DATA PRIVACY POLICY

 This information sheet explains what data I keep about you, why I do this, how I keep it safe and what your rights are.

I have systems in place to protect your data and aspire to the highest data privacy standards. If you have questions, concerns or feedback then please let me know so that I can address them. You can contact me on: jessicamunafo@live.co.uk.

 

What data do I keep?

I keep personal data, e.g. your name, address, telephone number, email address, date of birth, emergency contact details. I also keep sensitive data, e.g. notes taken during or after our meetings which may include information about your gender, health history and social history. In some circumstances you may complete questionnaires related to your well-being.

Session notes are kept in order to allow effective service delivery, allowing a continuity of care between sessions and a way to record progress towards your goals.

Should any of your personal data be subject to change (e.g. if you change your name, move house etc.) during your active involvement with me, please notify me at your earliest convenience so that your records are kept up to date.

I keep client data throughout my work with clients and in line with professional guidance. All data is deleted after the ‘retention period’ and no later than the first working Monday of the January following it.

Ø  For therapy clients aged 18 and over, the retention period is 7 years after the work has ended.

Ø  For therapy clients aged under 18 after the work has ended, the retention period is 7 years after the client’s 18th birthday.

Ø  For people enquiring about working with me (who do not become clients) the data retention period is 1 year.

 

Why do I keep information?

My professional registration requires me to keep information about my clients and the work that I do. I cannot offer you services unless you allow me to keep data about you and our work together. I keep information about you so that I can communicate with you about appointments, for invoicing and for risk management/safeguarding purposes.

I have a duty of care as a health professional to contact your GP/relevant third party professionals if you are taken ill during a session and require urgent medical care, or if it is felt that you may require additional support from a professional because of concern about you being at risk of harm in some way.

If I believe that contacting your GP or another professional is necessary, then all possible efforts will be made to involve you in this decision.

 

How do I keep your information safe?

Any information held about you is stored and processed in line with the General Data Protection Regulation (GDPR). I am registered with and follow the guidance outlined by the Information Commissioners Office (ICO) and also the Health and Care Professions Council (HCPC).  

In the unlikely event of a data breach, I will notify the ICO so that their procedures can be followed. I will also notify all individuals whose data may have been accessed to alert them to the breach and any potential risks. You can complain to the ICO if you think that I am acting unlawfully. Visit https://ico.org.uk/make-a-complaint/ or telephone 0303 123 1113.

 I store data on my laptop, on my mobile phone, in a paper file and in my email systems. My laptop and mobile phone are password-protected, my paper notes are stored in a locked cabinet and my email systems are secured with a password and two-step verification.

Online meetings are conducted via Zoom, an end-to-end encrypted video calling service. If we agree to meet online you will need to download Zoom to your smartphone, computer or tablet. Zoom is free to download from the web or from your device app store and you can read more about how Zoom protects its users here: https://explore.zoom.us/en/trust/.

Every effort will be made to keep your data confidential. However, in certain circumstances the Data Protection Act allows me to disclose data (e.g. as part of legal proceedings or if there is a concern about any member of the public being at risk of harm). If your data is disclosed, then I will take all reasonable steps to notify you about the disclosure and will also ensure that any data request from a third party is legitimate, reasonable and necessary.

My website uses cookies so that I can see how many people have visited and which pages are most popular. Cookies are anonymous and contain no personal data. You can turn cookies off in your website browser if you wish to. Access to the analytics on my website are secured with a strong password.

What are your rights?

You have the right to:

Ø  request details of all the information that I keep and to receive it within one month at no fee

Ø  have information corrected if you consider it inaccurate or incomplete

Ø  complain if you think that I am acting unlawfully. 

If you would like to request a copy of the data held about you, this is called a subject access request. Subject access requests should be made in writing and I will always verify the identity of anyone making such a request before handing over any information.