Privacy Statement & GDPR
Privacy Statement
I am registered with the Information Commissioners Office (ICO). This independent authority is set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. You can find more information at https://ico.org.uk/for-the-public/
If you think your data rights have been breached, you can raise a complaint with the Information Commissioner (ICO). You can contact the ICO at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone on 0303 123 1113 (local rate) or 01625 545 745.
By law and together with my own personal regard for you and your privacy, I am required to be transparent about the nature of the data I collect from you and how this is stored, used, and eventually destroyed.
Your Records. This is a summary of the details I will keep.
Contact details. (Name, address, DOB, GP and next of kin)
Assessment. This outlines your presenting problem and past and present health issues. The assessment gives me an overall understanding of you and your history, and how your care will be planned.
Session Notes. These are a brief outline of what we have discussed in your session and will help me to keep track of your progress. After your session, they will be transferred to an encrypted computer program, and any paper notes will be shredded.
Text & Email Communication. This will be limited to discussions around session dates, times, and cancellations and, unless otherwise agreed, will not include discussion around personal information.
Please note that my emails are sent via Gmail and are not encrypted.
Online Therapy. For online consultations, I use the Bilateral Base Platform. This a highly specialised platform designed for online work and specifically for online EMDR. The platform uses end-to-end 256-bit encryption between the two participants’ computers so no one can break into or watch a session. I do not record these sessions.
Invoice Details. (If required) I will not include any personal information other than your session dates, your initials and my payment details and address. What you would like to be included or excluded on an invoice can be agreed upon during the contractual stage.
Please note that when paying by bank transfer, the payee reference will be your name, which will appear on my accounts.
Contract. I will send you a letter via email before starting therapy. It will include your name and outline your session’s date and time. There will be some information about my practice, i.e., address and entry details. There will also be details on how to pay and my cancellation policy.
Confidentiality and Sharing of Information. I will not share any of your information without your prior knowledge unless you have given explicit consent for information to be disclosed to a specific person or organisation. Other exceptions where I may need to share your information is where there is a severe risk of harm to yourself or others. In these instances, I am required by law to release any information as outlined in this privacy statement.
For more detailed information on all the above, please refer to my GDPR.
General Data Protection Regulation
The General Data Protection Regulation came into effect on 25th May 2018. From that date, we are required to ensure that we gain new data protection and privacy consent from all clients. In it, we confirm what information we hold about you and how we are permitted to use it. Once you have reviewed the information below, you will be asked to sign a consent form.
For the Data Protection Act 1998 (soon to be General Data Protection Regulation (GDPR) (Regulation (EU)2016/679), the data controller is Hayley Irving-Law
I am registered with the Information Commissioners Office (ICO). This independent authority is set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. You can find more information at https://ico.org.uk/for-the-public/.
If you think your data rights have been breached, you can raise a complaint with the Information Commissioner (ICO). You can contact the ICO at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF or by telephone on 0303 123 1113 (local rate) or 01625 545 745.
I will collect specific data from you to meet mandatory requirements regarding medical notes. There is a legal requirement to keep data for at least seven years. Your details will be destroyed after this period. Please note that your right to be forgotten cannot override the legal requirement to keep your notes for the mandatory period. You can request a copy of any data held about you by submitting a Subject Access Request (SAR)
The information you give me will be recorded and safely stored on a system called WriteUpp. This is ISO27001-certified practice management software for therapists and other health care professionals and is GDPR-ready, so you don’t need to worry about security and data protection. It uses two-factor authentication login and encrypted data replication across different servers to keep your records safe. Please click here to view the certificate.
For online consultations, I use the Bilateral Base Platform. This a highly specialised platform designed for online work and specifically for online EMDR. The platform uses end-to-end 256-bit encryption between the two participants’ computers so no one can break into or watch a session. The technology used is WebRTC. This is an industry-standard for secure telehealth. WebRTC complies with HIPAA, GDPR and other relevant data privacy regulations worldwide.
My website contains links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information you provide whilst visiting such sites, which are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
