Privacy notice for enquirers
This privacy notice relates to my work as an independent practitioner psychologist in responding to your enquiry.
What is the legal basis on which I process your data?
The legal basis for my processing your data is that it may be necessary for the performance of a future contract. As a Registered Psychologist with the Health and Care Professions Council (HCPC), I have a legitimate interest in the processing of your data due to the nature of my work. I also need to fulfil the legal obligation “to keep accurate, comprehensive and comprehensible records in accordance with applicable legislation, protocols and guidelines” (HCPC, 2015, p. 11).
What personal data will I need to process?
In order to process your enquiry, I will respond to you by email or potentially by phone. In so doing, I will process your personal data (name, email address and phone number). I may also process some of your health-related data, such as a description of why you've contacted me. This is a special category of data, with special provisions around its protection.
With whom will I share your data?
I will not share your personal data with any other person or organisation except under the following circumstances: 1. With other health professionals or bodies involved in your care, in accordance with best practice regarding confidentiality, as advised by the British Psychological Society (BPS, 2017). If I feel it is necessary to share your personal data with another health professional or body, I will always seek your explicit consent first. 2. If applicable, with the organisation funding your future care, so they can ensure my service meets with the terms of any policy you hold with them.
Will I use your data for mailing lists?
I will not use your personal or health-related data for any mailing list, nor share it with any other persons or organisations except under the conditions outlined above.
What if I receive a letter or report about you?
Any letters or reports I receive are stored electronically as password-protected documents on a password-protected encrypted cloud drive (iCloud). I do not store letters or reports on hard drives or removable drives such as USB sticks. I do not print letters or reports I receive about enquirers.
How do I protect my use of emails and mobile phone?
If I need to text or call you, I will use a code to store your phone number in my mobile phone. I will delete this if we decide not to work together. Some of our emails may contain both personal data and health-related data. In order to protect this information, I use secure passwords for the devices on which I have email (mobile phone and laptop). I have two-step verification on my email, and do not keep email permanently open on any of my devices. I do not share the use of my devices with any other person.
How long will I keep your data?
Due to the nature of my service, I will keep a record of your data for as long as my records are retained. My policy on the retention of enquiries is in line with NHS guidelines for the retention of medical information for adults, which is 20 years after the enquiry or completion or the service.
What if you become a client?
If we decide to work together, I will exchange a contract with you. I will issue you with a further privacy notice at this time, explaining how I will process your data as a client. If you would like to see this privacy notice sooner, please feel free to contact me.
What are your rights with respect to the data of your enquiry?
As a “data subject” you have the right to:
- request from me, as the "data controller," access to your personal data
- request rectification of your personal data
- request erasure of your personal data
- request a restriction on the processing of your personal data
- object to the processing of your personal data, and
- data portability.