Data Security and Privacy Statement
I am committed to ensuring that the collection and storage of your information is carried out in accordance with the Data Protection Act 1998 and the European General Data Protection Regulations 2018 (GDPR).
I act as the “Data Controller” for this psychology practice. I am registered with the Information Commissioner’s Office (registration number ZB307547).
Your use of this website and "cookies"
Your use of this website is deemed to be an agreement with this privacy statement.
Any contact forms submitted through this website are deleted at the end of each month, so that no information about you is stored on the Wix.com server for more than 31 days.
What information is collected as part of providing sessions?
When setting up an initial session with you, I will collect and store some personal data (your name, address, email, phone and GP details, and insurance details where applicable).
This information is used for the purposes of identifying you while you attend sessions and to contact you about the service you receive (e.g., a change to appointment times or to send an invoice).
It is stored in a password-protected electronic format on a password-protected computer. A back-up copy is kept on a password-protected cloud service, whose servers are based in the EU.
Information discussed in sessions
Some of the information we may discuss in the course of your contact with me is – of course – classified as “sensitive”. For example, we may talk about personal topics such as your family background, mental health, racial or ethnic origin, sexuality or gender-related experiences.
This information is always kept strictly confidential.
I make notes after therapy sessions to help me think about and plan our work. These are password-protected and stored separately to your personal information. Psychologist's notes fall under the provision of the Information Commissioner’s Office for keeping sensitive information where it is of “legitimate interest” and part of the “provision of health treatment” (further details are available on the ICO website).
Under what circumstances might information be shared with third parties?
Your confidentiality is of the highest priority. Your information would only ever be shared with a third party if there were significant imminent risk to you or others (e.g., a suicidal crisis or potential harm to a child). This sharing forms part of my duty as a psychological service provider. I would always attempt to discuss such breaches of confidentiality with you first. I would balance your needs for privacy against my duty to protect you and others from serious harm.
Outside of these situations, your information is kept confidential as a matter of routine practice.
The only person with whom I discuss your clinical information is my supervisor. I am required to have regular clinical supervision to ensure the ongoing quality of my work. My supervisor is an HCPC-registered psychologist and operates with the same ethical and professional standards around confidentiality.
I would always seek your consent before sharing information with your GP or other health professional, such as an update on the therapy we have done.
I may share limited information with a third party who you have already informed me is already involved, such as an insurance company (e.g., telling them that you have attended a session, the date and time, and providing a diagnostic label).
I will not use your information for marketing purposes. Nor will I sell your information to any third party.
Being seen through "Psymplicity Healthcare"
(Note: These provisions about work with Psymplicity do not apply to people who approach me directly through my private practice.)
How is information stored?
I keep information securely in electronic format in accordance with ICO guidelines. No paper records are retained. Electronic information is stored on a password-protected computer in password-protected files. Emails are stored in a password-protected and GDPR-compliant email account.
How long will information be kept for and what rights do you have?
Your information may be kept securely for up to seven years after the last date of service to you. Sensitive information will be destroyed no later than seven years after the end of our work together.
You have the right to request access to information I hold about you. You have the right to request changes to factually inaccurate information I hold about you and the right to request the deletion of information. If it is no longer necessary for me to hold this data (e.g., in order to protect your or my current or future legitimate interests) and if I have no legal obligation to hold the data, then I will comply with your request. I will discuss this with you at the time and explain if it is not possible to delete the data.
If you have any further questions or concerns, please contact me or the Information Commissioner’s Office: www.ico.org.uk
Dr Louis Dennington