GDPR Notice & Data Protection
The General Data Protection Regulation (GDPR), along with the Privacy and Electronic Communications Regulations (PECR), grants EU data subjects enhanced rights regarding their personal information. These regulations safeguard personal data, prevent unlawful processing, and support the free flow of information within the EU and its retention within the EEA.
We are committed to protecting your privacy in line with GDPR.
Information collected and measures taken to protect your Personal information.
All client details are held within files that require a password for access. Access to these files is strictly controlled and limited to your clinician and an administrator.
For online sessions, we use software (such as Zoom), which fully implements data security in its programs and whose adherence to GDPR compliance is stated within their Terms and Conditions.
We may make hand-written notes during therapy sessions. These are purely for our own benefit and are kept in order to facilitate the therapeutic process. These will form part of your client record, as will the factual information (name, address, date of birth, contact details) provided by you. All records are stored securely and our data storage complies fully with GDPR.
Client records are kept for the duration of therapy and, by legal obligation, for seven years after treatment ends. After the retention period, all data is deleted securely. We will never share your information with third party companies. On occasion other medical professionals or external agencies request treatment reports. Should information need to be shared with other medical professionals or agencies, your
explicit consent will be obtained beforehand and data will be transferred securely. Such reports will be limited to essential information.
In rare situations, we may be legally or ethically obligated to share information, for example, if there is a risk of harm, to prevent injustice, or if required by law.
Whenever possible, we will discuss such disclosures with you.
Your confidentiality rights, as established by GDPR (May 2018), allow you access to any personal information held by us. You have the right to see any personal data we hold about you. By law we have 30 days to respond to any such request, although we would endeavour to do so more quickly.
