This Privacy Policy is broken down into 3 sections:
1. What data do I hold and how, why and length of time do I hold it.
2. Your rights in relation to your data – Data Breaches – Complaints
3. Processing Data
Definitions:
“data controller” means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be processed
“data processor”, in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
“processing”, in relation to information or data means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data,
including—
a) organisation, adaptation or alteration of the information or data,
b) retrieval, consultation or use of the information or data,
c) disclosure of the information or data by transmission, dissemination or otherwise
making available, or
d) alignment, combination, blocking, erasure or destruction of the information or
data
Abi Hendra is a registered / member with the following organisations: is both a Controller and Processor and is registered with the ICO (Information Commissioners Office); is a member with WPP.
Updated 25 May 2018
Section 1
What data do I hold and how, why and length of time do I hold it?
Data | How? | Why? | How long for? |
Initial point of contact details | Either on my private business phone or on my Hotmail account (held under Microsoft terms and conditions) | In order to asses and respond to your request | As of the 25th May, 2018 initial contact information that does not develop into a contract is held for 3-12 months. If we do contract please see below. |
Contract | Original paper cope is kept in a securely locked cabinet. | Legal requirement | 5 years after the last session |
Clinical notes | Locked filing cabinet. | Kept aiding any ongoing work. | 5 years after the last session |
Supervision | Recorded within my clinical notes as appropriate. I am required to report to a supervisor | I am required to report to a supervisor under UKCP Standards | 5 years after the last session |
Opt out form | Locked filing cabinet | Legal requirement | 5 years after the last session |
Please note that under GDPR the data I hold is considered sensitive data.
Section 2
Your rights in relation to your data – Data Breaches – Complaints
Your rights in relation to your data
The first section of this policy informs you of what data I hold.
As a client, you may request a copy of the information.
Due to counselling being contractual work the work is kept up to 5 years at which point it will be destroyed.
An Opt out form will need to be completed in the first session (or after if you started prior to 25th May 2018).
Clinical Executor – I am required to have a Clinical Executor in case of emergencies. They do not hold your data. A Clinical Executor will only have access to data in the event of emergencies where I am not able to contact you myself or in the event of my death in order to contact you.
GDPR and Confidentiality is exempt under the following laws in therapy The Children Act 1989, Prevention of Terrorism Act 2003, and Mental Health Act, 1983 and subsequent acts
Data Breach
Currently installing an extra layer of security to mitigate a Data Breach – I am currently making all Clinical notes electronic in order to store them on an encrypted USB which is locked away. In the event of a data breach I will be contacting you to let you know and the ICO.
Complaints
In the event of a complaint, I would encourage you to contact me and see if we can resolve the matter.
If this is not successful you can contact the following
Welsh Psychotherapy Partners
http://www.welshpsychotherapy.org.uk
Section 3
Data Processing
Provider | Why might they hold your data | Privacy policy |
Tesco mobile | If you call or text me | https://www.tescomobile.com/about-us/terms-and-conditions/general/privacy-and-cookies-policy |
Hotmail / Microsoft | If you email me | https://privacy.microsoft.com/en-GB/ |
WordPress | If you use my website to contact me | https://en.support.wordpress.com/your-site-and-the-gdpr/ |
Google ad words express | Clicked on an advert on ,m.Google.my website uses cookies. | https://policies.google.com/privacy https://policies.google.com/terms |
Co-operative Bank | If you pay by bank transfer | https://www.co-operativebank.co.uk/global/privacy-and-cookies |
Quickbooks Accounts | To process my business accounts | https://quickbooks.intuit.com/eu/privacy-policy/ |
HMRC | HMRC has the right to audit any business | http://www.business.hsbc.com/privacy-policy |
Holistic Insurance | In the event of a complaint and / or that I need legal advice – the sharing of data will be as required only | http://www.holisticinsurance.co.uk/about/ |
Welsh Psychotherapy Partnership | In the event of a complaint and / or that I need legal advice – the sharing of data will be as required only | http://www.welshpsychotherapy.org.uk/ |
N.B This Policy can and will be updated as the owner sees fit. This includes but is not limited to improving transparency