I, Dr. Jacqueline (Jacqui) Hammond-Wyatt, am a sole trader offering clinical psychology services. I take the collection and storage of your information very seriously and comply with both the Data Protection Act 1998 and also the European General Data Protection Regulations 2018.
This privacy notice provides information about the personal information I process about you, in compliance with the General Data Protection Regulations (GDPR). I act as the data controller and am registered with the Information Commissioner’s Office (ICO).
What information do I collect?
As part of the assessment and therapy process I will collect information from you. This will include details such as names, address, contact details, school, ethnicity, and GP. I will also collect information relating to your/your child’s physical and mental health. I will take notes during our sessions to help me plan our work.
Some of the information I may collect is classified as sensitive personal data. My lawful basis for collecting this information are ‘legitimate interest’ and ‘provision of health treatment’. I will only use this information in relation to the delivery of a contract to you as a health care professional. The ICO website contains further information on lawful basis for collecting and storing information.
This information will allow me to provide an assessment/therapy service to you and to help me ensure the quality of my service. I will not use your information for marketing purposes.
What information will I share?
There may be times when I will need to share information with third parties. Firstly, I will share information with your child’s GP via a copy of reports that I write to you. I may also discuss with you sharing information with other bodies e.g. school, or other professionals if this feels appropriate. This is to ensure you and your child receive the best possible care.
In accordance with British Psychological Society Guidelines I receive supervision from another registered Clinical Psychologist. This Clinical Psychologist is also bound by regulatory body rules of confidentiality. I will discuss details of our work and share sensitive data but will not disclose personal data (e.g. names).
If I feel that you/your child is putting themselves or others at risk then I may have to break confidentiality and inform the relevant parties. This may be statutory bodies e.g. Social Services or may be parents if the child is under 18 years of age. If possible I will discuss this with you/your child before sharing the information.
How is information stored?
I will keep information securely in accordance with ICO guidelines. Storage may be electronically or hard copy. Hard copies will be stored in a locked filing cabinet. The files may be transferred to clinics by car. Electronic information will be stored on a password protected computer. Emails will be stored in a password protected account in a GDPR compliant email account. I will not store your number on my mobile phone although I will keep text messages whilst you are receiving a service. Text messages will be used primarily to confirm appointments. Please do not send any sensitive information via text message.
I may communicate with you by post, mobile phone or email. If I send reports electronically they will be password protected.
How long will information be kept for & what rights do I have?
By law I am required to keep records securely for a period of 7 years (or for 7 years after a child’s 18th birthday). Records will then be destroyed. You have the right to request access to the data that I hold on you free of charge. You also have the right to request the correction or deletion of information that you believe to be inaccurate.