This statement confirms how I, Esther Newall, use and protect any information that you give to me when you use my services. It explains how I comply with the GDPR (General Data Protection Regulation).
I am committed to safeguarding and protecting your information. If I ask you for any information, it will only be used according to this privacy statement. I may change this policy from time to time in line with legislation. This policy is effective from May 2018.
Where necessary, to act in your best interests, I may need to process information that is sensitive in nature such as health information. In rare circumstances, I may need to share this information with a third party such as a GP if I consider there is a real possibility of harm to yourself or others or in such instances when information is of such a gravity that confidentiality cannot be maintained for example:
•
Safeguarding adults (adult protection)
•
Safeguarding children (child protection)
•
Offences involving children under the age of 18
•
In cases of terrorism, fraud or money laundering
Further details regarding confidentiality can be found in my Client - Therapist Agreement.
I have procedures and security to ensure that I do my best to safeguard your information and prevent unauthorised access.
How I use information
•
To carry out the contract between us and to provide you with the services that you request from me
•
To keep records such as client hours
•
To run and maintain my business i.e. for financial records
Storage
I will store information for no longer than 7 years and no less than 2 weeks, depending on the information provided. My computer is password protected to ensure the safety and protection of your information. No session notes are kept on my computer but are stored in a locked filing cabinet in my home. These will be shredded within the above time frame.
Access to information
You can request access to the personal information that I hold on you and, except in limited circumstances when I am not permitted to do so for legal reasons, I will provide this information to you within 30 days.
If you think that any information that I hold about you is inaccurate, you are able to ask me to update your information. If you want me to delete your information, please request this in writing and I will endeavour to do so, unless I need to keep it for legal or internal business purposes.