PRIVACY STATEMENT for clients and supervisees
This statement is to give you details about how I store and use your personal information and complies with the requirements of the Data Protection Act 1998 and the General Data Protection Regulation (GDPR) introduced in May 2018. The 1998 Act and GDPR applies to anyone processing personal data. It sets out principles, which should be followed, and it also gives rights to those whose data is being processed. To this end, I fully endorse and adhere to the eight principles of data protection as follows:
1. data must be processed fairly and lawfully.
2. data must only be obtained for specified and lawful purposes.
3. data must be adequate, relevant and not excessive.
4. data must be accurate and up to date.
5. data must not be kept for longer than necessary.
6. data must be processed in accordance with the "data subject's" (the individual's) rights.
7. data must be securely kept.
8. data must not be transferred to any other country without adequate protection in place.
What information do I hold?
I keep a record of your contact details - name, address, email and phone. I may ask for details of your GP practice, and information about any health issues that might impact on our work. I may also hold details of an emergency contact.
I keep a handwritten record of our discussions in the first two to three sessions and thereafter I keep either handwritten or typed notes about our sessions.
How do I use this information?
I use the information to provide you with the services that you request from me. I use your contact information to make or change appointments and I make records of our sessions to aid me in our work. I also use the information to run and maintain my business, for example, a record of hours for re-accreditation and tax purposes. I do not use your information for any other purposes.
How do I store this information, how do I protect it and how long do I keep it?
If we decide after an initial session not to work together, then any information that I hold about you will be deleted at that point.
If we decide to work together, your contact details and records of our sessions are kept securely in a locked filing cabinet. The records of our sessions do not contain your full name, and are held separately from your contact details. These records are destroyed 5 years after our work together ends.
Any emails or texts that contain information in addition to arranging appointment dates and times are destroyed within 2 weeks of receipt. If they contain important information, this is printed out and kept with session records.
Any reports that I send by electronic means or that are created and stored on my computer are password protected (for example, if you are a client, with your consent a letter to your GP or psychiatrist, or reports about supervisees for their training establishments).
Your phone number and email address are kept in my iPhone. I do not use your full name, just initials or first name and first initial of your surname. My iPhone is password protected.
My iPhone and computer are password protected, with secondary verification in place. In the event of loss, theft, or sale, all data will be 'wiped' (remotely if necessary).
What about confidentiality?
All our work together is confidential and I will not disclose any information about you to a third party without your permission, unless I am legally required to do so. The exceptions are as follows:
1. It is a professional requirement that I have regular supervision, to ensure that my work with you is as good as it can be. All supervisors are also bound by confidentiality rules and when I present my work to my supervisor, I protect your personal identity.
2. In extreme circumstances, I may share information, e.g. with a doctor or the police, if I believe you or someone else is at significant risk. Some laws require me to break confidentiality in certain circumstances, e.g. Terrorism Act, Drug Trafficking Act.
3. I could be subpoenaed by a court, to release my records, or to give evidence.
4. If employed by an organisation to work with you, I may be expected to share information with them. I will discuss confidentiality with you at the start of our work.
5. If something happened to me, a professional colleague would be given your contact details, in order to inform you.
Wherever possible, I would discuss any sharing of information with you in advance.
It will never be used or shared for marketing purposes, unless you have requested to be added to my email list to inform you of any mindfulness/meditation groups or personal development groups that I may be running.
What about access to your records?
You have the right to ask to see any information that I hold about you. You also have the right to ask me to change any information that you believe is incorrect, and to ask me to delete any information that you believe is incorrect, and to ask me to delete any information that I hold about you. I will do this except for any information that I need to hold for legal/insurance or business purposes.
What if you have concerns about how I hold your data?
Please discuss any concerns with me in the first instance. If you feel that I have not addressed them, then you can contact the Information Commissioner's Office Click on ICO.
I am required to report any breaches of data to the Independent Commissioner, and to you, within 72 hours, if it becomes apparent that any data has been stolen.
Links to other websites