We aim to be as clear as possible about how and why we use information about you so that you can be confident that your privacy is protected.
This policy describes the information that we collect when we work together. This information includes personal information as defined in the General Data Protection Regulation (GDPR) 2016 and any subsequent data protection legislation.
This policy describes how we manage your information when we work together, if you contact us or when we contact you. We use the information we collect in accordance with all laws concerning the protection of personal data including the Data Protection (Jersey) Law 2018. As per these laws, we are the data controller; if another party has access to your data we will tell you if they are acting as a data controller or a data processor, who they are, what they are doing with your data and why we need to provide them with the information.
If your questions are not fully answered by this policy, please contact us. If you are not satisfied with the answers from us, you can contact the Office of the Information Commissioner (ICO).
1. Why do we need to collect your personal data?
We need to collect information about you so that we can:
- Know who you are so that we can communicate with you in a personal way. The legal basis for this is a legitimate interest.
- Deliver goods and services to you. The legal basis for this is the contract with you.
- Process your payment for the goods and services. The legal basis for this is the contract with you.
- Verify your identity so that we can be sure we are dealing with the right person. The legal basis for this is a legitimate interest.
2. What personal information do we collect and when do we collect it?
For us to provide with you with goods and services, we need to collect the following information:
- Your name
- Your contact details including:
- a postal address
- telephone number(s)
- electronic contact such as:
- email address
- your date of birth
- your health insurance details.
We collect this information directly from you.
We may also collect information about you from a health professional (such as your GP) to provide a complete health assessment. This may include sensitive personal information.
3. How do we use the information that we collect?
We use the data we collect from you in the following ways:
- To communicate with you so we can inform you about your appointments with us, and outstanding payments, we use your name, your contact details such as your telephone number, email address or postal address.
- To deliver the correct service to you we use your name, your contact details and other information collected from you during sessions. We may also use information from third parties, such as referrals from GPs.
- To create invoices for sending to health insurance companies we use your health insurance membership number and authorisation code, or we use an online encrypted system.
4. Where do we keep the information?
We keep your information in the stores described below.
We use a desktop computer located in my consulting room. This computer is password protected and the hard drives are encrypted. Passwords are not shared.
We also store notes on an electronic note-keeping device. This is kept in a locked filing cabinet and is password protected. This device is backed up using an encrypted cloud service and/or using the desktop computer’s encrypted hard-drive.
We use Microsoft Word to produce invoices. The computer record includes the most recent invoice generated. We also use Microsoft Word to produce letters to health professionals and health insurance companies.
We keep paper-based information in a lockable filing cabinet in my lockable office.
5. How long do we keep the information?
We will keep the paper and electronic records for seven years in line with legal and professional requirements. We will keep invoices for seven years in line with tax return guidance. Paper records are destroyed using a secure shredding service.
6. Who do we send the information to?
We will only send information needed to deliver my service.
We send invoices and reports to health insurance companies and health professionals as required professionally and abide by confidentiality as stated on my terms and conditions.
Invoices and reports are sent either by post or by email pseudonymised with company codes. Where this is not possible or practical all documents are password protected.
Cloud storage providers will have information shared with them in compliance with GDPR.
Routine emails are deleted in a timely manner. Any documentation that is relevant for clinical files is printed and stored in the lockable filing cabinet.
We are required to abide by professional guidelines that state exceptions to confidentiality as outlined in my terms and conditions (eg, if your health is in jeopardy, with your agreement, we may share information with a mental health crisis team). In addition, if we become aware of your intent to cause harm to another person, the law may require us to inform the relevant authorities without seeking your prior permission.
7. How can I see all the information you have about me?
You can make a subject access request to us. We may require additional verification that you
are who you say you are to process this request. We may withhold such personal information to the extent permitted by law. In practice, this means that we may not provide information if we consider that providing the information will violate your vital interests.
8. What if my information is incorrect or we wish to be removed from your system?
Please contact us. We may require additional verification that you are who you say you are to process this request. If you wish to have your information corrected, you must provide us with the correct data and after we have corrected the data in my systems we will send you a copy of the updated information in the same format as the subject access request in section 7.
9. How can I have my information removed?
If you want to have your data removed we have to determine if we need to keep the data for example, to comply with professional bodies or tax requirements. If we decide that we should delete the data, we will do so without undue delay.
10. Will we send emails and text messages to you?
As part of providing my service to you we will send you emails and, where relevant, text messages. If you do not wish to receive communication through these means, please let us know.