This privacy notice provides information about the personal information we process about you as a data controller, in compliance with the General Data Protection Regulation (GDPR). This notice highlights how GDPR is being implemented by explaining why confidential information is held and how this is protected.
It is assumed that by engaging with the service you are consenting to records being kept
Dr Taru-Maija Kokkonen is the data controller for Birchtree Psychology. She is registered with the Information Commissioner’s Office (ICO; registration no: ZA235244).
The personal data we process, why we process it, where it comes from and the legal basis for doing so
Birchtree Psychology collects and processes the following personal data from assessment/therapy clients:
Personal data such as basic contact information including name, address, email, contact number, video conference ID (if online therapy), next of kin contact details
Special categories of personal data such as health information (including GP contact details), therapy records (therapist notes, letters, reports and/or outcome measures), information about race, ethnic origin and sex
If you complete a web-based enquiry form, we will also collect any information you provide to us as well as your internet protocol (IP) address.
If you are referred by your health insurance provider or another referring agency, we will also collect and process personal data provided by that organisation. This includes basic contact information, referral information, and health insurance policy number and authorisation for psychological treatment.
Birchtree Psychology processes this personal data because it is in our legitimate interests to do so. We need to use this information to provide psychological assessment and therapy services to our clients.
In relation to any special category personal data, such as health records or information concerning race, ethnic origin or sex, data processing is necessary for the purposes of the provision of health care or treatment, in addition to our legitimate interest. This might also include assessment questionnaires, reports and their associated data.
Other personal data
We also process personal data pursuant to our legitimate interests in running our business such as:
Invoices and receipts;
Accounts and tax returns;
Information to help with our marketing (such as how you heard about our service)
We will only store your personal information for as long as it is required.
Consultation notes and questionnaires will be held for varying lengths of time depending on the content (and then securely disposed of).
E.g. some records may be held indefinitely if there were any issues of concern that could lead to police investigation in the future
E.g. mental health records are subject to special legislation e.g. children’s records are kept until age 26 and adult records for 8 years after the last contact with the service
How your personal information is used
We use the information we collect to:
Provide our services to you
Process payment for such services
Who we might share personal information with
We hold information about each of our clients and the therapy they receive in confidence. This means that we will not normally share your personal information with anyone else without your consent. However, there are exceptions to this when there may be need for liaison with other parties:
Health insurance providers for the purposes of billing and to provide treatment updates where necessary;
Those who have instructed us to provide psychological treatment, such as a solicitor. In these cases, relevant clinical information from therapy records will be shared with legal services as required and with your written consent;
Relevant authorities when the information concerns risk of harm to the client, or risk of harm to another adult or a child. We will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else;
HMRC as they require;
With others pursuant to a court order.
How we ensure the security of personal information
All information recorded on paper will be securely stored in a locked filing cabinet
Confidential digital information will be stored in a secure cloud service offering high levels of security
Confidential information sent by the psychologist via the internet will be encrypted and password protected, with this sent separately by text
Letters sent to professionals such as GPs, by surface mail, will be clearly marked Confidential
All electronic devices (e.g. computer, laptop and phone) used to access stored information will themselves be password protected
You have the right to know what information we hold about you, what we use it for and who we share it with
You have the right to access your records, update them and request corrections to any errors. Clinical information may not be changed for legal reasons but you may add a note if you disagree with them. A ‘subject access request’ or SAR can be made for copies of records. There may be an admin charge and these will be provided within 30 days of the request being made.
You have the right to ask us not to process your personal data for marketing purposes.
You have the right to lodge a complaint - If you have any concerns about the way your personal information has been processed, please contact Dr Kokkonen (see below). Alternatively, you can contact the Information Commissioner's Office (ICO) on 0303 123 1113.
Information on Cookies
Dr Taru-Maija Kokkonen
Chartered and Clinical Psychologist
Tel. 07751 994699
Last updated on 23rd May 2018