Privacy Policy
I, Jenny Hunter-Phillips, am the Data Controller and Data Processor of Hampshire Therapy Room.
Data held:
The basis on which I keep client data is that of “Legitimate Interests”. This means that the data is necessary for me to fulfil the contract that we have together (i.e. to provide therapy) and it is data that you would reasonably expect me to hold and use.
Some of the information that you provide may fall under the definition of ‘Special Category Data’ as defined by the General Data Protection Regulation. The condition for processing this Special Category Data is “processing is necessary for […] the provision of health care or treatment […] or pursuant to contract with a health professional”.
I will only hold as much data as is necessary for me to fulfil our therapy contract, in line with GDPR compliance and the jurisdiction of the United Kingdom.
If an enquiry is sent, I will hold any data which is contained in the email or message. If a booking is made and a session is attended, the data held may include:
- Basic information such as name, email address and phone number
- Other contact details such as next of kin and GP details
- Information provided during our work together, including medical information and medical history
- Records of interventions and methods used in our sessions
- Emails/texts that are sent
- Information sent from any external agency, i.e. the GP or an insurance company.
Information Sharing:
Personal data is not shared with anyone apart from, in some circumstances, your GP, and for any reasons requiring disclosure which will be discussed during our first session together.
Information regarding our sessions may be shared with a trained supervisor, for professional purposes, to assist with our therapy sessions. The supervisor will also be GDPR compliant.
I may use an accountant who will have access to my ‘Free Agent’ bookkeeping records and and will view my bank and credit card records which will contain your provided payment information. If you want me to redact any identifiable data before sending it to my accountant, then please state this at the time of payment. If you use your name as a payment ‘reference,’ this will be viewed by the bank and my accountant. Free Agent will have access to your email address and name for the purpose of invoicing you.
A Therapeutic Will will ensure that you can be contacted in the event of my sudden or long-term absence. See below regarding storage of client information.
Information Storage:
- Emails sent between us will be held on my professional email account which is password protected. My mobile phone access to email is also password protected.
- Text messages sent between us are held on my work mobile phone which is password protected.
- Our session notes will be handwritten and kept in a locked filing cabinet. A coding system will make it possible to pair notes with client details if necessary, via my supervisor, but no one else would be able to connect the session notes to client data.
- Credit card information is deleted as soon as it has been processed.
- If you use online banking, the bank will also hold this data. Password protection will be used to pass banking details to my accountant or bookkeeper if necessary.
In line with GDPR:
- Your data will be kept for seven years as stipulated by my insurer. After this time, paper records will be shredded and computer records will be permanently deleted.
- All data is held securely (see details of where data is held above).
- Any data transmitted is sent via encryption where possible.
If there is any breach of data security, Hampshire Therapy Room will provide all details to the Information Commissioners Office (ICO) and will inform any affected clients as soon as possible, taking measures to minimise the potential impact.
Your rights:
- The right of a subject access request (SAR) to request that I send all information that I hold about you.
- The right to rectification if any data which I hold is incorrect.
- The right to erasure if you would like me to erase your data (in line with my insurance).
- The right to data portability which may be relevant if you want your notes sent to another therapist.
- The right to object to direct marketing.
Cookies:
A cookie is a small amount of data that is sent to your computer or mobile phone browser from a website which is then stored on your hard drive.
Cookies help me to understand how potential clients engage with my site to enable improvement. I do not use cookies to collect personal information.
How to manage cookies; You are able to restrict or block the cookies which are sent by any website through your browser settings. You can also request that your browser alerts you when a cookie is issued.
For more information about cookies, visit: www.aboutcookies.org