In this privacy notice, ‘we’, ‘us’ and ‘our’ mean Inder Psychology Service. This privacy notice explains how we use any personal information we collect about you as a service user (client, patient or supervisee) or when you use our website.
For the purpose of the Data Protection Act 1988 (The Act), Dr Miriam Inder is the data controller, and is registered with the Information Commissioner’s Office (reference number A8250197).
This document sets out our policy regarding information we record about you. It sets out the conditions under which we process information we collect from you, or that you provide to us. It covers information that could identify you (“personal information”). In this context of the law and this notice, “process” means collect, store, transfer, use or otherwise act on information.
We take seriously the protection of your privacy and confidentiality. We understand that you are entitled to know your personal data will not be used for any unintended purpose, and will not accidentally fall into the hands of a third party.
This policy complies with UK law, including that by the EU General Data Protection Regulation (GDPR).
Except as set out below, we do not share, sell or disclose to a third party, any information collected about you. Under no circumstances are your details shared sold or rented to third parties for marketing purposes.
We collect information about you if you are a client, patient or supervisee. We process data because it is in the legitimate interests as a Clinical Psychologist or expert witness to do so. We need to see and analyse documents containing information to carry out an assessment or to deliver psychological interventions. As a patient our lawful reason for processing data is that it is necessary for the provision of health or social care or treatment. The law requires that we determine under which of six defined bases we process different categories of your personal information, and to notify you of the basis for each category.
- Necessary to provide services set out in our contract: when you become our patient/client a contract is formed between us. The service we provide to you necessarily entails you providing us with some personal information.
- In our or a third parties legitimate interests: We may process information on the basis there is a legitimate interest, either to you or us, of doing so. For example, we may process your data for the processes of record keeping for proper and necessary administration of the business, or for protecting and asserting your rights, our rights, or the rights of any third party. Where we process your information on this basis, we do so after having given careful consideration to whether we could have achieved the same objective by other means, whether processing (or not) might cause you harm, whether you would expect us to process your data, and whether you would consider it reasonable to do so. Additionally we may use information and data you provide for analysis, research or screening purposes for example to help us understand the performances of the services we provide. If we use the information for this purpose you as an individual will not be personally identifiable.
- Required or allowed by law: Sometimes we must process your information in order to comply with a statutory obligation. For example, we might be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order. This may include your personal data.
We collect two categories of personal information about you and (where this applies) your dependents:
- Standard personal information: this includes your name, gender (or preferred identity), address, date of birth, email address, phone numbers, the name and policy number of any health insurance policy.
- Special category information: this includes information about your mental and/or physical health, prescribed medication, psychological history and current difficulties, sexuality. I may collect some of this information from your insurance company or referrer, if you have one, and some of this information will be collected directly from you. We will ask for your consent to share information with your GP, and seek consent for us to occasionally communicate via email, for example when arranging appointments. When you are a patient we record all details of your appointments and assessment/treatment so we can plan and review your treatment appropriately. At the end of therapy we will ask you to complete a service evaluation form that we use to evaluate and improve our clinical practice. This is anonymous. We will ask you whether you consent to sharing any comments on our website as anonymous testimonials.
We take your privacy very seriously and make best efforts to ensure it’s security. All personal information and special category information is stored in compliance with EU General Data Protection Regulations (GDPR) rules. Hard copies of paperwork is stored in a safe with restricted access and electronic information is stored on encrypted devices.
Personal data is retained as necessary for seven years in compliance with professional indemnity and legal obligations. In patients under the age of 18 years data is retained for seven years after the age of 18 years.
Administrative data is retained for up to six years as necessary in the event there are queries from HMRC. Where it is not necessary to retain the data for six years it will be destroyed as soon as possible.
Your information is kept confidential where possible.
There are, however, some circumstances where we have a duty of care to share information (for example safeguarding concerns), or where we have to share your personal information by law to help law-enforcement agencies perform their duties). In most circumstances we will not disclose personal data without your consent.
Your information may be shared with outside organisations if they are directly involved in your care. For example, your GP, your insurer if they are funding your treatment. Private medical insurance companies and independent case managers sometimes expect written progress reports to authorise treatment. In this instance they will request your written permission for information to be disclosed. We will discuss with you what information is shared. The process of transmitting information will always be in accordance with GDPR rules (for example, using encrypted email software).
If you are a supervisee we will collect sensitive data related to your psychology practice. This data may be shared with a third party if we are legally or ethically obliged to do so (e.g. if instructed by a court or if there are concerns about malpractice and need to report to a professional body).
Clinical Psychologists are required to have regular supervision to maintain high standards, however steps will be made to protect your identity. We use first names only and do not share identifying details with our supervisors
You have the following rights (certain exceptions apply)
- Right of access: the right to make a written request for details of your personal information and a copy of that information.
- Right to rectification: the right to have inaccurate information about you corrected or removed
- Right to erasure (‘right to be forgotten’): the right to have certain personal information about you erased
- Right to restriction of processing: the right to request that your personal information is only used for restricted purposes
- Right to object: the right to object to processing of your personal information based on legitimate interests
- Right to data portability: the right to ask for personal information you have made available to us to be transferred to you or a third party in machine-readable formats.
- Right in relation to automated decisions: you have the right not to be subject to a decision based solely on automated processing which affects you, unless it is necessary for entering a contract with you, or you have given your explicit consent.
In order to exercise your rights please put your request in writing to the Data Controller, Dr Miriam Inder.
If you make a request we will ask you to confirm your identity if we need to.
Inder Psychology Service tries to meet the highest standards when collecting and using personal information, and take complaints seriously. Please contact us if you think our collecting or use if information is unfair, misleading or inappropriate.
We would also welcome any suggestions for improving procedures.
Telephone: 01245 905676
You also have the right to raise your complaint with the Information Commissioners Office (ICO):
Website: https: ico.org.uk
Telephone: +44 (0) 303 123 1113
If you are a current client when changes are made then you will be also be notified by email.