GDPR/ Privacy policy

 Personal Information I will Collect

As I psychologist I will collect both personal and sensitive data. The reason I collect your personal information is to enable me to deliver psychological therapy. I collect information at the point of initial contact (which might be via email, website contact page or phone call) as well as during the initial assessment session and any subsequent therapy sessions. The information I collect may include the following: 

●      Name

●      Address

●      Date of birth

●      Gender (or preferred identity)

●      Telephone/SMS number/Whats App contact details (plus permission to send SMS and Whats App message and leave voice messages)

●      Email address

●      GP name and practice address

●      Occupation

●      Relationships

●      Psychological therapy history including any current or historical psychiatric diagnoses.

●      Medical conditions relevant to psychological therapy

●      Prescribed medication

●      Current psychological difficulties

●      Historical psychological difficulties

●      Lifestyle and social circumstances

●      Risk information such as suicidal and self-harming history and alcohol and drug use

Information Storage

I have implemented technical measures to ensure your personal and sensitive data remains secure. Your information may be stored in the following ways: 

●            Paper; written notes which will include the initial email you sent or website contact sheet and therapy contracts. It may also include work done together in therapy that cannot be produced electronically. These will be stored in a locked filing cabinet.

●            Google Cloud; brief session notes will be stored on my google cloud which is GDPR compliant. Your name will not be used within my session notes and they will be saved by a non-identifiable code

●            Smartphone; I will store our contact information in my contacts but will use a non-identifiable code rather than your name.

●            Email/SMS/WhatsApp; your email address and correspondence will be stored in my email account (currently G-Mail) by nature of you contacting me. Your telephone number may be stored in my SMS or WhatsApp should we exchange messages this way but will be stored via a non-identifiable code rather than your name. Electronic correspondence will also be held by the corresponding app (Gmail, Phone’s SMS, WhatsApp) all of which are GDPR compliant.

●            Website; none of your personal information is stored on the Dr Victoria Ross website, other than to momentarily collect and send a contact sheet to my Gmail account for the purpose of making initial contact via that contact page.

●            Dropbox; Should you wish for us to share documents via dropbox I can set us up a shared dropbox account and all the information shared will be held by us and dropbox which is GDPR compliant.

●            Zoom session recordings; If you are using Zoom for your online psychological therapy sessions and would like your sessions to be recorded so you can listen to them again then a recording of the session will be saved within my zoom app on my computer and uploaded onto dropbox immediately after the session. The recording will then be deleted from zoom and my trash will be emptied immediately.

●            Electronic devices; All electronic devices (including computers, laptops and mobile phone) used to access stored information will themselves be password protected.

 

How I may Process and Share your Personal Information

●            Supervision; I have regular supervision with other qualified psychologists and therapists. Supervision is for my practice to ensure I am adhering to professional standards and evidence based ways of working. All of  my supervisors are GDPR compliant and thus we are considered joint data controllers.

●            Sharing Information with your GP/Other Health Professionals; Some clients like their GP (or other professionals involved in their mental health care such as a Psychiatrist or the insuring mental health care team) to be kept informed of the work they are doing in psychological therapy. This might include sending assessment/progress/discharge reports or having telephone conversations disclosing personal and sensitive information pertaining to you. We can discuss what and how much information is disclosed and you will be given an opportunity to make amendments before any letter/report is sent. I will only send reports or have telephone discussions of this kind if I have your permission to do so and you can withdraw consent for any further correspondence at any point during our work together (assuming there is no duty of care to disclose information-please see the point below). Your GP and other health professionals should be GDPR compliant (I would check to ensure this before sending any confidential information) and thus would be considered joint data controllers.

●            Duty of Care and Confidentiality; All the information you share with me is treated confidentially unless you request I share it, for example with your GP. The only exclusion to confidentiality is if I suspect there is a risk of harm, either to you or someone else. If I thought there was such a risk, I would discuss it with you if at all possible so we could consider how we can best manage the risk, which may include involving your GP or other care agencies. Only information relevant to managing the risk would be shared. If I don’t have your permission to share information and I deem there to be serious and imminent risk to yourself or someone else then my professional codes of conduct and the law may require that I inform an authority and share your personal information without your knowledge and permission.

●            E-Mail Exchange; Although G-Mail is GDPR compliant any confidential (e.g. personal and sensitive) information that I need to send to you will be typed into a memo, password protected and then attached to the email. I will inform you of the password in person or via video-conferencing. I advise you to share confidential information with me in the same way.

●            Postal Mail; Should I send any confidential mail in the post (to you or your GP) this will be clearly marked confidential.

●            Erasing Your Information; When we have finished working together, I will hold onto your information for seven years past the end of our work together. This is in line with my professional code of practice and is so that I have a reference of our work if you were to return to psychological therapy in the future. After this time has passed I will shred any written information via a confidential waste service and securely delete any electronically held information.

Your Rights

You have the following rights:

●            To be informed what information I hold (i.e. to be given or have access to this document).

●            To see the demographic information I have about you (free of charge for the initial request).

●            To make a ‘subject access request’ (SAR) for copies of your records. There may be an administrative charge for this and these will be provided within one calendar month of the request being made.

●            To rectify any inaccurate or incomplete personal information.

●            To withdraw consent to me using your personal information e.g. to withdraw consent for me to telephone you and request I contact you via email only.

●            To request your personal information to be erased (though I can decline whilst the information is needed for me to practice within my own professional code of ethics and conduct).

If you wish to assert any of these rights you should contact me.

I reserve the right to make changes to this privacy policy at any time by sending a notice to you via our agreed method of contact.