Privacy Notice

Emma Tullett Therapy

Introduction

Under the 2018 General Data Protection Regulations (GDPR) I am required by law to inform you about the ways in which I process and keep safe any data I hold about you. I am also required to gain your explicit consent to my holding and processing that data in certain ways (detailed below).

As a fully qualified Psychotherapist, registered with the BACP, I am bound by a code of ethics and take privacy and confidentiality seriously.

You have the right to know what client data I hold, why I hold it, and for how long I will hold it. You also have the right to view it, and to ask for changes to be made. When any physical documents need to be destroyed, it will be done through incineration. If I discover there has been a data breach of your personal information that could put you at risk, I will undertake to tell you as soon as possible.

Consent

If you are my current therapy client (or are about to become my therapy client), please read the following information and indicate your consent for me to hold and process your data as stated by signing my client agreement.

If you do not wish to give your consent, you have the option to discuss this with me.

You have the right to withdraw your consent at any time. We would need to discuss what this might mean in practice, and there may be some situations that require me to retain certain information. Were this to be the case, I may need to seek legal advice before taking any action.

If you have any questions about how your therapy client data is processed and handled, please discuss them with me.

This privacy notice is subject to regular review and will be updated as needed.

What client data is held about you?

I keep certain data so that I can work safely and professionally with you, in line with my training and the guidelines of the BACP, the professional organisation I belong to.

The client data I hold may include:

  1. Your name and address
  2. Your phone number and email address
  3. An emergency contact’s name and phone number
  4. Your GP name and contact details
  5. Relevant Medical Information
  6. Session Notes
  7. My emails to you, and yours to me

How, why, and for how long is your data held?

To try and make things as clear as I can, I’ve divided the information into seven sections below. You’ll need to consider each section individually and, if you consent, then please sign and date where indicated at the bottom of your client agreement.

1. Your name and address

How I keep this data

I keep your name and address in a secure excel document. These are kept separate from your session notes. Both my computer and the excel document are password protected and I sign out of my computer after use.

Why I keep this data

This is required by my professional liability insurer and by my professional organisation.

How long I keep this data

I will keep this data for seven years following the date after which we finish working together, in line with what my professional liability insurer advises. After that time it will be destroyed.

Who sees the data

Only me.

2. Your phone number and email address

How I keep this data

I keep your phone number in my mobile phone. My phone is locked with a passcode when I am not using it. I keep your email address in my email account and I use a separate email account for contact with clients, which is password protected and which I sign out of after use.

I also keep your phone number and email address in a secure excel document on my computer. Both my computer and the excel document are password protected and I sign out of my computer after use.

Neither my computer nor my phone are accessed by anyone else, unless maintenance is required by a technician.

Why I keep this data

This is needed in case I have to contact you (for example, for re-scheduling a session).

How long I keep this data

I will remove this data when we have finished our work together, unless you tell me that you would like me to retain it in case we work together again in the future.

Who sees the data

Only me.

3. Your emergency contact’s name and phone number

How I keep this data

I keep this data in a secure excel document along with your name and contact details The excel document is password protected and I sign out of my computer after use. If this information is sent online, I send this within a password protected document.

Why I keep this data

It is unlikely that I would ever need to use this information, but I hold it in case I should become concerned for your welfare and am unable get hold of you. You and I may agree together on some other reason that I might contact this person, based on your best welfare.

How long I keep this data

Once we have finished working together, I will delete this data, unless you and I decide to make other arrangements.

Who sees the data

Only me.

4. Your date of birth, GP name and contact details

How I keep this data

I keep this data in a secure excel document saved on my computer along with your name and contact details. The excel document is password protected and I sign out of my computer after use.

Why I keep this data

You and I may agree together on some reason that I might contact your GP, based on your best welfare, for example discussing diagnosis, treatment plan or safety procedures. Your GP will ask me for your date of birth and home address to locate your record in their system.

How long I keep this data

Once we have finished working together I will delete this data.

Who sees the data

Only me.

5. Relevant medical information

How I keep this data

I keep this data in a secure client database along with your name and contact details. The client database is password protected and I sign out of it after use. If this information is sent online, I save this on encrypted platform online, with individual password protection in a Word document.

Why I keep this data

It may be relevant to share certain medical information when:
(a) Your mental health history, past accidents, medical procedures, etc, may inform my treatment plan to make it more appropriate for you.
(b) There is any risk that health conditions such as seizures, diabetes, etc, may impact a session.
(c) Any medications you are taking may affect our work together.
(d) You have any allergies that I should be aware of in order to keep you safe.

How long I keep this data

When we finish working together, I will delete this data.

Who sees the data

Only me.

6. Session notes

How I keep this data

After each session, I make brief session notes which include the date of the session, together with what I consider to have been important occurrences or themes that arose during the session. These are saved in a password protected word document saved to my computer, which I sign out of it after use.

Why I keep this data

Notes are there to remind me of important points I may want to bear in mind or bring up in our next session, and/or in supervision. They also help me to keep track of the work we are doing together.

How long I keep this data

My current policy is to destroy session records seven years after our work finishes. If you would like me to retain them for a longer period, please discuss this with me.

Who sees the data

Only me.

7. Your emails and texts

How I keep this data

I may delete emails and texts after I have noted the contents (for example, emails around scheduling sessions). Any emails or texts that I consider it necessary to keep are retained in my email account or phone, both of which are password protected.

Why I keep this data

I may keep emails or texts if I consider it relevant to the work we are doing together.

How long I keep this data

I will delete emails when our work ends, unless they form session notes (in which case, see above).

Who sees the data

Only me.