GDPR

The General Data Protection Regulation (GDPR) is concerned with the personal information about you that we collect, store and share. This document details our GDPR policy. All associates of The Psychology Company are GDPR compliant, are considered joint data controllers and have their own individual GDPR Privacy Policies.

Personal Information We will Collect

As psychologists we will collect both personal and sensitive data. The reason we collect your personal information is to enable us to deliver psychological therapy. We collect information at the point of initial contact (which might be via email, website contact page or phone call) as well as during the initial assessment session and any subsequent therapy sessions. The information we collect may include the following;

  • Name
  • Address
  • Date of birth
  • Gender (or preferred identity)
  • Telephone/SMS number/Whats App contact details (plus permission to send SMS and Whats App message and leave voice messages)
  • Email address
  • GP name and practice address
  • Occupation
  • Relationships
  • Psychological therapy history including any current or historical psychiatric diagnoses.
  • Medical conditions relevant to psychological therapy
  • Prescribed medication
  • Current psychological difficulties
  • Historical psychological difficulties
  • Lifestyle and social circumstances
  • Risk information such as suicidal and self-harming history and alcohol and drug use

Information Storage

We have implemented measures to ensure your personal and sensitive data remains secure. Your information may be stored in the following ways;

  • Paper; written notes which will include the initial email you sent or website contact sheet and therapy contracts. It may also include brief session notes if your psychologist keeps paper files. These will be stored in a locked filing cabinet.
  • Google Cloud; brief session notes may be stored on my google cloud which is GDPR compliant. Your name will not be used within electronic session notes and will be saved by a non-identifiable code.
  • Smartphone; we may store your contact information in our contacts but will use a non identifiable code rather than your name.
  • Email/SMS/WhatsApp; your email address will be stored in an email account (currently GMail) should you wish to communicate via email. Your telephone number may be stored in SMS or WhatsApp should you exchange messages this way with your psychologist but will be stored via a non-identifiable code rather than your name. Electronic correspondence will also be held by the corresponding app (Gmail, Phone’s SMS, WhatsApp) all of which are GDPR compliant.
  • Website; none of your personal information is stored on The Psychology Company website, other than to momentarily collect and send a contact sheet to the founders Gmail account for the purpose of making initial contact via that contact page.
  • Dropbox; Should you and your psychologist wish to share documents via dropbox a shared dropbox account may be set up and all the information shared will be held by you, your psychologist and dropbox which is GDPR compliant.
  • Zoom session recordings; If you are using Zoom for online psychological therapy sessions and would like your sessions to be recorded so you can listen to them again then a recording of the session will be saved within the zoom app on your psychologists computer and uploaded into your dropbox account immediately after the session. The recording will then be deleted from zoom and trash will be emptied immediately.
  • Skype Answering Service; If you call The Psychology Company directly (rather than your individual psychologist), for example to make an initial enquiry and you leave a message then this message will be stored within The Psychology Company Skype account. Skype is GDPR compliant. As soon as the message has been listened to it will be immediately deleted.
  • Electronic devices; All electronic devices (including computers, laptops and mobile phone) used to access stored information will themselves be password protected.

How We May Process and Share Your Personal Information

  • Supervision; As psychologists we have regular supervision with other qualified psychologists and therapists. Supervision is for our practice to ensure we are adhering to professional standards and evidence based ways of working. All of our supervisors are GDPR compliant and thus we are considered joint data controllers.
  • Therapeutic Will; Your name and contact details will be stored in your psychologists google drive which their Therapeutic Executor can access in the event of their death so they can contact you should you still be in therapy with us. All our therapeutic executors are Chartered Psychologists or registered psychotherapists and are GDPR compliant. The therapeutic executor is therefore considered a joint data controller.
  • Sharing Information with your GP/Other Health Professionals; Some clients like their GP (or other professionals involved in their mental health care such as a Psychiatrist or the BUPA mental health care team) to be kept informed of the work they are doing in psychological therapy. This might include sending assessment/progress/discharge reports or having telephone conversations disclosing personal and sensitive information pertaining to you. We can discuss what and how much information is disclosed and you will be given an opportunity to make amendments before any letter/report is sent. We will only send reports or have telephone discussions of this kind if we have your permission to do so and you can withdraw consent for correspondence at any point during therapy (assuming there is no duty of care to disclose information-please see the point below). Your GP and other health professionals should be GDPR compliant (we would check to ensure this before sending any confidential information) and thus would be considered joint data controllers.
  • Duty of Care and Confidentiality; All the information you share with your us is treated confidentially unless you request we share it, for example with your GP. The only exclusion to confidentiality is if we suspect there is a risk of harm, either to your or someone else. If we thought there was such a risk, we would discuss it with you if at all possible so we could consider how we can best manage the risk, which may include involving your GP or other care agencies. Only information relevant to managing the risk would be shared. If we don’t have your permission to share information and we deem there to be serious and imminent risk to yourself or someone else then our professional codes of conduct and the law may require that we inform an authority and share your personal information without your knowledge and permission (known as whistle-blowing for example in cases of suspected terrorism).
  • E-Mail Exchange; Although G-Mail is GDPR compliant any confidential (e.g. personal and sensitive) information that we need to send to you will be typed into a memo, password protected and then attached to the email. We will inform you of the password in person or via videoconferencing. We advise you to share confidential information with us in the same way. Dr Thrift receives all initial enquiries (via answerphone message and website contact page) for The Psychology Company, which she may forward to an associate of The Psychology Company for them to pick up the enquiry. Dr Thrift will email the associate a password protected memo containing any confidential information. All associates of The Psychology Company are GDPR compliant, are considered joint data controllers and have their own individual GDPR Privacy Policy.
  • Postal Mail; Should we send any confidential mail in the post (e.g. to you or your GP) this will be clearly marked confidential.
  • Erasing Your Information; When you have finished psychological therapy, your psychologist will hold onto your information for seven years. This is in line with our professional code of practice and is for example so that we have a reference of our work in situations such as you returning to psychological therapy in the future. After this time has passed we will shred any written information via a confidential waste service and securely delete any electronically held information.

Your Rights

You have the following rights…

  • To be informed what information your psychologist holds (i.e. to be given or have access to their individual privacy policy document)
  • To see the demographic information your psychologist has about you (free of charge for the initial request)
  • To make a ‘subject access request’ (SAR) to your psychologist for copies of your records. There may be an administrative charge for this and these will be provided within one calendar month of the request being made.
  • To rectify any inaccurate or incomplete personal information.
  • To withdraw consent to your psychologist using your personal information e.g. to withdraw consent for them to telephone you and request they contact you via email only.
  • To request your personal information to be erased (though your psychologist can decline whilst the information is needed for them to practice within their own professional code of ethics and conduct).

If you wish to assert any of these rights you should contact your psychologist.

We reserve the right to make changes to this privacy policy at any time and if you are in therapy with us we will send you notice of this via your agreed method of contact