Data Protection and Privacy Policy

This website is owned by Reform Psychology Services and we aim to be clear about how and why we use your information so that your privacy is protected. It is important that you are aware that by submitting personal data to us and/or by using our website you give your consent to us processing your information in the manner and for the purposes described below.

We are committed to maintaining the privacy and confidentiality of information provided by you to us. The term ‘personal data’ is defined in the General Data Protection Regulation (GDPR, 2018).

1. Why we collect personal data including email addresses

We need to collect data about you so that we can deliver a personalised service. It allows us to verify your identity and contact you in case there are any problems. We also collect information to process your payment for our services. This is based on the legal contract we make with you.

2. What personal data do we collect

When you initially contact us, we request personal information about you such as your name, address, email address and contact telephone number. We will also ask for some details about your difficulties so that we can judge whether we are in a position to help you.

If you choose to proceed, we will ask for details of your GP, your health insurance company, demographic information and details of your next of kin if necessary. We may also collect information about you from third parties such as; a referring agency, or other health professionals (GP’s, Physiotherapists, Occupational Therapists) to help us provide a holistic and comprehensive assessment and or intervention.

Your payment details or insurance details will also be collected if you are receiving our services.

This website does not use cookies to gather information about our visitors nor does it log the IP addresses.

If you choose not to use our services after 12 months of your initial enquiry, your details will be removed from our services. They will be kept in case you re-contact our services, and in line with the requirements from the HMRC and HCPC. However, if you would like your details destroyed before the 12-month period, please let us know (contact details below).

3. How do we use your personal data

We will use your personal data to fulfil your requirements and we will ask only for data that is adequate, relevant and not excessive for those purposes. Where we send you information for any purposes, it may be sent by email, text messages or post. When we ask you for personal data it may be to:

1. To deliver the correct services to meet your needs

2. To set up/change appointment times

3. To send you venue information and other information related to your therapy

4. To resolve any problems that might arise

At your first meeting, you will be asked your preferred method of contact and we if can leave a voice message. Please inform us of any restriction you would like to have in place to protect your privacy as much as possible.

4. How is your personal information stored

The information you provide is stored on a password protected computer with appropriate antivirus and firewall protection. It may also be kept on paper which is stored in a locked cabinet.

If you are using our services for part of a legal claim, we may be required to create a report that contains personal data that we have gathered, alongside our findings and opinions. These are produced in Microsoft Word, saved to PDF and then password protected before being sent by encrypted email from our Proton Mail account. In Civil Law, these reports are the property of the Courts and will be used in legal processes. Therefore, it is important to note that anything discussed during our assessment and/or therapy will be included in the report. Additionally, therapy notes can be required by the Court in some instances.

Upon conclusion of therapy, your personal information is securely archived and kept for up to 7 years from the last appointment you had with your therapist. This is required to comply with the HMRC and HCPC requirements. When our services cease to be provided, your records will be securely destroyed, (unless there are exceptional reasons such as those linked to legal processes).

5. What about third parties

Your details are kept strictly confidential. Contact information is known only to the data controller, administrator and the therapist. If you choose to proceed with our service, we would ask you for contact details of your GP and your permission for us to contact your him/her (by letter) to inform them that you are being seen by the service and to provide a brief outline of reasons the why. You will be asked if you wish to receive a copy of the letter also.

An exception to the above is when information is shared with appropriate other agency (e.g., for safeguarding purposes, when previously confidential information has to be shared). This is normally with consent from yourself to do so, where appropriate.
Anonymised, non-identifying, information about you is verbally shared with one/two other colleagues in a confidential setting for the purpose of clinical supervision of the therapist you see. This ensures good practice as we are working with the aim of achieving the best outcome for you. Any notes from this will be entered into the paper file and again shredded after 7 years.

6. Who do we send your personal data to

We may send information to your GP as we see this as good professional practice. However, this is not always essential, and we will confirm your consent for this at our first appointment.

We have a duty to inform your GP, and other relevant professionals if we have concerns about your safety, or the safety of anyone else.

If you are being referred as part of a claim process or via your Health Insurance, we will send a report to your solicitor, insurer or another other referring agency that is acting on your behalf. All reports are sent electronically as attachments that are encrypted and password protected via our Proton Mail account.

We do not use card payments; however, we do encourage clients to pay by bank transfer and therefore your name will appear on our bank statements.

7. Your rights with regards to your data

You have the right to:

1. Access your data

2. Have inaccuracies corrected

3. Have information deleted

4. Prevent marketing

5. Have the right to complain to the ICO

6. Be informed of data breaches without undue delay

Note these rights are not absolute and can be overridden by other interests in extremely rare and special circumstances, e.g., court subpoenas. The right to have information deleted is also not absolute and specific circumstances must apply.

You have the right to end therapy at any point and to request no further contact. You may request the deletion of your contact details from our computer records and the shredding of your paper file. Usually this record of the therapy provided will continue to be kept securely and is to be shredded after 7 years unless you agree otherwise.

You have the right to ask what information is kept on you and to change your mind about what is kept and how you are contacted. Those individuals who accept this policy have the right to change their mind at a later date and request deletion of their contact details. They should do so by making written contact by email or post.

8. How can you see all the information we have about you

You can make a subject access request by contacting the Data Protection Officer. We require additional verification of who you say you are to process this request.

We may withhold personal data to the extent permitted by law. In practice, this means that we may not provide information if we consider that providing the information will violate your interests.

9. What if my data is incorrect or I want it erased

Please contact the Data Protection Officer. We require additional verification of who you say you are to process this request.

If you wish to have your information corrected, you must provide us with the correct data and we will then send you a copy of the updated information.

If you want to have your data removed, we have to determine if we need to keep the data for reasons such as, the HMRC wishing to inspect our records. If we delete the data, we will do so without undue delay. The regulations apply differently to health records and your right to erasure may be overridden by the requirements of the professionals to keep records for 7 years after the last contact in the case of adults; until the age of 25 in the case of children; and indefinitely in the case of people whose mental capacity maybe in question.

10. Will we send you emails and text messages to you or about you

As part of providing our service to you we will send appointment information to you via email and text messages. We will keep these to a minimum. Where possible we use encrypted messaging and password protect documents. We use Proton Mail for secure mail communications, if you also have a Proton Mail account this would allow complete email security. However, you do not need to have Proton Mail to still receive our emails and you can be sure that they are secure and encrypted from our end.

11. We do not send marketing information to our clients.

We have a Twitter account @reformpsy but we do not contact clients on this. If clients choose to use this form of communication, we would acknowledge their contact but would not engage in any discussion of your clinical issues.

12. How do you opt out of receiving emails and/or text messages from us

If you phone to book an appointment we will ask you to give us an email address where we can send the confirmation letter, with details of the appointment. If you do not wish to do this it is your choice, simply do not provide us with an email address.

At our first appointment, we will ask you whether you wish to opt in to receiving text or email reminders and confirmations of appointments. If you do not wish to use this, please inform us at that time.

We do not send marketing texts or emails to clients.

If you have any questions about data protection or privacy please contact Dr Rao by:

Email: [email protected]

Telephone: 07960 445275

The data controller is: Dr Palvinder Rao