How We Use and Share Your Information
Evolve Psychotherapy is committed to making sure that Your data is securely protected and that you are aware of the rights you hold when your data is being processed by us.
Tina Wright is the Data Controller of the data Evolve Psychotherapy holds about its clients. You can contact the data protection officer by emailing email@example.com.
Glossary of Terms:
GDPR: General Data Protection Regulation. New data privacy and protection regulations replacing the individual data protection laws in all EU countries on 25th May 2018.
Therapy Notes: anonymised notes securely kept by your therapist to support continuity and progress through the therapeutic process.
Consent; Freely given, specific, informed and explicit consent by statement or action by the patient, staff member or any person signifying agreement to the processing of their personal data.
Controller: The Natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor: A natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Data Subject: Any individual we deal with such as a client, patient, therapist or Doctor whom the particular personal data is about.
Data Protection Officer (DPO): An expert on data privacy who works independently to ensure the business is adhering to the policies and procedures set forth in the GDPR.
Personal Data: Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
Processing: Any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.
Right to be Forgotten (RTBF): Also known as 'right to erasure'. Entitles the data subject to have the clinic erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data.
Why We Maintain Personal Data:
We need to collect and maintain a record of the care you receive to ensure that:
· Professionals involved in your care have accurate and up-to-date information.
· We have all the information necessary for assessing your needs and providing excellent care.
· Your concerns can be properly investigated if you raise a complaint.
· Accurate information about you is available if you need to transfer to another therapy provider or request a referral to an allied health professional.
We have a duty to:
· Maintain full and accurate records of the therapy we provide to you.
· Ensure that your records are confidential, secure and accurate.
· Provide a copy at your request in an accessible format.
Your record may include some or all the following:
· Your name, address and date of birth.
· Contact we have had with you, such as appointments.
· Therapy notes, test results and reports kept confidentially by your therapist.
· Relevant information from referrers such as health professionals or relatives.
Identifying You as an Individual:
We have many patients with similar names so it vitally important for all patients to be properly identified as individuals. In order to be sure that you have been correctly identified we may ask you for a number of pieces of information. Suitable items include:
· Full name
· Date of birth
· Permanent address
· Email address
· Contact number
How Evolve Psychotherapy Uses Your Contact Details:
We take your privacy seriously so please let us know if you have any specific contact instructions.
If you provide a mobile phone number: we may ring, leave a message or text you, please inform us if you do not want us to do so.
If you provide a landline: we may leave a message, please inform us if you do not want us to do so.
If you provide us with your email address: we may use it to send confidential information, unless you have instructed us not to do so.
Please read the following before providing us with your email address:
Further Email Information:
· Emails can be quick and convenient and will allow you to keep a record (unlike a phone call). However, although our own systems are secure, it may be possible to intercept your email when it is being sent over the internet. Be aware also that if you share your computer, others may read your emails.
· You can use email as a method to contact us in relation to a query or to ask about an appointment.
. Email is used to inform you of other services, offers, information, and research that you may be interested in.
· Do not give more personal information than we need to process your request.
· Do not ask us to send you personal details that you would not want seen by other people.
· If you have an urgent question or feel at risk after going home after treatment contact an emergency service e.g. 111 or 999, for life threatening conditions, by telephone, do NOT email Evolve Psychotherapy in an emergency.
How Your Records Are Kept:
Our guiding principle is that we hold your records in strict confidence. We use appropriate technical and organisational measures to ensure this.
Evolve Psychotherapy is registered under the Data Protection Act 1998. It abides by the law and observes good practice in maintaining confidentiality and appropriate information security. We will fulfil its obligations to the fullest extent, including ensuring that the following 8 principles governing the processing of personal data are observed.
i. Personal data shall be processed fairly and lawfully
ii. Personal data shall be obtained only for specified and lawful purposes, and shall not be processed in any manner incompatible with those purposes
iii. Personal data shall be adequate, relevant and not excessive in relation to the purposes for which it is processed
iv. Personal data shall be accurate and, where necessary, kept up to date
v. Personal data shall be kept for no longer than is necessary for the purposes for which it is processed
vi. Personal data shall be processed in accordance with the rights of data subjects under the Act
vii. Personal data shall be subject to appropriate technical and organisational measures to protect against unauthorised or unlawful processing and accidental loss, destruction or damage
viii. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of data protection.
