Brighter Life Therapy needs to gather and use certain information about clients and prospective clients in line to provide their services. This policy describes how this personal data is gathered, handled and stored to meet the data protection standards expected of Brighter Life Therapy and to comply with the law and GDPR rules.
What data we gather
We may collect the following information to enable us to work with you therapeutically, including appointment reminders and invoicing:
- Address (postal and email)
- Phone number
- Date of birth
- GP details
- Name of educational establishment (where relevant)
- Details of private health insurance policies (where relevant)
- We will also collect a significant amount of other personal data relevant to assessing and treating your presenting psychological difficulties.
How we gather this data
- General enquiry form
- Mailing list sign up form
- Google Analytics tracking.
- Facebook page plugin and like button cookies.
How we use this data
By collecting this data we are able to:
- Contact you for an initial consultation, assessment and/or therapy sessions
- Link you up with an appropriate therapist
- Conduct a thorough psychological assessment
- Devise and implement an effective treatment plan for therapy
- Invoice for the services used
- Communicate (when necessary and agreed with you) with relevant third parties to support your treatment and manage risks
- Provide monthly emails to update you on our recent blogs and service updates (if you opt in)
Controlling information about you
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by contacting firstname.lastname@example.org
(b) We have a contractual obligation.
(c) We have a vital interest.
We will always hold your information securely:
- All client files and therapy notes are kept secure in a locked filing cabinet and on a secure, password-protected software programme.
- Access to your personal information is restricted on a ‘need-to-know’ basis only i.e. for those concerned directly with your care and with your account
- Any emails that we send you with attachments including personal information will be password protected, and the password will be provided in a separate email.
- All data is backed up securely.
To prevent unauthorised disclosure or access to your information, we have password protected all documents. In the unlikely event of a data protection breach we will notify the Information Commissioner’s Office (ICO) so that their procedures can be followed. We will also notify all individuals whose data may have been accessed to alert them to the breach and any potential risks.
If any of your personal data changes during your time as a client with us e.g. if you move address, change GPs, change your name etc., we would be grateful if you could notify us at the earliest opportunity so we can ensure our records are up to date.
Subject access requests
Under the GDPR rules, all individuals who are the subject of personal data held by Brighter Life Therapy are entitled to:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
If you would like to request a copy of the data we hold about you, this is called a subject access request. Subject access requests should be made in writing on email to the Data Protection Lead (email@example.com). We will aim to provide the relevant data within 30 days. We will always verify the identity of anyone making a subject access request before handing over any information.
How long we hold your data for
Your data will be kept for the lifetime of your status as a client with us. When you cease to be a client with us, your data will kept for a maximum period of seven years. Brighter Life Therapy has the right to retain your data for the seven-year period so that it can respond effectively to any questions or complaints that may later be raised by you and/or your representatives.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at:
Data Protection Lead
105 London Street
You can also complain to the Information Commissioners Office (ICO) if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk