where not to disclose would cause danger or serious harm to yourself or others. Most standards of confidentiality applied in professional contexts are based on the Common Law concept of confidentiality where the duty to keep confidence is measured against the concept of ‘greater good’.
The information you pass on is used in a variety of ways;
• For me to keep accurate records of my clients for HMRC purposes, which include invoicing.
• So I can refer back to our previous work should you return as a future client, (this can help us both to plan your treatment).
• To provide evidence of clients I have worked with to my accrediting body. This entails, your initials only, and the dates and number of hours that we worked together.
• All the bodies I am professionally associated with also have privacy policies in place. They are the CNHC and QCHPA.
For my newsletter subscribers
Active Campaign is used to send out newsletters (Migrating from MailChimp). This third party processor will be store email addresses, first name and last name (if provided). This provider has signed up fully to the GDPR Privacy shield requirements
Email addresses will only be used to send Newsletters, and they will be sent no more frequently than monthly.
Every newsletter will contain the option to unsubscribe. Email addresses collected for newsletters will not be used for any other purpose.
For Facebook groups
You must be explicitly accepted into my Facebook group and you must explicitly agree to be included. You will not be included in the Facebook group without providing explicit permission. You can leave the group at any point by going to the group and choosing leave group. Any information used in the group, including your Facebook profile details, will not be used for any other purpose unless explicit consent is given.
Data access procedure
You have the right to request copies of any information held on you with appropriate notice and sufficient evidence that you are the data subject.
I adhere to our Code of Ethics and ensure that I have full permission from the giver of the testimonial to put it on my website and Facebook pages, and my Professional Association can request proof of this. Anyone who has contributed a testimonial can be contacted for verification
If you would like to be removed for our records, then please email me at firstname.lastname@example.org