The policy describes how I manage your information when you use my services. Please do not hesitate to contact me if your questions are not fully answered by this policy. If you are not satisfied by our discussion, you can contact the Information Commissioner’s Office (ICO) via https://ico.org.uk.
You have rights in relation to the information I hold about you. These including knowing what information I collect, why, how I use and store it. You are also entitled to request access to the information I hold about you, to request that it be correct if incorrect, and to limit how I use it, to object to my holding it, and to ask for it to be deleted. For more information about your rights, please visit: https://ico.org.uk/your-data-matters/
1. Why do I need to collect your personal data?
I need to collect information about you on the basis of ‘legitimate interest’, which means that I need to have valid reasons for holding your data. The reasons why I hold your data are so that I can:
Know who you are so that I can communicate with you in a personal way. The legal basis for this is a legitimate interest.
Deliver goods and services to you. The legal basis for this is my contract with you to provide a service.
Process your payment for the goods and services. The legal basis for this is the contract with you.
Verify your identity so that I can be sure I am dealing with the right person. The legal basis for this is a legitimate interest.
Optimise your assessment and treatment. The legal basis for this is a legitimate interest.
2. What personal information do I collect?
My website does not collect any personal information. However, should you choose to engage my services, I would request the following information:
· Your name
· Your contact details including a postal address, telephone number(s) and electronic contact such as email address.
· Your date of birth
· Your health insurance details (where applicable)
· If we agree that it would be useful, and with your consent, I may also collect information from, and liaise with, third parties; for example, from another health professional (e.g. GP) or child’s teacher. This may include sensitive personal information.
3. How do I use the information that I collect?
· To communicate with you so that I can inform you about your appointments with me, I will collect personally identifying information such as your name and contact details such as your telephone number, email or postal address
· To deliver the correct service to you
· To create and send your invoice
· As described above, with your consent we may agree that it would be useful for me to liaise with or collect information from third parties such as your GP or child’s school
4. Where do I keep the information?
I store information according to the guidance given by the Information Commissioner’s Office (ICO)keep information in the stores described below:
· On my computer, in a password protected drive.
· Information contained in emails may be stored on my phone, which is password protected. In addition, my Protonmail email account is encrypted at both ends, and has additional password protection on my electronic devices.
· I keep paper records in a locked filing cabinet.
5. How long do I keep the information?
· If you make an enquiry, I will keep my notes of our conversation for a year. This is to ensure I can provide the best possible service should things change and you contact me again.
· If you proceed with treatment, I will keep your notes for seven years for adults. For children, I comply with the Department of Health recommendation that data is retained for children is until the patient’s 25th birthday or 26th if young person was 17 at conclusion of treatment, or 8 years after death. http://www.bma.org.uk/ethics/health_records/retentionrecords.jsp
· All retained personal information will be confidentially disposed of when it is considered to be of no further value.
6. With whom do I share information?
· I share only the information that is necessary to achieve clinical and business purposes. I send invoices and reports to health insurance companies and other professionals as required professionally. Cloud storage providers will have information shared with them in compliance with GDPR. Information is shared to the degree necessary for accounting and tax purposes.
The exceptions to the above rule would be:
· Risk of harm: If I have reason to believe that you, or someone else, is at risk of harm I may need to share information in order to avert harm. This happens very rarely, but if I need to breach confidentiality I would always discuss this with you first, unless there is an immediate risk of harm which prevents me doing so.
· To comply with applicable laws; respond to governmental enquiries (or enquiries from a legal, governmental or quasi-governmental or local authority agency); comply with a valid legal process or procedure; or protect my rights or property.
7. How can you see all the information I hold about you?
· You can make a subject access request to me. This does not need to be in writing and may be made in person or by phone. I may require further additional verification that you are who you say you are to process this request. I may withhold personal information to the extent permitted by law. In practice, this means that I may not provide information if I consider that providing the information will violate your vital interests.
8. What if your information is incorrect or you wish your information to be removed from my system?
· Please contact me. I may require additional verification that you are who you say you are to process this request. If you want to have your data removed I will have to determine whether I need to keep the data, for example to comply with professional bodies or HMRC. If Idecide that I should delete the data, I will do so without undue delay.
9. Will I send emails and text messages to you?
As part of providing a service to you I may communicate via email, keeping the information in the body of the text to a minimum. Any reports with personally identifying or sensitive information that I send to you will be password protected. All emails are deleted as soon as practically possible.
10. How do you opt out of receiving emails and/or text messages?
If you do not wish to receive information through these means, please let me know.
11. What happens in the event of a data breach?
If there is any threat to the security of the information I hold, I would inform you and notify the ICO within 72 hours, together with a summary of the nature of the breach, the steps taken to reduce the risk to data subjects, and measures to prevent the breach from happening again. All personal data breaches, however minor, and whether reportable or not are recorded.
12. Complaints or queries Please raise any concerns or queries with me in the first instance. If you are not satisfied with my response to complaints or queries you can raise a complaint with the Information Commissioner’s Office (ICO) Contact information ICO: Website: https://ico.org.uk/concerns Email: firstname.lastname@example.org Telephone: 0303 1231113