top of page
a desk containing a laptop, tea cup, eucalyptus in a vase, eye glasses and a note book

Data Protection Policy 

​

In 2018 there was a change in the law regarding how organisations have to protect your personal details and records otherwise know as 'data' which is called the General Data Protection Regulation (GPDR). This summary 

details how GDPR is applied by clarifying why confidential information is held and how Sudworth Psychology protects this which can be found here

 

The essentials

  • I cannot work with you unless you give permission for me to keep records

  • I keep information about you in order to provide you with a service, and to process payments

  • I have systems in place to protect your data

  • I follow the law, and codes of practice as regulated by the British Psychological Society (BPS) the Health and Care Professions Counsel ( HCPC)

  • I strive to the highest standards for data privacy. Please speak to me if you have any concerns, questions, or feedback. 

  • You have the right to have any inaccurate information corrected, and you are entitled to request a copy of your data free of charge.

  • If you believe I am performing in an unlawful manner, you can complain to the Information Commissioners Office (ICO) here

​

The reasons why information is kept

Part of my professional registration required me to keep information about those I work with and the work that is undertaken. I am unable to offer you a service unless you permit me to keep your data regarding you and our work together.

​

​

The legal requirement

​ I have a legitimate reasons for keeping data. I am registered with the Information Commissioners Office (ICO) to comply with this requirement. I observe the regulations applied the BPS and my professional regulator, the HCPC

​

The information that is kept

  • I keep your personal data such as your name, phone number, and address. I also store sensitive data such as your gender, social history, and our session notes

  • I will collect the information that you provided as well as your internet protocol (IP) address. This address is supplied automatically by the website software.  The web services that are used by Sudworth Psychology are themselves verified as GDPR compliant. 

  • I also collect data from any health insurance provider that has possibly referred you. I might collect and process this personal data that is provided by that organisation which can include contact information, referral information, authorisation for psychological treatment, and health insurance policy number. 

​

​

What is done with your information

There are three reasons as to why I collect your data: 1) to provide you with a service, 2) billing and processing of payments, 3) to help prevent serious harm

​

​

How long your data is kept

I keep your data for the duration of the time that we work together, and in line with professional guidance, for seven years after the work has been completed. Client data such as email address/phone number will be deleted from my computer systems and mobile phone following the termination of our work. 

 

 

Where your data is kept

  • On my iPad and laptop computer

  • In my email systems

  • In my mobile phone

​

​

How your data is kept safe

  • My laptop is password protected and uses Microsoft Defender Firewall to avert others from obtaining access to my laptop. 

  • Your session notes are kept in an encrypted external hard drive. This means that no one can read the data without the encryption key which is either a password or fingerprint. 

  • My iPad is encrypted, and can only be opened using a fingerprint or password each time it is in use.

  • Any paper notes or documents are scanned and uploaded to the encrypted hard drive. Once this is completed all paper notes or documents are immediately shredded.

  • My email systems are secured with a password, and need to be verified through a two step verification process.

  • My mobile phone is encrypted, and can only be opened with a password or unlock pattern each time I use it.

  • I use Google Authenticator on my mobile phone to provide me with two step verification codes.

​

​

Your rights

  • You have the right to request details regarding all of the information that Sudworth Psychology keeps and receives about you within 28 working days with no fee

  • You have the right to ask for any information to be corrected if you believe that it in incomplete or inaccurate

  • You have the right to complain if you believe I working unlawfully (please see the essentials above)

bottom of page