Data Privacy Policy – December 2018

We keep records about you.
This explains why we keep your info, where we keep it, how we keep it safe, and what your rights are.

The basics
•We keep information about you in order to provide you with a service, and to process payments for the service.
• We cannot work with you unless you allow us to keep records.
• We follow the law and the codes of practice set down by the HCPC and the BABCP.
• We have systems in place to protect your data.
• You are entitled to request a copy of your data free-of-charge, and to have inaccurate information corrected.
• We aspire to the highest data privacy standards. If you have questions, concerns or feedback then please let us know so that we can address them.
• You can complain to the Information Commissioners Office (ICO) if you think that we are acting unlawfully: visit or phone 0303 123 1113.

Why I keep information
Our professional registration requires us to keep information about our clients and the work that we do. We cannot offer you services unless you allow us to keep data about you and our work together, and we have a legitimate interest for keeping your data. We are registered with the Information Commissioners Office (ICO) to do so. We are bound by the ethical and practical rules set by our professional regulatory bodies (the Health and Care Professions Council; HCPC, and the British Association for Behavioural and Cognitive Psychotherapies; BABCP).

The kind of information we keep
We keep personal data, e.g. your name, address, phone number. We also keep sensitive data e.g. notes from our sessions together, your gender, your social history.

What we do with the information
We use the data we collect for three reasons:
(1) to provide you with services,
(2) for billing and processing payments,
(3) to help prevent serious harm.

Some of our clients may feel vulnerable at times in their lives, and be at risk of harming themselves or be at risk of harm to / from others. In these circumstances, we need to be able to communicate effectively with other services such as GP surgeries or emergency care services, to keep these clients safe. This involves sharing of personal information on a need to know basis.

Who we might share personal information with
We hold information about each of our clients and the therapy they receive in confidence. This means that we will not normally share your personal information with anyone else. However, there are exceptions to this when there may be need for liaison with other parties:
• If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then we will share appointment schedules with that organisation for the purposes of billing. We may also share information with that organisation to provide treatment updates.
• In cases where treatment has been instructed by a solicitor, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.
In exceptional circumstances, we might need to share personal information with relevant authorities:
• When there is need-to-know information for another health provider, such as your GP.
• When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.
• When the information concerns risk of harm to the client, or risk of harm to another adult or a child. We will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else.

What we will NOT do with your personal information
We will not share your personal information with third-parties for marketing purposes.

How long I keep data
I keep client data throughout the time I work with my clients and, in line with professional guidance, for 7 years after the work has ended.

Where I keep data
o In online clouds:
in my clinic management software: WriteUpp (
in my file storage cloud: Dropbox (
o On my laptop
o In a paper file whilst working with you
o In my mobile phone through scanning paper files
o In my email systems
o My website uses cookies so that I can see how many people have visited and which pages are most popular. Google may send additional cookies if you use the Google map links on the site. Cookies are anonymous and contain no personal data. You can turn cookies off in your website browser if you wish to.

How I keep data safe
o WriteUpp data is encrypted in flight. This means that no one can read data being sent to, or coming from, our WriteUpp account. Our accounts are locked with strong passwords.
o Dropbox is an end-to-end encrypted file storage cloud. My account is locked with a strong password and two-step verification.
o We write session notes directly onto a tablet with password protection and facial recognition.
o Our paper notes are stored in a locked cabinet in the clinic. We write notes in a deidentified way, using pseudonymisation rather than full names. We scan and then shred the paperwork once it has been scanned into electronic format to be stored on our laptops.
o Our mobile phones are encrypted, and must be opened with a password each time used. We use business phones separate from personal mobile phones.
o Our accounts within our email systems are secured with a strong password.
o Access to the analytics on our website is secured with a strong password.

You have the right to:
o request details of all the information that we keep and to receive it within one month at no fee.
o have information corrected if you consider it inaccurate or incomplete. o complain if you think that we are acting unlawfully (see The basics, above).

Please do not hesitate to ask us if you have any questions.

Michaela Thomas
Senior Clinical Psychologist
Managing Director of The Thomas Connection
Office: +44 (0) 20 3637 79 79 | Mobile: +44 (0)77 4691 71 72
Email: [email protected]