DrStoneElevate.com (hereby referred to as ‘the organisation’) respects your privacy and are strongly committed to protecting your personal data. This privacy policy will explain what data we hold, why we hold it, where we hold it and what your rights are.
Important points
- The organisation keeps records about you in order to provide you with a service and to process payments.
- We cannot work with you unless you allow us to keep these records.
- The organisation follows the law and the codes of practice set out by the HCPC and BPS.
- The organisation has a system in place to protect your data.
- You are entitled to request a copy of your information free of charge and to have inaccurate information corrected.
- If you have any questions or concerns, you can contact us at info@drstoneelevate.com and we will address this immediately.
- You can complain to the Information Commissioners Office (ICO) if you think we are acting unlawfully: Visit www.ico.org.uk/concerns or phone 0303 123 1113.
Questions you may have related to data management
Who keeps my data?
Dr Clare Stone is the data controller for the organisation. This means that she is responsible for data held and keeping this data safe in line with the law.
When you make an online payment with us, your personal details (not payment information) will be passed via a cart program ‘WooCommerce’ to Stripe who collect your card details securely. WooCommerce stores a small amount of data temporarily on its hard disks for operational reasons only. There are no circumstances under which WooCommerce would pass on customer data to anyone other than the organisation. Stripe is responsible for collecting your details securely and processing the payments. For consolidating payments using the “pay for a session” element of the website, it is necessary to hold your transaction details (not including payment details) for a period of three days.
If you choose to opt into our mailing list, then the organisation utilises a trusted and GDPR compliant automated email platform called MailChimp. MailChimp is secure and under no circumstances will your details be passed onto a third party. Feel free to review their privacy policy as a ‘contact’ for this service. https://mailchimp.com/legal/privacy/#3._Privacy_for_Contacts
What personal data do you process?
- Personal data: basic contact information such as name, address, date of birth, email, contact number, next of kin name and phone number, and GP contact details.
- Sensitive personal data: Signed Therapy Client Agreement, therapy records (clinical notes, letters, reports and/or outcome measures).
- If you complete a web-based enquiry form, we will also collect any information you provide to us as well as your internet protocol (IP) address. This is automatically supplied by the website software used to offer the form. All web services used by the organisation are verified by themselves as GDPR compliant.
Why do you keep personal data?
The organisation has what is known as a legitimate interest in keeping and using personal data. This means it is necessary for us to collect and use this data in order to provide psychological therapy and coaching to clients.
We may also ask for information on how you found our service for the purpose of our own marketing research. No information you provide is passed on without your consent. We will never sell your information to others.
What do you do with my personal information?
We use your data to provide you with appropriate services, for billing and processing payments and to help prevent serious harm.
If you do not provide the personal information requested, then we will be unable to provide a therapy service to you.
If you opt-in, we may also send you information about our services that we think could be of interest to you. You can change your mind about this at any point and we will remove your information from our mailing lists.
How long will you store my personal information?
We will only store your personal information for as long as it is required.
The sensitive personal data defined above is stored for a period of 7 years after the end of therapy. After this time, this data is deleted at the end of each calendar year.
Who will you share personal information with?
We hold information about each of our clients and the therapy they receive in confidence. This means that we will not normally share your personal information with anyone else. However, there are exceptions to this when there may be a need for liaison with other parties:
- If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then we will share appointment schedules with that organisation for the purposes of billing. We may also share information with that organisation to provide treatment updates.
- In cases where treatment has been instructed by a solicitor, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.
In exceptional circumstances, we might need to share personal information with relevant authorities:
- When there is need-to-know information for another health provider, such as your GP.
- When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example, a Court Order.
- When the information concerns the risk of harm to yourself or risk of harm to another adult or a child. We will discuss such a proposed disclosure with you unless we believe that doing so could increase the level of risk to you or to someone else.
WE WILL NEVER SHARE your personal information with third parties for marketing purposes.
Where do you keep my data?
Your data is predominantly kept in our clinic management software Writeupp (writeupp.com), in our mobile phone and within our email system.
On occasion, your information will also be stored in paper files and on our laptops
How do you keep my data safe?
- Personal information is minimised in phone communication.
- Email applications use private (SSL) settings, which encrypts email traffic so that it cannot be read at any point between our computing devices and our mail server.
- Writeupp data is encrypted in flight. This means that no one can read data that is sent to or coming from our Writeupp account. This account is locked with a strong password and two-step verification.
- Our laptop is password protected and encrypted. Malware and antivirus protection is installed on all computing devices.
- Mobile devices are protected with a passcode/thumbprint scanner, mobile security and antivirus software.
- Our paper notes are stored in a locked cabinet in a locked office.
What are my rights?
- You have a right to access the information we hold about you.
- We will usually share this with you within 30 days of receiving a request.
- We may request further evidence from you to check your identity.
- A copy of your personal information will usually be sent to you in a permanent form (that is, a printed copy).
- You have a right to get your personal information corrected if it is inaccurate.
- You can complain to a regulator. If you think that we haven’t complied with data protection laws, you have the right to lodge a complaint with the Information Commissioner’s Office.
DrStoneElevate.com reserves the right to refuse a request to delete a client’s personal information where this is for therapy records. Therapy records are retained for a period of 7 years in accordance with the guidelines and requirements for record-keeping by The British Psychological Society (BPS; 2000)[1]and The Health and Care Professions Council (HCPC; 2017)[2].
Dr Clare Stone
Senior Counselling & Coaching Psychologist
Clinical Director of DrStoneElevate.com
Last updated April 2021
[1]The British Psychological Society (2000). Clinical Psychology and Case Notes: Guidance on Good Practice. Leicester: Division of Clinical Psychology, BPS.
[2]Health and Care Professions Council (2017). Confidentiality – guidance for registrants. London: HCPC.