My practice is based on the belief that your needs are of the utmost importance. I am committed to meeting those needs. As a result, a high percentage of my business is from repeat customers and referrals. Your privacy is of the upmost importance.
UKCP Psychotherapist, Consultant and Clinical Supervisor.
UKCP Registration number 0005387
And the following website: geraldinemcewan.org
My contact details:
There are two sections to the following information:
1. About your personal data – the type of data that is collected or used, including when, how and why
2. Your rights – all the ways that you can control what happens with your data
ABOUT YOUR PERSONAL DATA:
When you work with me you may wish (or need) to provide personal details of a sensitive nature.
Upon intake I create a contact card in handwritten form with your details and those of an emergency contact eg. GP and any referring practitioner. I keep a hard copy of the contract and agreement signed by you at our first session. This contains your details, those of an emergency contact, your GP and any referring practitioner. These details are stored in a secure cabinet.
Subsequent case/session notes, including your initial assessment notes, are kept in digital form by me for the purpose of fulfilling our contract and keeping tabs on the work during the sessions and from one week to the next. These are filed securely and password protected with only initials and date as identifiers so that no other person may connect these details to your personal identity. These are kept separately from your contract.
If you have been referred to me by another health professional eg. psychiatrist or GP, I may be required to send them clinical updates from time to time, for the purpose of managing of your treatment. This is done in hard copy by post or by email, using only your initials.
I am required by law to retain these records for six years after the completion of our contract – or in the case of a minor, from six years beyond the date of their eighteenth birthday.
Other data sources:
Incoming data may also be received from my website host (Vistaprint), UKCP, NLPtCA, Skype and Zoom. If we communicate by email this also gives me access to your IP address which functions as an e-signature and which is retained for the life of the messages according to the situations above.
I may receive information from another practitioner as part of a referral. In such a case you may be unaware that the consented data transfer has taken place, I will therefore inform you of receipt within 28 days
Sharing your data:
Your privacy is important and I do not sell your data or share it except by your consent or under the law.
When working together, I may, with your explicit permission share your personal information to another practitioner or therapist as part of a referral. This will always only be with your personal consent and approval.
In continuation of current UK law on confidentiality I also retain the right and in some cases, the legal requirement, to breach confidentiality to inform an authority such as the police or your GP of impending harm or illegality.
The GDPR sets out clearly what your rights are. It also lays out deadlines for a reply and other rules which are reproduced for your information at the bottom of this section.
Right to be informed:
You have the right to be informed about the collection and use of your personal data. This is a key transparency requirement under the GDPR.
I must provide you with information including: my purposes for processing your personal data, my retention periods for that personal data, and who it will be shared with. This ‘privacy information’ is provided above.
I must provide you with privacy information at the time I collect your personal data from you, in other words it has to be available to you before you fill in a form or hand over your data such as your email address.
If I obtain your personal data from other sources, e.g., by referral, I must provide you with privacy information within a reasonable period of obtaining the data and no later than one month.
There are a few circumstances when I do not need to provide people with privacy information, such as if an individual already has the information or if it would involve a disproportionate effort to provide it.
The information I provide to people must be concise, transparent, intelligible, easily accessible, and it must use clear and plain language. Therefore if there is anything you do not understand, please get in touch.
Right of Access:
You have the right to access your personal data and supplementary information. This allows you to be aware of and verify the lawfulness of the processing.
You are entitled to confirmation that your data is being processed, access to your personal data, and other supplementary information as provided in this privacy notice.
Right to Rectification:
You have the right to have your personal data corrected if it is incorrect, or completed if it is incomplete.
Right to Erasure:
You may request, orally or in writing, to have your data erased. This is also commonly known as ‘the right to be forgotten’. This right only takes effect when:
Right to Restrict Processing
You have the right to request the restriction or suppression of your personal data. In other words you want to stop the data being used but keep it on file.
In this case your personal data cannot be used and can only be stored unless:
Right to Data Portability:
This allows you to obtain and reuse your personal data for your own purposes across different services. It allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without affecting its usability. Doing this is meant to enable you to take advantage of applications and services that can use this data to find you a better deal or help you understand your spending habits. In general this rule exists for data held by big service providers, such as your call history or insurance or gas bill history. The right also only applies to information you have provided.
If, as a private client you wish to carry a copy of your case notes or other sensitive data to another practitioner or other mental, physical or spiritual health service, these may be provided to you or to the nominated service provider, on request, as an encrypted and password protected document.
Right to Object:
Individuals have the right to object to:
Information Commissioner's Office
Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
Fax: 01625 524 510
You may of course also exercise your right to legal action.
You can claim a right verbally or in writing.
A response should come without delay and at least within one month of receipt. The time limit is calculated from the day after you make the request (whether the day after is a working day or not) until the corresponding calendar date in the next month.
I aim to respond within 28 days.
When you request access to your data, a copy must be provided free of charge. However, you can be charged a ‘reasonable fee’ when a request is: