Privacy and Data Protection Security Policy
I am committed to complying with the terms for the General Data Protection Regulation. The details below outline my procedures for collecting, storing and processing personal data, in order to adhere to the Data Protection Act (DPA) of 2018. Personal data means data which relates to a living individual who can be identified from the data or from other information from that data.
This policy covers all the principles under the DPA. These are known as the 'data protection principles' and ensures information is:
- Used fairly and lawfully
- Used for limited, specifically stated purposes
- Used in a way that is adequate, relevant, and not excessive
- Kept for no longer than is necessary
- Kept safe and secure
- Not transferred outside the European Economic Area (EEA) without adequate protection
I commit to being responsible for your personal data, information on procedures dealing with both internal and external access requests and how the information collected is used. I am registered with the Information Commissioner’s Office (ICO), reference number C1107399.
Privacy, in its broadest sense, is about the right of an individual to be let alone. It can take two main forms, and these can be subject to different types of intrusion:
- Physical privacy – the ability of a person to maintain their own physical space or solitude. Intrusion can come in the form of unwelcome searches of a person’s home or personal possessions, bodily searches or other interference, acts of surveillance and the taking of biometric information
- Informational privacy – the ability of a person to control, edit, manage and delete information about themselves and to decide how and to what extent such information is communicated to others. Intrusion can come in the form of collection of excessive personal information, disclosure of personal information without consent and misuse of such information. It can include the collection of information through the surveillance or monitoring of how people act in public or private spaces and through the monitoring of communications whether by post, phone or online and extends to monitoring the records of senders and recipients as well as the content of messages
The information I hold about an individual:
- I need to request and store your details in order to administer and deliver the service you have requested, and to comply with any legal or professional body responsibilities that ensue in the delivering of that service.
I’m going to use this information:
- To make contact with you, to record the relevant personal contact details you give consent for me to hold, to record emergency contact information, where applicable to make clinical assessments & record clinical notes.
The information is being held securely:
- I store clients name and contact details in a file in a locked cabinet. I may also store details on a mobile phone contact list. I use initials to identify you. For email communication, I have your personal email stored and will use first names in communication with you. This email is encrypted. I use initials only in my paper diary.
- Website sign-up contact forms I receive are deleted from my email systems once I have contacted you.
- Client notes showing date, initials and a brief outline of session content are handwritten and stored in a locked filing cabinet, separate to your personal details. They may also be recorded on my laptop which is password protected.
- To comply with my professional body and good ethical practice I share details about the client case in my clinical supervision but not the client’s personal details unless a legal or safeguarding requirement requires me to do so.
- If you have chosen to ‘like’ or ‘follow’ me on my business social media page, I do not hold data about that outside of that social media setting.
The security of my website:
www.katefloyertherapy.com has an SSL certificate.
An SSL certificate shows that the data connection to an Internet page is secured with a Secure Sockets Layer (SSL). This ensures that the transferred data cannot be read or modified by third parties.
How up to date is the information that I hold about you?
- The personal information stored is as given to me on initial contact and updated as and when you inform me of any changes.
- Notes will be up to date usually on the day of our session.
- The information I hold will be kept for 7 years in line with GDPR requirements. After that it will be deleted or destroyed.
- Personal information kept is limited to a strict need-to-know basis, I do not use CCTV equipment on the premises.
- You have a right of access to and deletion of your records, please see the guidance on: https://ico.org.uk/your-data-matters/your-right-to-get-copies-of-your-data/ (March 2022)
I will only share personal information under the following circumstances:
- If during my contact time with you I become aware that there is a safeguarding risk to either you or another person I will contact the emergency contact given and/or college/professional body/emergency services/where appropriate.
- My supervisor will be handed all my counselling related paperwork should I become indisposed and will contact you and then destroy notes accordingly.
- Where you request me to do so (i.e. references or supervisory reports for college accreditation etc.)
- Where I need to comply with a legal requirement to do so (a court order for example).