Who am I
I am a Chartered Clinical Psychologist and I predominantly work from my base in Clifton, Bristol and on occasion from home when confidentiality can be maintained.
This policy provides an overview of how I comply with data protection legislation and the basis on which any personal data I collect from you, or that you provide to me, will be processed. Although I may need to collect and hold certain personal data in order to deliver my services to you I am committed to protecting and respecting your privacy.
Controller / Contact details
Dr Stephanie Davis is the controller and responsible for your personal data.
Address: 11 Saville Place, Clifton, Bristol, BS8 4EJ
Third Party Links
How I obtain personal information
I use different methods to collect data from and about you including through direct interactions, automated technologies or via third parties.
If you contact me, whether by telephone, email, website, or other means, I may keep a record of that correspondence. I may ask you to complete questionnaires and other forms that I will use to tailor my services to your needs. I may keep records of any meetings and sessions in the form of written notes, electronic notes and video/audio recordings. I may receive correspondence from you or from other individuals or organisations relating to the services I deliver to you. I may also produce notes, assessments or reports.
What personal information I collect and how I use it
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
The personal data I may hold on you is grouped into categories based on the way I use the information and how long I may need to retain it. These categories are explained below, along with details of what personal data we hold in each category and a brief statement of what I use it for.
We hold contact information that you have provided to me and which I use to contact you about the delivery of services. This includes (where provided) client full name, date of birth, address, email, phone numbers, GP name and address, emergency contact details and insurance details where relevant. Contact information (including email address) and financial information will be kept for one year after final contact.
Mental health records are subject to special legislation e.g. adult records are kept for 8 years after the last contact with the service www.gov.uk/government/publications/records-management-code-of-practice-for-health-and-social-care. This benchmark will be applied to all clinical records made in the process of engagement with Dr Stephanie Davis.
Storage of data
All information recorded on paper will be securely stored in a locked filing cabinet. Confidential digital information will be stored on a password protected laptop computer and all electronic devices (e.g. computer, laptop and phone) used to access stored information will themselves be password protected. Confidential information sent by the psychologist via email can be sent through a protected email address should this be necessary. All general correspondence will be through outlook unless otherwise requested. Letters sent to professionals such as GP’s, will be clearly marked Confidential.
I hold general information that you have provided to me and which I use to manage the delivery of services to you. Some of this information also enables me to comply with my legal or regulatory obligations. This information may include: The dates, times and locations of sessions and emails relating to organizing appointments
Due to the nature of my services I may need to process data relating to your physical and mental health. The General Data Protection Regulations deem data concerning health as a special category of personal data which means that I need specific reasons for processing this data. I may also need to hold some of this information in case there is a legal query. The information I hold may include:
Your name, date of birth and gender. Communication data in text messages, emails and voicemails. Details of the mental and physical health of people within the family, including information about any health or social care you may have received from other providers such as GPs, counsellors or hospitals, as well as medications administered. Background information relevant to the presenting problem such as family relationships, session notes, including a contact log, letters, notes, assessments and questionnaires associated with any support I offer, kept in accordance with guidelines from our professional body.
Details of other clinicians involved in your case, and detailed treatment notes.
I have a legitimate interest in using this data as a Clinical Psychologist to provide psychological assessment and intervention, in accordance with the guidelines of my governing body. I will only use your data for the purpose of providing these services to you and for processing payment for these services.
I require your explicit consent for processing sensitive data, so when you submit your details, prior to an initial assessment I will email you an explicit consent form asking for you to confirm your consent to this processing.
Where I am required to collect personal data by law, or under the terms of the contract between us and you do not provide me with that data when requested, I may not be able to perform the contract (for example, to deliver our services to you). If you don’t provide me with the requested data, I will have to terminate my service for you as I am unable to practice without this information.
I am required by law to hold information on payments received for my financial records. This information may include:
Your full name, your postal address, your email address, your telephone number(s), the dates and times of sessions, the dates and amounts of payments.
We need to hold some information so that I can inform you in the event of a breach of your personal data. Unless you specifically ask me not to, I will hold this information for as long as we hold any other personal data about you. This information may include: your full name, your postal address, your email address. If this information changes, please let us know as otherwise I would not be able to contact you if I needed to do so.
How I use your personal data
I will only use your personal data when the law allows me to. Most commonly, I will use your personal data in the following circumstances: Where expressed and informed consent has been given by the person whose data is being processed; and/or where it is necessary for me to perform the contract we are about to enter into or have entered into with you; and/or where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and/or where I need to comply with a legal obligation.
Data retention and destruction
I do not keep information about you any longer than is necessary. The length of time I keep your data may be determined by statutory or regulatory requirements. I delete or destroy all personal data when it is no longer required.
Your rights under data protection legislation
You have various rights under the relevant data protection legislation. If you wish to exercise any of these rights, then please contact me using the details below.
I will attempt to answer any questions you may have, but should you feel it is necessary you do have the right to contact the UK Information Commissioner’s Office to discuss the matter further.
You have the right to see what personal data I hold about you. You also have the right to know where I got the data from, how and why I am processing your data, who it has been shared with, and how long I intend to keep it for.
You have the right to request copies of records, there may be an admin charge for this service and these will be provided within 1 calendar month of the request being made.
You have the right to ask me to investigate, and correct where appropriate, any personal data I hold about you that you believe is wrong.
You have the right to ask me to erase personal data that I hold about you where I no longer have a lawful purpose to process the data, or where the data is being processed based on your consent which has now been withdrawn.
This right may be restricted by my need to comply with laws, regulations or other legitimate reasons that require me to retain data. However, I will tell you if this is the case.
Restriction of Processing
You have the right to ask me to restrict the processing of your personal data. Restricted processing means that I cannot make any changes to the data unless I have your consent. You can ask for restricted processing where: You believe the data I hold is inaccurate and I need time to properly investigate, I have unintentionally come into possession of your personal data that I should not hold but you do not want me to delete it, where I no longer need your personal data, but you want me to hold on to it for legal reasons, or where you have objected to how I use your personal data, and this is being investigated.
Once your treatment ends I will automatically restrict the processing of any personal data that I need to keep.
Right to Object
Where you feel that I am processing your personal data in a way that is inappropriate you have the right to object and so ask me to demonstrate legitimate grounds for doing so. This includes asking me not to communicate with you other than in ways you choose.
I do not use direct marketing.
I will only contact you by reply should you already have contacted me to make enquiries. At this point, if you would not like me to contact you again, please contact me using the details above.