Privacy Policy
Doing Better Therapy respects your privacy and is committed to protecting your personal data and we aim to be as clear as possible about how and why we use your information so you can be confident that your privacy is protected.
This privacy policy will inform you as to how your information is processed and describes how we manage your information when you use our services, if you contact us, visit our website or when we contact you. This information includes personal information as defined in the General Data Protection Regulation (GDPR) 2016 and the subsequent UK Data Protection Bill dated May 2018.
Doing Better Therapy uses the information we collect in accordance with all laws concerning the protection of personal data, including the Data Protection Act 1998 and the GDPR 2016. As per these laws, Dr Jo Flack is the data controller.
If you have concerns about the storage and handling of your personal information you can contact the ICO via www.ico.org.uk
Why do we need to collect your personal data?
We need to collect information about you so that we can:
- Know who you are, so that we can communicate with you in a personal way. The legal basis for this is a legitimate interest.
- Provide services to you. The legal basis for this is the contract with you.
- Process your payment for services. The legal basis for this is the contract with you.
What personal information do we collect?
To provide you with therapy services, we need to collect the following information:
- Your name and date of birth
- Your contact details including a postal address, telephone number(s) and electronic contact such as email address. We will collect this information directly from you. We may also collect information about you from third parties; for example, if we receive a referral from another health professional (such as your GP).
- Other professionals involved. Your personal information will not be shared with anyone without your consent except in exceptional circumstances.
Exceptional circumstances - occasionally there are exceptional circumstances where Dr Jo Flack might need to share personal information. Examples include:
- Where there is need to know information for another health provider, such as your GP.
- When disclosure is in the public interest, to prevent a miscarriage of justice or where this is a legal duty (e.g. a Court Order).
- Where information concerns risk of harm to you or to another adult or child.
Wherever possible a proposed disclosure will be discussed with you (i.e. unless it is believed that doing so increases levels of risk to yourself or others).
How do we use the information that we collect?
We use the data collected from you in the following ways:
- To communicate with you so that we can inform you about your appointments with us, we use your name, your contact details such as your telephone number, email address or postal address.
- To create your invoice, we use your name and email address.
- Where relevant, to process your payment, we use your address.
- To keep any clinical notes arising from therapy sessions and related cancellations or communications between us.
As part of clinical practice, all therapists are required to use an external supervisor (typically another Clinical Psychologist) to discuss treatment and ensure best and safe practice for the people they work with. Supervisors are also accredited in clinical practice and supervision. Information but not names will be shared with the supervisor who regularly reviews the clinician's practice.
Where do we keep the information?
We use computers that are password protected and information stored on hard drives which are encrypted. We store clinical notes on 'WriteUpp’ which is a commercially available system specifically designed for this purpose. Passwords are changed every 90 days and it is our policy that passwords are not shared. We store any paper records in a locked cabinet in a securely locked office.
For any email correspondence, Doing Better Therapy uses 'Proton Mail' which offers end-to-end encryption and zero-access encryption. If you do not use 'Proton Mail', we also offer password protected emails with clients. We can agree to use a password for email correspondence to ensure that any email will be inaccessible to both Proton and your email provider.
How long do we keep the information?
We keep contact information for a period of 6 months if you do not become a client of ours and then permanently and securely delete all information. We keep your medical record electronically for 7 years as this is the minimum/maximum length of time for records to be retained and then permanently and securely erases. We keep electronic invoices for seven years as this is the required length to comply with the HMRC requirements.
Who do we send this information to?
We send information to you and anyone we are required by law to inform. All information that is sent electronically is sent as attachments that are encrypted and password protected.
How can you see all the information we have about you?
You can make a subject access request (SAR) by contacting Doing Better Therapy. We may require additional verification that you are whom you say you are to process this request. We may withhold such personal information to the extent permitted by law. In practice, this means that we may not provide information if we consider that providing the information will violate your vital interests. The request will likely incur an admin processing fee.
By visiting www.doingbettertherapy.co.uk you are accepting and consenting to the practices described in this policy.