In order to provide you with a service, I will need to handle some of your personal information. ‘Personal information’ includes details about you which you can be identified from, including names, date of birth, contact details and GP.  I may also handle and process additional sensitive data from you such as medication you take, medical history and investigations historically or ongoing, personal history, relationships.  In addition to the requirements of the General Data Protection Regulation (GDPR), this information is further protected by the British Psychological Society (BPS) code of ethics and the Health and Care Professionals Council (HCPC). 


Where will my information be stored?

Your personal information is held in the form of written paper notes, outcome measures and questionnaires and invoices.  Electronic personal information is stored in an encrypted memory stick which is password protected.  All the electronic files are also password protected. 

I will delete emails from you within 30 days of receiving them and ensure information from them is stored electronically or in your paper notes compliant as above.  Invoices will be password protected and we will agree a password in our session so you can open them with ease. 

Your paper notes from session are kept in a locked drawer in my office. 


How long will I hold this information for?

I will hold your information for the duration of your clinical psychology sessions with me and for seven years after.  The HCPC and BPS specify this as part of our data retention requirements for information governance.  The paper notes from our sessions will be electronically scanned and stored (as above for seven years) shortly after your last session.  These paper notes are then shredded and disposed of. 


Lawful basis for processing data

The basis used for processing your data is legitimate interests.  This is information that both you and we might reasonably expect to be provided and maintained in order to provide a Clinical Psychology service to you.  The more sensitive information such as sexual preference, medical history etc, also falls under the legitimate interests and this information you will have consented to providing me with. 


Your rights

You can request copies of your data we hold and I must provide this data to you, for free, within 30 days of your request.  Additionally, you have the right to request for information about you to be erased and deleted.  We will arrange a time to discuss this request however I will not be able to guarantee all requests are fulfilled. For example, if you are involved in a legal matter then we will not be able to delete this data as it will be required. 


What if I think the information you hold about me is incorrect?

If you believe the information I hold about you is incorrect, please contact me and inform me so I can ensure your personal data is as up to date and accurate as possible.