Information about you and the services you receive may be held in written and electronic formats and will be kept for the specific retention periods outlined by the relevant professional bodies. Data held on paper or disk will be processed in accordance with the Data Protection Act and destroyed using secure documented procedures after the time periods set out by the Department of Health.
How Your Records Are Used:
We use your records to:
· Ensure that any treatment or advisory services we provide to you are based on accurate information.
· Send a letter about your care to your GP or other health professional unless you tell us not to do so.
· Work effectively with other services providing you with treatment or advice.
· Monitor the quality of our care and help us to understand the outcomes of therapy.
· Investigate any relevant concerns or complaints you or your family have.
· Provide information that is needed for financial transactions in relation to payment for treatment, such as billing. For private patients this may include details shared with your insurance company, credit card company or bank. If you have any concerns about this, please contact your financial or insurance provider.
We May Also Share Information That Identifies You Where:
· You ask us to do so
· We ask for specific permission and you agree to this
· We are required to do this by law
· We have special permission because we believe that the reasons for sharing are so important that they override our obligation of confidentiality (e.g. to prevent someone from being seriously harmed)
Evolve Psychotherapy will not provide client information to other organisations except under the circumstances described in this Privacy Notice.
Sharing information with Other Healthcare Professionals and Family:
You must specifically name other people, with whom you would like us to share information about you. We make best efforts to ensure that information provided over the telephone is restricted to those you have named, and we share on a need-to-know basis. Sometimes this means refusing to disclose information about you to someone who feels they should know about your treatment and progress. Please make your family and friends aware of this.
Sometimes we have a legal duty to provide information about people, e.g. where personal risk is a factor and when a court order instructs us to do so. Records may also be shared without the patient's consent in exceptional situations, such as to safeguard adults or children.
Sharing Your Records Outside the EU:
If your permanent address is outside the EU, or your treatment is continuing outside the EU, we may send details of your treatment to individuals based outside the EU specifically to promote your ongoing care. This would normally be the doctor who referred you to us for treatment. If you wish, we can give you the documents so that you have physical control over this information.
In the usual course of our business, we may use third parties to process and store your data on our behalf. We normally store your data on secure servers in the European Economic Area (EEA). Such processing is subject to contractual restrictions regarding confidentiality and security in addition to the obligations imposed by the Data Protection Act 1998.
Exceptionally we may use suppliers who are based outside the EEA for processing and storing your data. We have strict controls over how and why your data can be accessed. By submitting your personal data, you agree to this.
How Can I Stop My Information from Being Shared?
If you do not want us to share your information with your GP, other healthcare providers or carers, please tell your designated therapist. But please note that not sharing your information may affect the care that can be provided for you.
You have the right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered. Where your wishes cannot be followed you will be told the reasons including the legal basis. You may at any time withdraw any consent you have previously given Evolve Psychotherapy to process information about you.
If you wish to exercise your right to opt-out, withdraw consent to use your information, or to speak to somebody to understand what impact this may have, please discuss your concerns with your therapist.
Your Legal Rights:
You have the right to confidentiality under the Data Protection Act 1998 (DPA), the Human Rights Act 1998 and the Common Law Duty of Confidentiality. The Equality Act 2010 may also apply.
You have the right to request the erasing of your data under the policy Right to Erasure (‘right to be forgotten’) in article 17 of Chapter 3 of the GDPR (EU) 2016/679.
You have the right to know what information we hold about you, what we use it for and if the information is to be shared, who it will be shared with.
You have the right to apply for access to the information we hold about you. Other people can also apply to access your health records on your behalf. These include anyone authorised by you in writing (such as a solicitor), or any person appointed by a court to manage your affairs where you cannot manage them yourself. Access covers:
· The right to obtain a copy of your records in permanent form
· The right to have the information provided to you in a way you can understand, and explained where necessary, for example where abbreviations have been used. You would not be entitled to see information that:
o Has been provided about you by someone else if they haven’t given permission for you to see it.
o Identifies another person who has not given permission for you to see the information about them.
o Relates to criminal offences.
o Is being used to detect or prevent crime.
o Could cause physical or mental harm to you or someone else. If you are currently receiving services from us and wish to view the record without obtaining a copy, discuss your request with the therapist providing your care.
