© 2018 Leathes Psychology Ltd

1 Prospect Street, Caversham, Reading, Berkshire, RG4 8JB, UK

Read our Privacy Policy here

0118 968 0898

Privacy policy

This privacy statement describes how Leathes Psychology protects and makes use of the information you give us. If you provide, or are asked to provide, information when contacting us, it will only be used in the ways described in this privacy statement.

This statement is updated from time to time and was last updated on 14th December 2017.

If you have any questions about this policy, please email info@leathespsychology.co.uk or write to us at:

 

Data Protection Lead

Leathes Psychology

1 Prospect Street, Caversham

Reading, RG4 8JB

Introduction


Leathes Psychology needs to gather and use certain information about clients and prospective clients in line with the information contained within our Terms of Engagement document. This policy describes how this personal data is collected, handled and stored to meet the company’s data protection standards – and to comply with the law.

What data we gather


We may collect the following information to enable us to work with you safely and effectively, and to enable the efficient dissemination of appointment reminders and invoicing:

  • Name and address (postal and email)

  • Date of birth

  • GP details

  • Name of educational establishment (where relevant)

  • Details of private health insurance policies (where relevant)

    During the course of initial contact and then subsequent therapy, we will inevitably also collect a significant amount of other personal data relevant to assessing and treating your presenting psychological difficulties i.e. to enable us to offer you the service you have sought from us.

How we use this data
Collecting this data helps us:
 

  • Contact you to set up assessment and therapy

  • Link you up with an appropriate psychologist

  • Conduct a thorough psychological assessment

  • Devise and implement an effective treatment plan (therapy)

  • Invoice for the services rendered

  • Communicate (when necessary and agreed with you) with relevant third parties to support your treatment and manage risks
     

Controlling information about you

 

Any personal information we hold about you is stored and processed under our data protection policy, in line with The Data Protection Act 1998 (in force on the date this statement became operational) and the General Data Protection Regulation (Regulation (EU) 2016/679) adopted on 27th April 2016 and enforceable from 25th May 2018.

Your data will be kept for the lifetime of your status as a client with us. When you cease to be a client with us, your data will kept for a minimum period of five years, and a maximum period of ten years in accordance with General Medical Council guidelines. You have the right to ask for your data to be destroyed after the minimum period of five years, but not before then.

 

Leathes Psychology has the right to retain your data for the five-year period so that it can respond effectively to any questions or complaints that may later be raised by you and/or your representatives.

Security


We will always hold your information securely:
 

  • All client files and therapy notes are kept secure in a locked filing cabinet.

  • Any information you send us on email is immediately uploaded onto a secure, password-protected database, following which the email is

    destroyed.

  • Access to your personal information is restricted on a ‘need-to-know’

    basis only i.e. for those concerned directly with your care and with your

    account

  • Data is backed up daily

To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards. In the unlikely event of a data protection breach we will notify the Information Commissioner’s Office (ICO) so that their procedures can be followed. We will also notify all individuals whose data may have been accessed to alert them to the breach and any potential risks.
 

Data accuracy


Should, during the course of your contact with us, any personal data be subject to change e.g. if you move, change GPs, change your name etc., we would be grateful if you could notify us at the earliest opportunity so we can ensure our records are up to date.

Subject access requests


All individuals who are the subject of personal data held by Leathes Psychology are entitled to:
 

  • Ask what information the company holds about them and why.

  • Ask how to gain access to it.

  • Be informed how to keep it up to date.

  • Be informed how the company is meeting its data protection obligations.

If you would like to request a copy of the data we hold about you, this is called a subject access request. Subject access requests should be made in writing on email to the Data Protection Lead (info@leathespsychology.co.uk). We will aim to provide the relevant data within 30 days. We will always verify the identity of anyone making a subject access request before handing over any information.

Disclosing data for other reasons

 

In certain circumstances the Data Protection Act allows Leathes Psychology to disclose data (including sensitive data) without the data subject’s consent.

 

These are:

  • Carrying out a legal duty or as authorised by the Secretary of State

  • Protecting vital interests of a Data Subject or other person

  • If the data subject has already made the information public

  • Conducting any legal proceedings, obtaining legal advice or defending any

    legal rights

  • Monitoring for equal opportunities purposes – i.e. race, disability or

    religion

  • Providing a confidential service where the data subject’s consent cannot

    be obtained or where it is reasonable to proceed without consent: e.g. where we would wish to avoid forcing stressed or ill data subjects to provide consent signatures.

 

Under these circumstances, Leathes Psychology will disclose relevant data. However, we will take all reasonable steps to notify the individual whose data is being disclosed about the disclosure.

 

We will also ensure that any such data request is legitimate, reasonable and necessary.