The GDPR seeks to protect your privacy in respect of data held on you – particularly sensitive data. I am registered with the Information Commissioners Office (ICO) as a Data Controller. Please find below some information about the data I collect on clinets, how it is stored, and for how long it is kept. I have thought carefully about your privacy, and I handle all data with transparency, respect and care.
What information do I keep?
I keep the name, date of birth, contact information and GP details of all my clients. This is in case I need to contact them or their healthcare provider in the event of an emergency. I write brief session notes, but file names are coded and clients are not identifiable. My notes are kept entirely separate from any contact details. All data is stored electronically (password protected) or in a locked cabinet.
Who else can access this data?
A trusted colleague has the password to my contact details file and will access it to contact you in the unlikely event of my being incapacitated. No one other than me can access my session notes.
How long do I keep your data?
Six months after work is finished, I erase each client’s contact details, including all our online correspondence. I keep my session notes for seven years and then erase them. If a clients wishes to withdraw consent to me keeping this data at any point, they can email me at firstname.lastname@example.org
I am responsible for data protection, control and processing. Any request or enquiry regarding data control and processing should be sent by email to email@example.com. In accordance with GDPR, any request will be answered within 30 days.