What information I keep and why do I keep it?
Email address and phone number(s) - These are kept so that I can contact you.
I use a Google Calendar which allows me to book, reschedule and cancel your appointments, send you invoices/receipts and reminders to your email address. Only your first name, the first initial of your last name and email address will be stored. This information is linked to my email address on a password protected device and is therefore not accessible to third parties.
When may your data be shared?
There are occasions when I may need to share your information with other professionals.
These are as follows:
If I receive a subpoena from a court of law.
If you disclose information that raises safeguarding concerns including serious risk of harm to yourself or others; or abuse or neglect of a child or vulnerable adult, I have a duty of care to disclose that information to the appropriate authorities.
If you disclose information that indicates that you are at substantial risk of suicide, I will release that information to your GP. If there is an immediate risk I will contact the emergency services.
If you disclose anything to do with terrorism, drug trafficking or money laundering I am legally required to inform the police and it is a criminal offence for me to inform you that I have done so.
In the event of my death or incapacitation, there is a Plan B for all clients to be contacted. If Plan B needs to be used, your records will be released to one of my colleagues who will then make contact with you.
As part of my personal and professional development I undergo clinical supervision. My Supervisor is held by the same privacy, data protection and confidentiality clauses. In discussing themes in your case and our work together with my Supervisor I will not disclose your full name or anything else that would enable you to be identified.
If I do need to share information about you, I will always aim to discuss it with you first unless the situation requires an immediate response. If I am required to release information before discussing it with you, I will inform you at the earliest opportunity except in the case of information relating to terrorism, drug trafficking or money laundering.
How long will I store your data for and how will I dispose of it?
Your phone number is kept on my business phone, which is pin protected and only accessed by me, and stored under your first name and the first initial of your last name. These details will be deleted from my phone one month after our work finishes.
My email address is mdhealingways@gmail.com This is a free password-protected account hosted by Google that offers standard encryption (TLS) and is also subject to Google’s own privacy policies. Your email address is stored on the account and is only accessible by me. These details will be deleted from the account one month after our work finishes.
If you email or text me between sessions for any reason, these will be deleted as soon as the messages are no longer relevant. If you email or text me information that is relevant to our work together, I will print that information and keep it with your paper records.
How long will I store your data for and how will I dispose of it?
Your data will be erased from Google Calendar account one month after our work finishes.
All other typed information is non-identifiable. Notes are kept to record changes and the energies released in your sessions. These are stored in an electronic filing system that is password protected and accessed by me alone. Any records are kept for seven years from the date of our last session. This is the timeframe requested by my insurance company. After this time period I will delete these documents.Under the General Data Protection Regulation, you have the right to say what happens to the data that I keep.
You have:
The right to be informed which is the purpose of this privacy information notice.
The right of access - you have the right to access your data.
The right to rectification - you have the right to request that I amend any personal data which is factually incorrect, misleading or incomplete.
The right of erasure - under certain circumstances, you have the right to request that I erase the data that I keep (also known as the right to be forgotten).
The right to restrict processing - under certain circumstances, you have the right to the restriction or suppression your personal data.
The right to data portability - this allows you to obtain and reuse your personal data for your own purposes across different services.
The right to object - you have the right to object to the processing of your personal data in certain circumstances.
If you would like to exercise any of your rights at any time, you can request it verbally or in writing. I will respond to your request within 30 days. If you are still not happy with the way I use your data, you can complain to ICO at www.ico.org.uk or phone them on 0303 123 1113.
Consent
Do you agree to me storing and processing your data?
If you do not consent to me using your data in this way it is unlikely that I will be able to work with you.