top of page

Privacy Policy

GDPR (General Data Protection Regulation) is the most significant piece of privacy and data protection in twenty years. It came into effect on 25th May 2018 and from that date we are required to ensure that we gain a new data protection and privacy consent from all clients. In it (amongst other things) we confirm what information we hold about you and how we are permitted to use it.

 

When we agree to work together I will ask you to consent to the terms of this Privacy Policy.

I will collect certain data from you to meet mandatory requirements regarding clinical notes. I am required to keep clinical notes for a period of a minimum of 7 years for adults. If you are under 18, I am required to keep your clinical notes until your 25th birthday.  Your details will be destroyed after this period. Your data will be stored on a cloud based GDPR compliant practice management program. I collect your contact details to assist with the administration of your appointments/changes to scheduled appointments and/or reminders about appointments. I require an emergency contact OR GP details incase something should happen to you whilst we are working together.

 

I will collect your medical details as I need to be aware of any relevant medical conditions or medications that may affect you during our work together.

 

Exceptions to Confidentiality:

 

The content of all sessions is confidential, including all records and notes and these shall not be processed or shared unless in the following circumstances:

  •  Where your consent is given for confidence to be broken.

 

  • Where I am compelled to break confidentiality by a court of law.

 

  • Where information disclosed during the session is of such concern that confidentiality cannot reasonably be expected to be maintained. This may be in the case of serious crime or if I have reason to believe that there is a serious risk of substantial harm to yourself or others. If this is the case I reserve the right to contact the appropriate authorities. I would keep you informed prior to disclosure unless I consider that the urgency of the situation requires immediate action to safeguard the physical safety of yourself or others.

 

  • I have appointed a clinical executor who would have access to your name and contact details to enable them to contact you in an emergency or if for any reason I am no longer able to work with you. In the event of my death they would be responsible for deleting your records and notes.

I take your privacy seriously and will take all reasonable steps to ensure the protection of your data. Please note that your right to be forgotten cannot override the legal requirements to keep clinical notes for the mandatory periods. You can request a copy of any data held about you by submitting an Access Request.

Complaints Procedure

 

I am committed to protecting your personal information and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you have any concerns about how I handle your personal data, I encourage you to contact me so I can investigate and resolve the matter.

 

How to Make a Complaint

 

If you wish to make a complaint regarding my processing of your personal information, please contact me by email or post:

 

Data Protection Officer: Ellie Simpson

Email: ellie@elliesimpsontherapy.co.uk

Postal Address: Ellie Simpson Therapy, 11 Downview Road, Barnham, West Sussex, PO22 0EG.

 

Please provide as much detail as possible about your concern, including any relevant dates, correspondence, and the nature of your complaint.

 

How I Will Handle Your Complaint

 

Upon receiving your complaint, I will:

 

  • Acknowledge receipt of your complaint as soon as reasonably practicable;

  • Investigate the matter fairly and thoroughly;

  • Keep you informed of the progress of our investigation where appropriate;

  • Aim to provide a substantive response within one calendar month of receiving your complaint.

 

Where a complaint is particularly complex, additional time may be required. If this is the case, I will inform you and explain the reasons for any delay.

 

Your Right to Complain to the Information Commissioner’s Office (ICO)

 

If you are dissatisfied with my response, or you believe that I have not processed your personal information in accordance with applicable data protection laws, you have the right to lodge a complaint with the UK supervisory authority:

 

Information Commissioner’s Office (ICO)

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

Telephone: 0303 123 1113

 

Website:  Information Commissioner's Office (ICO)⁠

 

My ICO registration: ZA785565

 

The ICO recommends that individuals raise concerns with the organisation involved before submitting a complaint directly to them.

 

Your Data Protection Rights

 

Submitting a complaint does not affect your statutory rights under UK data protection law. Subject to applicable legal requirements, you may have the right to:

 

  • Request access to your personal data;

  • Request correction of inaccurate or incomplete personal data;

  • Request erasure of your personal data;

  • Request restriction of processing;

  • Object to certain processing activities;

  • Request the transfer of your personal data to another organisation;

  • Withdraw consent where processing is based on consent.

 

Requests relating to these rights should be directed to Ellie Simpson using the contact details provided above.

bottom of page