Privacy Policy

Overview

This privacy policy outlines your rights and my obligations to you regarding recording and storing your personal information. In this privacy policy, I will let you know what information I need to collect from you before we begin psychotherapy and what information I need to collect from you during psychotherapy. I will also set out how I will look after your personal information, how long I will store it, and who I will share it with. In addition, I will let you know what you can request from me about this information.

What is personal information?

The Data Protection Act 1998 (DPA) defines personal information as any information that can be used to identify a living individual. Individuals can be identified by various means, including their name, address, telephone number or email address.

Why do you want to process my personal information?

My contractual obligations to you as a psychotherapist are the lawful basis for my processing of your personal information. I need to process your personal information to fulfil my contractual obligations to you as a psychotherapist, for example, to assess whether I can offer you psychotherapy in the first place and then deliver effective psychotherapy to you if therapy commences. Your personal information helps guide my assessment process and clinical decision-making during psychotherapy. I will also use the information I collect about you to develop a better psychotherapy website service.

What are the laws that protect my personal information?

The DPA and the General Data Protection Regulation (GDPR) require that all organisations that store personal information about people may only do so provided that the information is: processed lawfully, fairly and transparently; collected for specified, explicit and legitimate purposes; adequate, relevant and limited to what is necessary; accurate and, where necessary, kept up to date; kept in a form that permits identification of information subjects for no longer than is required for the purposes for which the personal information are processed; and processed in a manner that ensures appropriate security of the personal data.

How will you collect my personal information?

I will collect your personal information in the following ways: via my website: www.anthonyhilltherapy.com, on Zoom, over the telephone, in writing, and in person during our meetings.

How will you treat my personal information?

I will treat your personal information in a way that complies with the DPA and the GDPR. The lawful and proper treatment of your personal information is essential to maintain your confidence in me and the spirit of other clients and staff.

How will you store my personal information?

I will store your personal information both electronically and physically. Personal information is stored electronically on devices that are password and fingerprint I.D. protected and in files that are other password protected and only accessible by me. Names and contact details are stored separately from additional personal information (anonymised format). Information is stored physically using paper records held securely in locked storage in an anonymised form. These records are also only accessible to me.

How long will you store my personal information?

According to the GDPR, your personal information should be stored no longer than necessary. In practical terms, I will usually keep your information for a minimum of 7 years following the termination of your treatment. However, I may need to store your data for longer than this, for instance, to defend myself in a claim situation or comply with my insurance terms and conditions.

What types of information will you collect about me?

I will collect several types of information about you in several different ways. For instance, when you visit www.anthonyhilltherapy.com, I will collect the following information about your visit: I.P. address, location, search engine, date, time, web pages visited, operating system, and device.

If you contact me via the web form on www.anthonyhilltherapy.com, I will collect the following information: name, email, date, and time.

Before committing to provide you with psychotherapy services, I will ask you to provide me with the following information: name, telephone number, address, availability, psychological issues that you would like to address, and symptoms.

Once we have agreed that psychotherapy with me is suitable for you and your therapy commences, I will collect further information from you that may include: goals for treatment, G.P. contact details, previous therapy, current medication, previous criminal convictions, a network of support, financial and employment circumstances, health and physical issues, alcohol and drug use, appetite and sleep, family structure, an overview of your family situation, and early memories of caregivers.

What is ‘special category’ information, and why must you process this too?

Special category information is defined by the GDPR as being more sensitive than other personal information and therefore requiring higher levels of protection. Examples of this type of information could include information about your health, race, sexuality, sex life, or religion. To lawfully process special category information, I am obliged to identify a specific condition for processing it under Article 9 of the GDPR and communicate this to you. With this in mind, the state of the GDPR that I apply to process your special category information is ‘pursuant to a contract with a health professional’. This means that if you begin psychotherapy with me, or ask me to assess whether or not you are eligible for me to offer psychotherapy to you, then I will likely need to process some special category information about you. Usually, this is information about your mental health, and I need to process it to fulfil my contractual obligations to you in delivering safe, effective psychotherapy.

What is a ‘data controller’, and who is the ‘data controller’ for Anthony Hill Therapy?

The GDPR defines a ‘data controller’ as the person in an organisation who: ‘determines the purposes and means of processing personal data’. For the GDPR, the ‘data controller’ in Anthony Hill Therapy is Anthony Hill.

Who else will you collect information about?

I collect and process information about the individuals with whom my business operates. These include clients, staff, suppliers and other business contacts.

Who will my personal information be shared with?

Some of your personal information may be shared with your G.P. or another healthcare professional under certain exceptional circumstances. These include the requirements of a court of law, the threat of severe physical harm to you or others, or during regular consultations with my professional supervisor. Some of your personal information, such as website visits, telephone call data, or payment information, is shared with the website provider, mobile phone operator, or card payment provider, respectively. These providers operate under their privacy policies, which can be provided upon request.

Can I ask for a copy of the personal information that you store about me?

Yes. The DPA allows you to find out what information I store about you by requesting a copy. Any request you make to obtain a copy of the personal information I hold about you is called a ‘Subject Access Request’. You can ask for a copy of my information about you. I must respond to your request immediately, usually within one month. I may charge a fee for providing this information based on the administrative costs involved.

Can I request that you delete my personal information?

Yes. This is known in the new legislation as the Right to Erasure. You can request that your personal information be deleted. There may be an administrative charge for this. I may also have the right to refuse to comply with your request, for example, to defend myself in a claim or to comply with my insurance terms and conditions. I will let you know my response to your request within one month of receiving it.

Can I object to or complain about the processing of my personal information by Anthony Hill Therapy?

Yes. Whilst I hope that the policy outlined above will be sufficient to reassure you of the security of your personal information, should you wish to object or complain about how I am handling your personal information, please feel free to communicate this to me at the earliest possible opportunity. I will do my best to address your concerns and take steps to resolve any issues you may raise. Should you wish to take the matter further, please contact the Information Commissioner’s Office at 0303 123 1123, or visit https://ico.org.uk/concerns/ for more information. Please get in touch with the Information Commissioner’s Office.