Privacy Policy – Dr Nikki Psych
​
The General Data Protection Regulation (GDPR) is concerned with the personal
information about you that I collect, store, and share. This document details my GDPR policy.
Personal Information Collected
In order to provide services, I will collect general personal information such as your contact
details. To effectively provide assessment or therapy, I will collect sensitive personal information (where it is pertinent to our work) such as:
Dates of appointments attended.
Session summaries
Personal, medical, mental health, and therapy history
Current mental health and medical conditions relevant to therapy
Prescribed medication
Difficulties and concerns
It is standard practice to collect such information, and in addition to any requirements of the
GDPR, this information may be further protected by the British Psychological Society code of
ethics and the regulating body Health and Caring Professions Council.
​
Lawful Basis for Processing
​
My basis for processing your information is legitimate interests. This is information that we
both might reasonably expect to be provided and maintained in order to provide the service or information you want. You will have either provided this information yourself, for example when meeting together or filling in forms; or you will have provided consent for someone else (e.g. another professional) to have shared it with me.
I may access public records such as but not limited to Companies House, County Courts, social media sites, Information Commissioner’s Office, and others if deemed necessary to pursue legal claims for the recovery of debts owed to me.
​
Storage of Personal Information
​
Paper documents: (including registration form, contract, session notes and letters received).
Paper documents will be kept in a locked cabinet at all times, unless in transit when they will
be kept on my person at all times. Documents will be digitised where possible and appropriate.
Digital documents: (including registration form, contract, session notes and letters received).
Digital documents will be kept on a password secure device which is only accessible to me. I use the platform Writeupp to store all my digital data. Writeupp is globally recognised on an information governance perspective and complies with data governance requirements. In addition, data is encrypted and requires two-factor authentication.
Smartphone
​
I will not store your contact information in order to avoid this being revealed to other applications. If you choose to contact me via SMS, WhatsApp or any other social media, then I will take that as consent for your information to be held on that application.
Your email address and correspondence will be stored in my email account (currently
Microsoft).
​
Website (and cookies policy)
​
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.
Length of Data Storage
​
I hold personal general personal information (as described above) for as long as required for
the work to be undertaken. I will typically delete this data within 30 days after we stop
working together, providing invoices have been settled.
I hold sensitive personal information (as described above) for 7 years from the date we cease working together (or 7 years after the individuals 18th birthday), in line with guidance from my professional body and the government.
Processing/Sharing of Personal Information
​
Data received from you will be used only for the purposes we both reasonably expect for the
services being provided. Except as required by law, courts, or police, I do not release data to
other recipients unless this is something that you have clearly and specifically consented to.
Supervision: I seek regular supervision with another qualified and registered psychologist.
This is in order to ensure the quality or my work, and it is a required condition for registration with the Health and Caring Professions council and for chartership with the British Psychological Society. To protect your privacy, my supervisor will not know you personally nor professionally, and I will avoid sharing information such as your name and address with them. They will also be obliged to adhere to equivalent standards of data
protection.
​
Therapeutic Will
​
Your name and contact details will be shared with my Therapeutic Executor on the event of my death, should you still be in therapy with me. This is so that you can be informed appropriately of my death. My Therapeutic Executor will be a qualified and registered professional with equivalent standards to data protection.
Emergencies: If your health is in jeopardy, and provided I have your consent, I may share your contact information with an emergency healthcare service. If I do not have your consent, but I judge there to be an immediate and significant risk to your life or the life of another, then I may be legally obliged to share the minimum information necessary to prevent loss of life.
If I have become aware of your intent to cause harm to another person/organisation (i.e.
terrorism), the law may require that I inform an authority without seeking your permission. In such a situation, the law may require that I share your personal information without your
knowledge.
​
Your Rights
​
A complete summary of your rights is available at the Information Commissioner’s Office
website. You may request copies of data I hold on to you and I must provide this information free-of charge within 30 days. I will do my best to provide your information in a format that you can understand and use.
You have the right to ask me to rectify any inaccurate or incomplete personal information, to withdraw consent to me using your personal information, and to request that your personal information be erased. Whilst the information is needed for me to practice lawfully and competently, I am able to decline this request.
You always have the right to file a complaint with the Information Commissioner’s Office if you feel I have violated your rights under the GDPR.
​
Breeches of Data Security
​
I endeavour to ensure that your data remains secure. Should these systems fail, then provided it is lawful for me to do so, I will inform the ICO and yourself.
​
Your Obligations to Provide Data
​
You are under no obligation to provide information to me, however this may mean I am not able to provide you the services you are seeking. In such a case, I may discuss with you what I am unable to support with and the rationale, and my choose not to provide the services.