Obtaining a Copy of Your Record
If you wish to apply for access to the information that we hold about you, please note:
· You should send your request in writing to the Evolve Psychotherapy Data Protection Officer – firstname.lastname@example.org. You should provide enough information to enable us to correctly identify your records, for example include your full name, address, date of birth.
· We will take every reasonable step to respond to you within 40 days of receiving your request.
· You may be required to provide a form of ID before any information is released to you. Once you receive your records, if you believe any information is inaccurate or incorrect, please inform us.
What organizations are collecting the information?
In addition to our direct collection of information, our third party service vendors (such as credit card companies, clearinghouses and banks) who may provide such services as credit, insurance, and escrow services may collect this information from our Visitors and Authorized Customers. We do not control how these third parties use such information, but we do ask them to disclose how they use personal information provided to them from Visitors and Authorized Customers. Some of these third parties may be intermediaries that act solely as links in the distribution chain, and do not store, retain, or use the information given to them.
How does the Site use Personally Identifiable Information?
We use Personally Identifiable Information to customize the Site, to make appropriate service offerings, and to fulfill buying and selling requests on the Site. We may email Visitors and Authorized Customers about research or purchase and selling opportunities on the Site or information related to the subject matter of the Site. We may also use Personally Identifiable Information to contact Visitors and Authorized Customers in response to specific inquiries, or to provide requested information.
With whom may the information may be shared?
Personally Identifiable Information about Authorized Customers may be shared with other Authorized Customers who wish to evaluate potential transactions with other Authorized Customers. We may share aggregated information about our Visitors, including the demographics of our Visitors and Authorized Customers, with our affiliated agencies and third party vendors. We also offer the opportunity to “opt out” of receiving information or being contacted by us or by any agency acting on our behalf.
How is Personally Identifiable Information stored?
Personally Identifiable Information collected by The Site is securely stored and is not accessible to third parties or employees of The Site, except for use as indicated above.
What choices are available to Visitors regarding collection, use and distribution of the information?
Visitors and Authorized Customers may opt out of receiving unsolicited information from or being contacted by us and/or our vendors and affiliated agencies by responding to emails as instructed, or by contacting us on the email address above.
Are Cookies Used on the Site?
How do we use login information?
The Site uses login information, including, but not limited to, IP addresses, ISPs, and browser types, to analyze trends, administer the Site, track a user’s movement and use, and gather broad demographic information
What partners or service providers have access to Personally Identifiable Information from Visitors and/or Authorized Customers on the Site?
How does the Site keep Personally Identifiable Information secure?
All of our employees are familiar with our security policy and practices. The Personally Identifiable Information of our Visitors and Authorized Customers is only accessible to a limited number of qualified employees who are given a password in order to gain access to the information. We audit our security systems and processes on a regular basis. Sensitive information, such as credit card numbers or social security numbers, is protected by encryption protocols, in place to protect information sent over the Internet. While we take commercially reasonable measures to maintain a secure site, electronic communications and databases are subject to errors, tampering and break-ins, and we cannot guarantee or warrant that such events will not take place and we will not be liable to Visitors or Authorized Customers for any such occurrences.
How can Visitors correct any inaccuracies in Personally Identifiable Information?
Visitors and Authorized Customers may contact us to update Personally Identifiable Information about them or to correct any inaccuracies by emailing us at the email address above.
Can a Visitor delete or deactivate Personally Identifiable Information collected by the Site?
We provide Visitors and Authorized Customers with a mechanism to delete/deactivate Personally Identifiable Information from the Site’s database by contacting us at the above email address . However, because of backups and records of deletions, it may be impossible to delete a Visitor’s entry without retaining some residual information. An individual who requests to have Personally Identifiable Information deactivated will have this information functionally deleted, and we will not sell, transfer, or use Personally Identifiable Information relating to that individual in any way moving forward.
The Site contains links to other web sites. Please note that when you click on one of these links, you are moving to another web site. We encourage you to read the privacy statements of these linked sites as their privacy policies may differ from ours.