Privacy Statement (May 2018)
New laws relating to General Data Protection Regulation (GDPR) come into effect from 25 May 2018. The purpose of GDPR is to provide a set of standardised data protection laws across all EU member countries. This document sets out how Laetus Psychology complies with these laws.
Dr. Laetitia Livesey is the data controller for Laetus Psychology.
What personal data we process
Laetus Psychology processes the following personal data from clients:
Personal data: basic contact information: name, address, email, contact number, video conference ID (if online therapy), name and contact information for next of kin, and GP contact details.
Sensitive personal data: Therapy records (therapist notes, letters, reports and/or outcome measures).
If you are referred by a health insurance provider or intermediary consultancy firm, we will also collect and process personal data provided by that organisation. This includes basic contact information, referral information, and health insurance policy number and authorisation for psychological treatment.
The lawful basis for processing personal data
Laetus Psychology has a legitimate interest in using the personal data and sensitive personal data we collect to provide health care and treatment. The data collected is necessary for us to provide psychological therapy to clients. No information you provide is passed on without your consent with some exceptions outlined below. We will never sell your information to others.
What we do with your personal information
Laetus Psychology we take your privacy seriously. We will only use your personal information to provide the services you have requested from us. If you do not provide the personal information requested, then we may be unable to provide a service to you.
How we store your personal information
Basic contact information, questionnaires and rough therapy notes are held in a file in a locked filing cabinet which is only accessible to your therapist.
Typed notes, letters and feedback to third parties (such as insurance companies) are password protected and stored on one computer (password protected) and on a secure cloud which is subject to GDPR regulations.
How long we store personal information
We will only store your personal information for as long as it is required. Basic contact information held on a mobile phone is deleted at the end of therapy. The sensitive personal data defined above is stored for a period of 7 years after the end of therapy. After this time, computer data is deleted and paper note files are shredded at the end of each calendar year.
How your personal information is used
We use the information we collect to:
· Provide our services to you.
· Process payment for such services.
How we might share personal information
We hold information about each of our clients and the therapy they receive in confidence. This means that we will not normally share your personal information with anyone else. However, there are exceptions to this when there may be need for liaison with other parties:
· If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then we will share appointment schedules with that organisation for the purposes of billing. We may also share information about the broad progress of therapy with that organisation to provide treatment updates or if requesting an extension of sessions.
· In cases where treatment has been instructed by a solicitor or via an intermediary consultancy company, relevant clinical information from therapy records will be shared with legal services as required with your consent.
In exceptional circumstances, we might need to share personal information with relevant authorities:
· When there is need-to-know information for another health provider, such as your GP or Psychiatrist. We would always discuss this with you beforehand and agree the information being shared.
· When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.
When the information concerns risk of harm to the client, or risk of harm to another adult or a child. We will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else.
What we will NOT do with your personal information
We will not share your personal information with third-parties for marketing purposes.
How we ensure the security of personal information
Personal information is minimised in phone and email communication. Sensitive personal data will be sent to clients in an email attachment that is password protected. Laetus Psychology will never use open or insecure Wi-Fi networks to send any personal data.We an encrypted address to send outgoing emails and also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.
Should you choose to contact us using an email link, or our contact form none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors. Should you choose not to consent to us using your contact details in any form submitted, please contact us by phone or direct email.
Personal information is also stored on one computer. This is password protected, and all confidential documents stored have their own additional password. Malware and antivirus protection is installed on all computing devices. Mobile devices are protected with a passcode and mobile security.
Your right to access the personal information we hold about you
· You have a right to access the information we hold about you.
· We will usually share this with you within 30 days of receiving a request.
· There may be an administration fee for supplying the information to you.
· We may request further evidence from you to check your identity.
· You have a right to get your personal information corrected if it is inaccurate.
· You can complain to a regulator. If you think that we haven't complied with data protection laws, you have a right to lodge a complaint with the Information Commissioner’s Office.
Laetus Psychology reserves the right to refuse a request to delete a client’s personal information where this constitutes therapy records. Therapy records are retained for a period of 7 years in accordance with the guidelines and requirements for record keeping by The British Psychological Society (BPS; 2000)and The Health and Care Professions Council (HCPC; 2017).
Dr. Laetitia Livesey
Clinical Psychologist & Director
The British Psychological Society (2000). Clinical Psychology and Case Notes: Guidance on Good Practice. Leicester: Division of Clinical Psychology, BPS.
Health and Care Professions Council (2017). Confidentiality – guidance for registrants. London: HCPC.ph here.