In order to provide you with our services, we need information from you which may include your identity, your address, your email, and your telephone. In the case of therapy, additional details may be taken to provide the service you are expecting such as notes about your sessions, medical records, school records, insurance reports, personal history, sexual preferences, relationships, etc. In addition to any requirements of the GDPR, this information may be further protected by the British Psychological Society code of ethics and the regulating body Health and Caring Professions Council.
We may use your information in our accounting system to bill for services, take payments, file tax returns, and track your financial obligations to us. Once our financial relationship is concluded we will continue to hold that information until no longer required by HMRC or any other party with a legitimate interest.
Lawful Basis for Processing
Our basis for processing your information is legitimate interests. This is information that both you and we might reasonably expect to be provided and maintained in order to provide the service or information you want. You may have also provided this information when meeting in person at a conference or business meeting.
Our basis for processing special category information is also legitimate interests and this will be information you have consented to provide to us in order for us to provide you with the services you have requested. It is information that we both would reasonably expect to be shared.
Categories of Personal Data Obtained.
We do not obtain data from third parties unless it has been released to us with your informed consent. Examples of this may be legal, medical, criminal, educational, social, or other records released by your solicitor for use in preparing a report on your behalf.
Data we receive will nearly always be obtained either directly from you, your representative, or your guardian. In the case of children, this information will be obtained from the child and/or the guardian.
We may access public records such as but not limited to Companies House, County Courts, social media sites, Information Commissioner's Office, and others if deemed necessary to pursue legal claims for the recovery of debts owed to us.
Recipients of Data
Data received from you will be used only within our organisation for the purposes you and we reasonably expect for the services being provided. Except as required by law, courts, or police, we do not release data to recipients outside of our business.
Transfers Outside of the EU
We do not transfer data outside of the EU for processing, meaning to be handled, viewed, manipulated, scanned, or otherwise accessed by someone outside of our business. However, data may be moved and stored outside of the EU for our own purposes such as accounting, storage, video consultations, emails, and similar circumstances. We make an effort to ensure these providers are GDPR compliant, to minimise our use of such providers, and to consider if security measures are in place that are reasonable and reliable. It is also likely that we may work with you or communicate with you while we are located outside of the UK or EU. In any event, our company will continue to comply with the GDPR and respect your rights.
How Long We Hold Your Data
We hold data only as long as we are required by law for accounting and tax purposes, which may be three years or longer. If you make an enquiry via our website we will keep that correspondence only as long as your enquiry is active. Emails received directly and related to services we are providing you will be kept only as long as we are working with you and will typically be deleted 30 days after we cease working with you. Notes maintained as part of therapy or supervision with you will be deleted seven years after you advise us we are no longer working with you. If input is provided while a personal injury claim is ongoing, notes will be held for seven years or up to 30 days of the case settling, which5ever is the longer.
A complete summary of your rights is available at the Information Commissioner's Office website. You may request copies of data we hold on you and we must provide this information free-of-charge within 30 days. However, if your request is unreasonable or you have made repeated requests for the same information, we may refuse to comply unless and until a fee is paid or an agreement reached on the data to be provided. You always have the right to file a complaint with the Information Commissioner's Office if you feel we have violated your rights under the GDPR. We will do our best to provide your information in a format that you can understand and use.
Source of Personal Data
We do not obtain data from third-parties without your consent except in the case of children or vulnerable persons and then this data will be obtained from a responsible party, solicitor, or a party holding power-of-attorney. If you are asking us to work in a legal case in which you are a party, we may receive information from the courts, the police, the Crown, or your legal team. In this case such a release is made on your behalf by parties you have authorised. We may receive data from an insurance company or medical providers, again on your authorisation and knowledge.
Your Obligations to Provide Data
You are under no obligation to provide information to us, but we may not be able to provide you with the services you are requesting. In such a case, we may choose to not provide you with services that you are seeking.
Automated Decision Making
We do not engage in any automated decision making with your data.