Privacy Notice
Contact information:
Helen Jennings
20 Hall Close, Meltham, Holmfirth, West Yorkshire HD9 4EL
+447915743361
invigoratetherapy@gmail.com
website – https://www.invigoratetherapy.co.uk
I, Helen Jennings am the Data Controller and Processor of Invigorate Therapy.
I adhere to the code of ethics of CNHC, UKCP and NSTT. If you are unhappy with my treatment of you, you may write to any of these bodies.
Privacy Notice:
The basis on which I keep client data is that of “Legitimate Interests”. This means that the data is necessary for me to fulfil the contract that we have together (i.e., to provide therapy) and that it is data that you would reasonably expect me to hold and use.
For those who enquire about therapy, the data I hold includes any information you have sent me by email/text/message.
For those who book and attend at least one session, the data I hold includes:
- Basic information such as name, email address, phone number.
- Information that you give me as part of the work we do together.
- Records of what interventions that I use (or potentially do not use) in our sessions.
- Emails, texts and/or messages that are sent between us.
- Information sent from any third party, e.g., GP, insurance company, EAP, occupational health provider.
I use an on-line booking platform called 10to8. 10to8 maintains the data security standard ISO27001, certified by BSI. 10to8 process personal data on Invigorate Therapy's behalf to facilitate bookings. Their service includes sending booking messages, like SMSs reminders, to clients.
It is my responsibility to use 10to8 in an appropriate way to make sure Invigorate Therapy complies with the applicable regulatory requirements. It is my responsibility to manage my client's consent for their data to be stored and processed within 10to8.
Some of the information that you give me may fall under the definition of special category of data as defined by the General Data Protection Regulation. The condition for processing this special data is “processing is necessary for medical diagnosis, the provision of health care or treatment pursuant to contract with a health professional”.
Data is not shared with anyone, except possibly your GP, and for any reasons covered by the Requirements for Disclosure which are detailed and discussed when we first meet. My accountant will see bank, credit card and Stripe records which will contain any information that you submit when making payment. If you would like me to redact your identifiable data before sending to the accountants, then please let me know.
The data is primarily used to enable me to provide therapy for you. It may also be used scientific research purposes and statistical purposes.
Details of where data is held:
- Any emails sent between us are held either on my computer’s hard drive or Gmail. Any that may be held on my Android are fingerprint/code protected.
- Any texts/WhatsApp messages/Facebook Messenger messages sent between us (See Social Media and Electronic Information section) are held on my Android which is fingerprint/code protected.
- Your notes are electronic, password protected and stored on an external hard drive which is kept in a locked filing cabinet. All notes will be encrypted.
Your data is kept for 7 years. The length of time is based on the stipulation of my insurer. After this time any paper records are shredded, and computer records permanently deleted.
Invigorate Therapy takes the security of data seriously and as such:
- All data is held securely (see details of where data is held above)
- Any data transmitted is sent encrypted where possible
- For accounting purposes Excel spreadsheets are used
However:
I am not in control of data (including emails and texts) which you send me.
Apps such as Facebook routinely access any information held and this is beyond my control.
If there is any breach of data security Invigorate Therapy will give full details to the Information Commissioners Office and any person affected within 72 hours of the breach and do all possible to minimise any potential impact.
You have rights with regards to the data held:
The right of access. I will provide you with all data I hold on you as soon as I can following a request (and definitely within 30 days unless this is impossible due to holidays or illness).
The right to rectification. If any data I hold is incorrect, just let me know and I will correct it as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness).
The right to erasure. If you wish me to erase your data just let me know and I will delete any computer records and shred any paper records as soon as I can following a request (and definitely within 30 days, unless this is impossible due to holidays or illness). NB: data may be retained for scientific research, historical research, or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing, but this would never include case notes or data such as address/email/phone
The right to restrict processing. This would usually be a stopgap measure before correction of any errors or before erasure
The right to data portability. This might apply if you want your notes sent to another therapist for example, but it is likely that the easiest solution would come under the right to access, i.e. I would send the data to you.
The right to object to:
• Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling). Invigorate Therapy does not engage in these things
• Direct marketing.
• Processing for purposes of scientific/historical research and statistics. For this, you must provide grounds for your objection.
• Automated decision making and profiling. Invigorate Therapy does not engage in automated decision making or profiling.