The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals, and was introduced from Friday 25th May 2018 (updated to UK GDPR on January the 1st 2021). The following statement has been developed in line with this legislation and the Data Protection Act (DPA) 1998 (updated by DPA 2018, which was also then amended to sit alongside the updated UK GDPR). It confirms how I safeguard the information that you provide to me whilst using this service. I am committed to ensuring that any data supplied by you will be kept secure, managed respectfully and only used for its correct purpose.
The data controller for this service is Jason Speake (me), who is responsible for the collection and processing of your personal information. Processing includes the retrieval, organisation, use, protection, and deletion or destruction of information, and its disclosure to other agencies.
This policy may be updated from time to time in line with legislation. If an update were to take place during our working time, then I will provide you with a copy of any change(s).
Information I collect:
I collect and store data provided by you, which includes: your name, telephone number, email address, and any other personal information that you provide to me. I also record brief notes from our sessions.
How do I collect your data?
I collect your data via the interactions that take place between us. These may include: email enquiries or website enquires; telephone conversations; possible text message exchanges; and in person at our therapy sessions.
Why do I collect your data?
By collecting your data it enables me to provide a high quality service, which is relevant and necessary in supporting you throughout our working agreement.
How do I store and protect your data?
Every effort is in place to ensure that your personal data is protected from unauthorised access, unlawful processing, and accidental loss, destruction and damage. Your personal data will be stored securely as follows: Any notes recorded from our sessions, whether at initial consultation stage or thereafter will be stored on secure software, which is password protected. Any hardcopy documents will be stored securely in a locked filling cabinet in a locked room. The email account I use for correspondence requires a user name and password and is GDPR compliant. Any email attachments containing your personal information will be password protected, with the password sent separately via text message. Your contact telephone number will be stored on my mobile phone under your initials for the period that we work together and then deleted. If I change my phone your details will be deleted from my old device. Any new phone I purchase will require a passcode to enter.
How long is your data stored for?
In line with guidelines from the governing bodies of my profession(s), together with indemnity insurance requirements, I will store your personal data safely and in good condition for five years from the date of your last visit. After which your personal data will be securely destroyed. Any correspondence, such as: emails, text messages and alike will be removed from my device(s) after one month of our work ending, unless they form part of your case notes.
Who will I share your data with?
I will not pass on your data to any third parties, unless required to do so by law, or in the interests of preventing or reporting harm to self or others.
As part of my role it is a requirement for me to undergo supervision. This enables me to improve my service quality and work ethically to professional standards. If in the unlikely event I am no longer able to practice due to death or serious incapacitation, you would be notified by my supervisor and all my notes would be erased within three months.
Your rights and access to information:
You have the right to request to see any information that I hold about you. In order to do so, please contact myself Jason Speake (the Data Processor) via email, and I will provide this information to you within one month of your request, unless prevented from doing so for legal reasons. You also have the right to request changes to any information that I hold that is deemed to be factually inaccurate. I would also be happy to discuss this subject matter with you during a session if it were deemed necessary.
My commitment:
I will continue to review, update and enhance my Privacy Notice, reflecting my commitment to respect and protect your privacy.
Complaints:
If you wish to make a complaint about how I collect and process your data, then in the first instance please contact me Jason Speake (the Data Controller) at info@jasonspeaketherapy.co.uk. If you have any further concerns which are not addressed, then you should contact the Information Commissioner’s Office (ICO): https://ico.org.uk/ or Tel: 0303 123 1113.
Breaches:
In the unlikely event of any data breaches taking place I will take the following steps: report it to the Information Commissioners Office (ICO); my relevant governing bodies (BACP) or (NCH); and to yourself within 72 hours (in accordance ICO guidelines).
My Contact information:
If you wish to contact me regarding any of the information mentioned above, then please do via: info@jasonspeaketherapy.co.uk.
Data Protection Registration Number: ZA843067.
Date: September 2024.
