On 25th May 2018, the law changed regarding how your personal data such as personal details and records must be protected – the General Data Protection Regulation (GDPR). This privacy notice summarises how I use, process, protect and keep confidential any personal information you provide (handwritten, electronic and oral). Please contact me if you have any questions or issues regarding the use of your Personal Data and I will gladly assist you.
- Personal Data – any information relating to an identified or identifiable natural person
- Processing – any operation performed on Personal Data
- Data subject – a natural person whose Personal Data is being Processed
- I / My – Dr Alex Willner
Data Protection Principles
I promise to conform with the following data protection principles:
- Processing is lawful, fair, and transparent. I will always consider your rights before Processing Personal Data. I will provide you with information regarding Processing upon request.
- Processing is limited to the purpose. My Processing activities fit the purpose for which Personal Data was gathered.
- Processing is carried out with minimal data. I only gather and Process the minimal amount of Personal Data required for any purpose.
- Processing is limited with a time period. I will not store your personal data for longer than needed.
- I will do my best to ensure the accuracy of data and to ensure the integrity and confidentiality of data.
The Data Subject has the following rights:
- Right to information – you have the right to know whether your Personal Data is being processed; what data is gathered, from where it is obtained, and why and by whom it is processed.
- Right to access – you have the right to access the data collected from or about you. This includes your right to request and obtain a copy of your Personal Data gathered.
- Right to rectification – you have the right to request rectification of any Personal Data.
- Right to data portability – you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
- Right to lodge a complaint – If you are not satisfied with the way your request has been handled, please contact me.
- Right for the help of supervisory authority – you have the right to use the help of a supervisory authority.
- Right to withdraw consent – you have the right to withdraw any given consent for Processing of your Personal Data.
How I use and store your Personal Data
I will require your agreement from the outset in the form of signed consent so please note the following:
Keeping records is an essential component of quality healthcare in determining how best to help you and in forming the basis of any letters or reports needed. The security, integrity and confidentiality of personal information is maintained with the utmost care and respect in protecting your rights to privacy. Information will not be used for any purpose other than the assessment and delivery of therapy.
- All information recorded on paper will be securely stored in a locked filing cabinet
- Confidential electronic information on a computer will be encrypted and stored in a secure cloud service
Personal data is kept for 7 years, in accordance with the recommendation of The British Psychological Society practice guidelines on retention of clinical data. After that time, it is securely deleted / destroyed.
It is sometimes helpful or necessary to share information selectively from assessment or therapy with your GP, Psychiatrist or another relevant health professional / clinical team or as required if you are seeking authorisation for funding from a Health Insurance Company or other funding body. I will always seek your permission before sending a letter / report, discuss the content and give you a copy.
In exceptional circumstances, such as where significant risk to yourself or any other individual/s is deemed to exist, a duty of care has to be prioritised and other services may be contacted without your consent as a professional obligation; this overrides usual confidentiality requirements.
- Letters / reports sent between us or from myself to another professional or organisation involved in your care will, if posted by surface mail, be clearly marked ‘Confidential’
- If confidential information is emailed, it will be encrypted and sent password-protected
- Any telephone texts sent / received will be on a password protected mobile telephone
- All electronic devices (e.g. computer, laptop) used to access stored information will themselves be password protected and require two-step verification
- My website uses safe HTTPS protocols for email communication with the systems and website monitored for possible vulnerabilities and attacks
Even though I try my best, I cannot guarantee the security of information. However, I promise to notify suitable authorities in the case of data breaches. I will also notify you if there is a threat to your rights or interests. I will do everything I reasonably can to prevent security breaches and to assist authorities should any breaches occur.
Cookies and Other Technologies
Cookies are used for the following purposes:
- Necessary cookies – these cookies are required for you to be able to use some important features on this website. These cookies do not collect any personal information.
- Functionality cookies – these cookies provide functionality that makes using the service more convenient and makes providing more personalised features possible. For example, they might remember your name and email in online forms so you don’t have to re-enter this information next time
You can remove cookies stored in your computer via your browser settings.
Last updated: 06/07/2018