The basis on which I keep client data is that of what is called “Legitimate Interests”.
This means that the only information I keep will be that which is necessary in order for me to provide therapy for you.
Data about health is regarded as a special category of data by the General Data Protection Regulation. The condition for processing this special data is that “processing is necessary for medical diagnosis, the provision of health care or treatment pursuant to contract with a health professional”.
For those who book and attend at least one session, the data I hold will include:
- Basic information such as name, email address and phone number
- Information that you give me as part of the work we do together
- Emails, texts or messages that are sent between us
- Information sent from any third party, eg GP, insurance company, EAP
Therapy is a confidential process and so information will not be shared with anyone without your explicit knowledge, and then only for the reasons covered by the Requirements for Disclosure which are detailed and discussed when we first meet.
In the unlikely event of any unlawful data breach I will give full details to the Information Commissioners Office and to any person affected within 72 hours of the breach and will do all possible to minimise any potential impact.
By law you have access to copies of all the information that I might hold about you. It is important that you recognise that this information is confidential and so, should you request it, I will need to speak with you to prevent the possibility of fraudulent access and will then provide you with any data that I hold on you as soon as possible.
If you wish me to erase your data just let me know and I will delete any computer records and shred any paper records as soon as I can following a request.