Dr Alessia Price Clinical Psychologist Northamptonshire, Buckinghamshire , Oxfordshire

Data Protection and Privacy Notice for Therapy Clients

You may be aware of new laws relating to General Data Protection Regulation (GDPR) that are in effect from 25 May 2018. The purpose of GDPR is to provide a set of standardised data protection laws across all EU member countries.

Under data protection law you, as a client of AP Psychology Services, have specific rights. To communicate these rights to you we are providing you with this privacy notice.

Data Controller

Dr Alessia Price is the data controller for AP Psychology Services.

What is personal data

Personal data is information relating to an identified or identifiable person. Examples include an individual’s name, address, date of birth, telephone number(s), email address. Personal data also includes specific categories of data, such as that relating to an individual’s health.

What personal data do we record and process?

AP Psychology Services collects, processes and retains the following personal data from therapy clients:

• Personal data: basic contact information: name, address, email, contact number, and GP contact details.

• Sensitive personal data: signed therapy client agreement, therapy records (therapist notes, letters, reports, and outcome measures), and, if relevant, information pertaining to other aspects of your health such as medication you are taking.

• If you complete a web-based enquiry form, we will also process and retain any information you provide. All web services used by AP Psychology Services are verified by themselves as GDPR compliant.

• Details of contact between yourself and AP Psychology Services and any financial transactions.

If you are referred by your health insurance provider, then we will also collect, process and retain personal data provided by that organisation. This includes basic contact information, referral information, and health insurance policy number and authorisation for psychological treatment.

What do we use your personal data for?

AP Psychology Services has a legitimate interest in using the personal data and sensitive personal data we collect to provide health treatment. As such we use your personal data:

• To provide you with the most appropriate and timely healthcare, such as psychological therapy to you.

• To monitor and keep records of our communications with you.

• To help us manage and audit our business operations including accounting.

• To comply with legal and regulatory obligations.

We may also ask for information on how you found our service for the purpose of our own marketing research. No information you provide is passed on without your consent. We will never sell your information to others.

What we do with your personal information

At AP Psychology Services we take your privacy seriously. We will only use your personal information to provide the services you have requested from us. If you do not provide the personal information requested, then we may be unable to provide a therapy service to you.

Retaining your personal data

Data may be recorded both electronically and/or on paper. We ensure that policies are in place to keep your data confidential and secure. The sensitive personal data defined above is stored for a period of 7 years after the end of therapy to comply with regulatory requirements. After this time, this data is deleted at the end of each calendar year.

We will only store your basic personal information for as long as it is required. Basic contact information held on a therapist’s mobile phone, such as telephone contact details, is deleted within 3 months of the end of therapy.

Sharing your personal data

We hold information about each of our clients and the therapy they receive in confidence. This means that we will not normally share your personal information with anyone else.

However, there are exceptions to this when there may be need for liaison with other parties:

• If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then we will share appointment schedules with that organisation for the purposes of billing. We may also share information with that organisation to provide treatment updates.

In exceptional circumstances, we might need to share personal information with relevant authorities:

• When there is need-to-know information for another health provider, such as your GP.

• When the information concerns risk of harm to the client, or risk of harm to another adult or a child. We will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else.

• When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.

• UK Government Bodies such as HMRC and Inland revenue may request information for the purpose of tax and accounting where there is a legal duty.

What we will NOT do with your personal information

We will not share your personal information with third-parties for marketing purposes.

How we ensure the security of personal information

Personal information is minimised in phone and email communication. Sensitive personal data will be sent in an email attachment that is password protected. Email applications use private (SSL) settings, which encrypts email traffic so that it cannot be read at any point between our computing devices and our mail server. AP Psychology Services will never use open or unsecure Wi-Fi networks to send any personal data.

Personal information is also stored on an office computer and is password protected. Malware and antivirus protection is installed on all computing devices. Mobile devices are protected with a passcode/thumbprint scanner, mobile security and antivirus software.

What are your rights under data protection laws?

You have legal rights governing the use of your personal data. They are:

• The right to be informed about the personal data being processed

• The right to access your personal data and information we hold about you

• This information will be shared within 30 days of receiving a request

• The right to rectification (correction of inaccuracies) of your personal data

• The right to restrict the processing of your personal data (this may impact the treatment you are offered / able to receive)

• The right to data portability (to move, copy or transfer) your personal data

• You can complain to a regulator. If you think that we haven't complied with data protection laws, you have a right to lodge a complaint with the Information Commissioner’s Office.

AP Psychology Services reserves the right to refuse a request to delete a client’s personal information where this is therapy records. Therapy records are retained for a period of 7 years in accordance with the guidelines and requirements for record keeping by The British Psychological Society (BPS; 2000)[1] and The Health and Care Professions Council (HCPC; 2017)[2].

Dr Alessia Price

Clinical Psychologist & Owner

May 2018

[1]The British Psychological Society (2000). Clinical Psychology and Case Notes: Guidance on Good Practice. Leicester: Division of Clinical Psychology, BPS.

[2]Health and Care Professions Council (2017). Confidentiality – guidance for registrants. London: HCPC.