Privacy Notice

Introduction

Your privacy is extremely important to me and your personal information will always be processed safely and securely.

I adhere to current data protection legislation, including the General Data Protection Regulation (EU/2016) (GDPR) and the Data Protection Act, 2018.

This privacy notice explains what I will do with your personal information from our initial point of contact. I am happy to talk through any questions you might have about my data protection policy. 

A Data Controller is a person or organisation that collects, stores and manages people’s personal data. In this instance, the Data Controller is me (Alex Habens). I am registered with the Information Commissioner’s Office (Reference: ZB326458). My postal address is: 23 Norway Street, Manchester, M32 0JN. My phone number is: 07413 226294 and my email address is: alex@lakemind.co.uk 

My Lawful Basis for Processing your Personal Data

The GDPR states that I must have a lawful basis for processing your personal data. There are different lawful bases depending on the stage at which I am processing your data:

If you have had therapy with me and it has now ended, I will use legitimate interest as my lawful basis for holding and using your personal information. If you are currently having therapy or if you are in contact with me to consider therapy, I will process your personal data where it is necessary for the performance of our contract.

The GDPR also makes sure that I look after any sensitive personal information appropriately. This type of information is called ‘special category personal information’. The lawful basis for me processing any special categories of personal information is that it is for provision of health treatment (in this case therapy) and that it is necessary for a contract with a health professional.

How I use your Information 

Initial contact
When you contact me with an enquiry, I will collect information to help me respond to your enquiry. This may include your name, contact information, GP details and an emergency contact, as well as limited information about your health and wellbeing, including whether you are using any psychiatric medication. Alternatively, your GP or other health professional
may send me your details when making a referral, or a parent or trusted individual may give me your details when making an enquiry on your behalf.

If you decide not to proceed I will ensure all your personal data is deleted within 3 months. If you would like me to delete this information sooner, just let me know.

While you are accessing therapy 
Rest assured that everything you discuss with me is confidential. That confidentiality will only be broken if I am concerned that you or someone else may be at risk of serious harm. I will always try to speak to you about this first, unless speaking to you could place you or someone else at greater risk of harm. There are also rare occasions where I would be legally obliged to share information, either in response to a specific court order, or if you were to disclose details of terrorism, drug trafficking or money laundering, which I have a legal obligation to report.

For further information about confidentiality see my Therapy Contract 

I will keep a record of your personal details, as well as written notes from our therapy sessions. These details are stored securely on an encrypted laptop and backed up using Microsoft 365 for Business' secure cloud-based service. These details are not shared with any third party. For security reasons I do not retain text messages for more than 6 months. If there is relevant information contained in a text message I will record this in your therapy notes. Likewise, any email correspondence will be deleted after 6 months if it is not important, or added to your therapy notes.

On some occasions, video or audio recordings may be made of all or part of a therapy session. These recording may be used for the purpose of treatment, or for my own supervision and development. No recording will take place without your consent and I will provide you with clear information about how any recordings will be used. Video or audio recordings would be held securely at all times, using secure, encrypted hardware, and never shared without your specific, written consent. Video and audio recordings will be erased as soon as they are no longer required for the agreed purpose.  

After therapy has ended
Once therapy has ended your records will be kept for 7 years from the end of our contact, or 7 years from your 18th birthday if you are under the age of 18. All records are then deleted or securely destroyed. If you want me to delete your information sooner than this, please contact me.

Your Rights

Under data protection law, you have rights including:

Access: The right to ask me for copies of your personal information.
Rectification: The right to ask me to rectify personal information you think is inaccurate or incomplete. 
Erasure: You have the right to ask me to erase your personal information in certain circumstances.
Restriction: You have the right to ask me to restrict the processing of your personal information in certain circumstances.
Objection: You have the the right to object to the processing of your personal information in certain circumstances.
Data Portability: You have the right to ask that I transfer the personal information you gave me to another organisation, or to you, in certain circumstances.

You can read more about your rights at ico.org.uk/your-data-matters. 

To make a request concerning any personal information I may hold about you, please put the request in writing by email to alex@lakemind.co.uk

You are not required to pay any charge for exercising your rights. If you make a request, I have one month to respond.

If you have any complaint about how I handle your personal data please do not hesitate to get in touch with me by email. I would welcome any suggestions for improving my data protection procedures. If you wish to make a formal complaint about the way I have processed your personal information you can contact the ICO, which is the statutory body that oversees data protection law in the UK. For more information go to ico.org.uk/make-a-complaint. 

Data Security