Independent Psychological Assessment and Treatment
Updated Privacy Notice for Therapy Clients
You may be aware of laws that came into force from the 25th May 2018 regarding data protection. The new General Data Protection Regulation (GDPR) sets out to provide a set of standardised data protection laws across all European Union countries. This Privacy Notice sets out how Dr Creanor Psychology, run by Dr Vicki Creanor, complies with these laws.
Dr Vicki Creanor is the data controller for Dr Creanor Psychology.
What personal data we process
Dr Creanor Psychology collects and processes the following personal data from therapy clients:
· PERSONAL DATA: basic contact information (name, home address, email address, contact numbers, GP and other health professionals’ contact details).
· SENSITIVE PERSONAL DATA: Client Profile, Risk Assessment, therapy records (therapist’s notes, letters, reports and/or outcome measures).
If you are referred by your health insurance provider, then we will also collect and process personal data provided by that organisation. That includes basic contact information, referral information, health insurance policy number and authorisation for psychological treatment.
The lawful basis for processing personal data
Dr Creanor Psychology has a legitimate interest in using the personal data and sensitive personal data we collect to provide health treatment. It is necessary information for us to be able to provide psychological therapy to clients.
We may also ask you for information about how you found our service for the purpose of our own service development.
No information you provide will ever be passed to others without your consent (unless deemed important to do so to reduce risk to you/others as per the contract of therapeutic engagement).
We will never sell your information to others.
What we do with your personal information
At Dr Creanor Psychology, we take your privacy very seriously. We will only use your personal information to provide you with the services you have requested from us.
If you do not provide the personal information requested, then we may be unable to provide a therapy service to you.
How long we store personal information
We will only store your personal information for as long as it is required. Basic contact details held on a therapist’s mobile phone will be deleted within 6 months of the end of therapy. Full names are never held on phone directories.
The sensitive personal data, as defined previously, is stored for a period of 7 years after the end of therapy. After this time, this data is deleted at the end of each calendar year.
How your personal information is used
We use the information we collect to:
· Provide our services to you.
· Process payment for these services.
Who we might share personal information with
We hold information about each of our clients and the therapy they receive in confidence. This means that we will not normally share your personal information with anyone else. However, there are exceptions to this when there may be need for liaison with other parties:
· If you are referred by your health insurance provider, or are otherwise claiming through an insurance policy to fund therapy, then we need to share appointment schedules with that organisation for the purposes of billing. We may also share information with that organisation to provide treatment updates.
· In cases where treatment has been instructed by a solicitor, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.
In exceptional circumstances, we might need to share personal information with relevant authorities:
· When there is need-to-know information for another health provider, such as your GP.
· When disclosure is in the public interest, to prevent miscarriage of justice or where there is a legal duty - for example, a Court Order.
· When the information concerns risk of harm to the client or to others. We will discuss such proposed disclosures with you unless we believe that to do so could increase the level of risk to you or someone else.
What we will NOT do with your personal information
We will never share your personal information with third parties for marketing purposes.
How we ensure the security of personal information
Personal information is minimised in phone and email communication. Sensitive personal data will be sent to clients in an email attachment that is password protected. Email used is gmail, which is considered to be very secure. Only initials in are entered into mobile phones – full names are not used. Personal information is stored on a computer that is owned by Dr Creanor Psychology and password protected. Any paper files will be scanned and made electronic and held securely under password protection. If this is not possible, they will be stored in a locked, secure environment.
Your right to access the personal information we hold about you
· You have the right to access the information we hold about you.
· We will usually share this with you within 30 days of receiving a request.
· There may be an admin fee for supplying this information to you.
· We may request further evidence from you to check your identity.
· A copy of your personal information may be sent to you in a permanent form (printed copy).
· You have a right to get your personal information corrected if it not accurate.
· If you believe that we have not complied with data protection laws, you can lodge a complaint with the Information Commissioner’s Office.
Dr Creanor Psychology reserves the right to refuse a request to delete a client’s personal information where this contains therapy records. Therapy records are retained for a period of 7 years in accordance with the guidelines and requirements for record keeping by the British Psychological Society (BPS; 2000)  and the Health and Care Professions Council (HCPC; 2017) .
Dr Vicki Creanor
Clinical Psychologist and Owner, Dr Creanor Psychology
 The British Psychological Society (2000). Clinical Psychology and Case Notes: Guidance on Good Practice. Leicester: Division of Clinical Psychology, BPS.
 Health and Care Professions Council (2017). Confidentiality – guidance for registrants. London: HCPC.