Privacy policy

Last Updated: 28/02/2021

I, Dr Rachel Sweetingham provide psychological services (including psychological assessment, therapy, supervision, and training).  

I am committed to the principles set out in the General Data Protection Regulation (GDPR)   (25 May 2018) and from the ICO (Information Commission Office).  The GDPR is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the EU.  This privacy policy explains how I, Dr Rachel Sweetingham, comply with these laws and explains the personal or sensitive information that I collect, store and process about you as a data controller. 

1. Why do I collect information about you? 

I collect information about you to provide you with psychological assessment and treatment and because it supports the provision of a safe and professional service. 

There are several legal reasons that I can process your personal information: 

  • So that I can communicate with you in a personal way. The legal basis for this is a legitimate interest.

  • It is in my legitimate interests as a Psychologist to collect your personal data in order to offer you a Psychological service. I also collect sensitive ‘special category’ data (such as details about psychological difficulties).

  • My lawful reason for doing so is so that I can provide you with a safe and professional psychological therapy. The legal basis for this is the contract with you.

  • Process your payment for the services I provide. The legal basis for this is the contract with you.

 I may also collect information about you if I am providing supervision, training or other services to you. If you are a supervisee, I will have a contract with you, which will be my lawful reason to process your data. ​

2. What information do I collect about you? 

In order to provide a safe and professional service I collect information about you that includes personal and sensitive information. I collect information about you that may include personal information, such as: 

  • Name

  • Address

  • Telephone numbers

  • Email address

  • Date of birth

  • Gender (or preferred identity)

  • Age

  • Relationships & children

  • Occupation 

In addition to the personal information above, I may also collect sensitive information including: 

  • Referral information

  • Medical history (if relevant)

  • Medication.

  • Psychological history and current difficulties.

  • Developmental history, Educational history and Family history

  • Relationships and history

  • Any illicit substance use if appropriate

  • Financial information, including bank account details

  • Session notes

  • Signed therapy terms and conditions and signed GDPR agreement

  • Completed questionnaires​

Some of this information will be collected directly from you, it may also be collected from a referrer such as GP, psychiatrist, health insurance provider etc. In such cases I will also collect and process personal data provided by that organisation. This includes basic contact information, referral information, and health insurance policy number and authorisation for psychological treatment. Please be aware that if you do not provide the personal information requested, then I may be unable to provide a therapy service to you. 

I also process personal data as my legitimate interests in running my business such as keeping invoices and receipts and documents relating to accounts, VAT and tax returns. 

Supervisees

I will only use the information you supply to me to support your supervision. Data that I collect about you, in addition to the above, may include:​

  • Bank details for payments

  • Professional registration details

  • Information regarding previous supervision 

Where I want to disclose information to a third party, for example in providing a reference I will not do so without disclosing it to you beforehand unless disclosure is required by law.

3. Web access collection of information

I collect information when you voluntarily complete contact forms. If you complete a web-based enquiry form, I will also collect any information you provide to me. I use cookies on my website to gather information about visitors in order to monitor the quantity of website traffic.  I do not identify you or any other individuals from this information.

4. How do I use the information that I collect

  • To respond to your enquiries

  • To communicate with you about appointments

  • To offer you high quality psychological assessment and treatment including liaison with others involved in your care, where relevant and with your consent.

  • To create invoices.

     

5. How do I store and share the information about you? 

I take your privacy very seriously and I am committed to taking reasonable steps to protect any individual identifying information that you provide to me. Once I receive your data, I make best efforts to ensure its security on my systems. All personal information provided is stored in compliance with EU General Data Protection Regulations (GDPR) rules.  

Your data may be stored in the following ways:

  • Electronic notes from sessions or telephone calls or electronic copies of reports are held in highly secure encrypted storage. These are password protected. Antivirus protection is installed on all computing devices.  Mobile devices are protected with a passcode. When electronic information needs to be shared this will be done in a password protected format.

  • Email correspondence between us will be stored in my email account (including your email address and anything you disclose in emails). I regularly deletes emails.

  • Your telephone number may be stored in my SMS  if you have communicated in this way, but your full name will not be listed in the contacts. 

  • If you choose to pay me by electronic bank transfer then I may hold a record of this transfer through my bank. This data is secured by the bank’s data security systems.

  • I use cookies on my website to gather information about visitors in order to monitor the quantity of website traffic.  I do not identify you or any other individuals from this information.

     

6. How long do I keep your information for?

Professional guidelines recommend that data about you is held for 7 years following completion of therapy or 7 years from the date you turn 18 if you were seen as a child. 

After this time, this data is deleted.   

7. Who do I share your personal information with? 

I take your privacy very seriously and your information is kept confidential at all times. I work to strict professional and contractual codes of confidentiality and where possible I will anonymise information so that individual people cannot be identified. I will only use your personal information to provide the services you have requested from me.​

  • Reports to referrers or private health insurance companies: If you were referred to me by a psychiatrist, with your consent, I may write them an assessment and discharge report. Some insurance companies require reports to authorize funding / extend treatment. Reports are sent securely in password protected documents. I will share appointment schedules with that organisation for the purposes of billing.

  • Supervision / consultation: It is a professional requirement in accordance with the British Psychological Society that I have supervision. I therefore discuss my work with two supervisors (registered psychologists equally bound to keep information confidential). I do not disclose you name or identifying details to them.

  • Risk and safeguarding: In certain circumstances, such as where I believed there was significant risk to you (e.g. suicide), to others (e.g. child protection) or where a crime was reported to me, I may have a legal and professional obligation to share information with third parties without seeking your prior permission.  

I will not share your personal information with third-parties for marketing purposes.

8. How you can access your information?

You have the right to access information held about you. You can make a subject access request to see information held about you and I will respond to a request within 30 days according to the GDPR guidance.  To make a request to me for any personal information I may hold please put the request in writing. You may ask me to correct or remove information you think is inaccurate.   

However, I reserve the right to refuse a request to delete a client’s personal information where this is therapy records. Therapy records are retained for a period of 7 years in accordance with the guidelines and requirements for record keeping by The British Psychological Society (BPS; 2000) and The Health and Care Professions Council (HCPC; 2017).

9.  What happens if there is a breach of data security?

Should there be any breaches with regard to your personal data this will be reported to the ICO within 72 hours together with a summary of the nature of the breach, the steps taken to reduce the risk to data subjects, and measures to prevent the breach from happening again. The individuals affected will also be informed if this occurs. All personal data breaches, however minor, and whether reportable or not are recorded.

 

10. Complaints or queries 

I try to meet the highest standards when collecting and using personal information. For this reason, I take any complaints I receive about this very seriously. I encourage people to bring it to my attention if they think that my collection or use of information is unfair, misleading or inappropriate. If you do have a complaint, contact me at rachel@earlswoodparkpsychology.co.uk  so I can investigate the matter on your behalf. 

If you are not satisfied with the response from me, you have the right to raise your complaint with the Information Commissioner’s Office (ICO).  ​Contact information ICO: Website:   Telephone: +44 (0) 303 123 1113