Privacy Policy and Data Protection For Clients

I am committed to protecting your privacy and protecting your personal data. This privacy policy explains your rights, and my obligation, to you as someone seeking or using the therapy services of Practical Wellbeing LLP under the General Data Protection Regulations (GDPR) (other services have their own privacy policies).

Your confidential information and how it is used.

Upon starting therapy, basic personal information will be collected for contact and identification reasons. This information may include your phone number, email address, postal address. It also includes our email correspondence and any text messages.

During our therapy sessions, an assessment of your emotional wellbeing will be completed, and notes will be taken during sessions. These may include personal and sensitive details about your life. The assessment and notes are used solely for the delivery of a therapy service to you.

Your rights

You have rights relating to the information I hold to verify the accuracy or to ask for them to be supplemented, updated or corrected. You have the right to request a copy of the information that I hold about you. If you would like a copy of some or all of your personal information, please email or write to me via the contact details stated in this agreement. Information will be provided to you within 30 days.

I want to make sure that your information is accurate and up to date. You may ask me to correct or remove information you think is inaccurate.

How long I keep your information for

Your information is kept for the time necessary to provide the therapy service requested, however outside of this I will hold your details and session notes for a period of 7 years following the end of treatment to comply with legal obligations that are placed upon me by my insurers (please note: this legally overrides the right to have your data deleted).

In the case of a child under 13 then records will be kept 7 years after they reach the age of majority (18).

After this date, all data will be securely deleted.

If you complete and return the Confidential Client Questionnaire but do not undertake therapy with me that document will be securely destroyed after 30 days.

Sharing of data

There may be times when your information needs to be shared with 3rd parties. Unless there are legal obligations on me not to do so, I will explicitly ask your consent before doing so, and the data will be sent to 3rd parties securely.

Security of your data

Information will be kept securely and confidentially in line with the data retention policy as stated above.

Your contact information will be stored on my code locked mobile phone.

Our email correspondence is password protected and my email service ensures that the emails are secure and encrypted.

All other electronic data is stored in encrypted documents on a secure server.

All paper notes are kept in a locked filing cabinet. When paper notes are digitised the paper copies are securely destroyed.

Unfortunately the transmission of information via the internet and email may not be completely secure. Although every effort is made to protect your personal data the security of your data cannot be guaranteed and any such transmission is at your own risk.

If our sessions are online they will be conducted using Zoom (https://zoom.us/) or the appear.in (https://appear.in) services. The data transmitted during meetings, webinars and chat sessions are encrypted and secure. Both services are compliant with the GDPR.

Lawful basis for processing your information

The lawful basis for my holding and using your information is in relation to the delivery of a contract to you, as a health care professional. As a member of NLPtCA and AAMET I operate under a strict code of confidentiality.

I have read the above and sign below to agree with the terms of the practitioner processing my personal information.

Client Name:

Client Signature:

Date:

Practical Wellbeing LLP operates in accordance with the General Data Protection Regulations (GDPR) and is the registered Data Controller (Reference No A8268096) with the Information Commissioners Office.