I may change and/ or update this policy from time to time so please check this page to ensure that you continue to be comfortable with the measures that I am taking to protect your privacy. This policy is effective from 14th May 2018.
For the purpose of the Data Protection Act 1998 (the Act), and (from 25 May 2018) the EU General Data Protection Regulation 2016/679 (“Data Protection Law”) the data controller is Dr. Kajal Patel.
Please contact Dr. Kajal Patel with any questions or requests about the personal information I process by:
- Writing to Dr Kajal Patel at Northwood Surgery, Argyle House, Joel Street, Northwood Hills, HA6 1NW
- Calling on 07514 874 561
- Emailing at email@example.com
How I collect information about you
My work is focussed on the assessment and treatment of mental health problems, emotional and behavioural issues and difficulties in family relationships. I will only ever collect information about you or contact you in relation to your clinical care.
I collect information in the following ways:
- When you contact me directly to enquire or book assessment or treatment sessions. This includes when you telephone or e-mail me.
- When you complete your registration and consent forms prior to treatment.
- When you complete questionnaires as part of your clinical care, before, during and after treatment.
- In the form of clinical process notes which facilitate me in planning your treatment. Process notes are taken during sessions, during telephone consultations and/ or when I am involved with discussions with third parties about you/ or your child (always with your explicit permission).
- When you decide to share letters or reports with me about you/ your child written by third parties.
- When you contact me by letter/ e-mail/ telephone during or after assessment/ treatment.
- I may receive general information about you when you visit my website from other sources, such as Google Analytics, which might include which pages are visited most often. I also use “cookies” to help the site run effectively. See ‘Cookies’ below for more details.
Information I collect and how I use it
Personal information I collect includes details such as your name, date of birth, email address, postal address, telephone number, family living situation, school or workplace name, your family doctor (GP), health insurance details as well as information you provide in any communications between us regarding your emotional and/or physical health. You will have given me this information while registering for treatment with me or in any other communication between us.
I will mainly use this information:
- To facilitate your clinical care and ensure you receive the highest standard of service.
- To keep a record of your relationship with me.
- Manage financial aspects of running the business, for example invoicing, receipts, tax returns
If you do not provide this information I may be unable to offer a psychological assessment and intervention.
Sensitive Personal Information
A special note about the Sensitive Personal Information I hold
General Data Protection Regulation (2018) recognises that some types of personal information are more sensitive and need additional protection. Sensitive Personal Information can include information about a person’s health, race, ethnic origin, political opinions, religious beliefs, genetics, sex life or sexual orientation.
I will only use this information:
- For the purposes of your clinical care, quality monitoring or evaluating the services I provide.
- Your information may be shared with outside organisations if they are directly involved in your care, for instance, your insurer if they are funding your treatment, your GP, or others involved in your care. I will discuss and agree with you who I would discuss your care with, and what details I would share with them.
- I will not pass on your details to anyone else without your express permission except in exceptional circumstances. Examples of this might include concerns about the safety of an individual I am working with or someone else being at risk of harm, or where there is a legal duty, for example a Court Order, or to prevent a miscarriage of justice. Where possible I would not take any action without discussing it with you first to agree who I will contact and the most helpful way to do this.
Legal basis for using your information
There are lawful reasons that allow data controllers to process your personal information and one of those is called ‘legitimate interest’. This means that the reason that I am processing information is because there is a legitimate interest for me to process your information in order to provide psychological assessment and treatment.
I make sure that I take into account your rights and interests whenever I process your Personal Information under the lawful basis of ‘legitimate interest’.
The additional legal condition required for processing special category data (or Sensitive Personal Information) is that processing is necessary for the purposes of preventive or occupational medicine, medical diagnosis and/ or the provision of health care
Keeping your information safe
I take looking after your information very seriously. In order to prevent unauthorised access, alteration, destruction or disclosure I have put in place appropriate reasonable physical, electronic and organisational measures to protect the personal information I have under my control in compliance with EU General Data Protection Regulations (GDPR) rules.
Unfortunately the transmission of information using the internet is not completely secure. Although I do my best to protect your personal information sent to me this way, I cannot guarantee the security of data transmitted by e-mail. If you wish to send an email containing personal information please use a password protected document.
How long I hold your information for
Information is held for as long as is reasonable and necessary for your clinical care and in line with current guidance from relevant professional bodies. The British Psychological Society Professional Practice Guidelines (3rd Edition) on Managing Data and Confidentiality currently recommends that information is held for 7 years after the end of treatment. For young people seen when they were under the age of 18 years information is held until they are 25 years old in line with NHS code of practice for records management.
You have various rights in relation to the personal information I hold about you – please see below. If you wish to exercise any of these rights or make a complaint, you can do so by contacting me by email at firstname.lastname@example.org and/or by phone on 07514 874 561.
- Access to your personal information: You have the right to request access to a copy of the personal information that I hold about you. You can make a request for access free of charge. Please contact me for an access request form. In some circumstances it may not be possible to release the information about the individual to them, for example, if it contains personal data about another person.
- Right to object: You can object to my processing of your personal information when I am doing so on the basis of legitimate interest. Please contact me to discuss any objections you may have.
- Consent: I do not ask for consent to hold your personal information because this is not the legal basis on which I collect and store information. You are therefore not able to withdraw your consent, however you can object to the legitimate basis for holding your information as outlined above.
- Rectification: You can ask me to change or correct any inaccurate information I hold about you, or add to it if it is incomplete
- Erasure: You have the right to ask me to delete your personal information where I have no lawful basis for keeping it.
- Portability: You can ask me to provide you (or a third party) with a copy of the personal information that I hold about you in a structured, commonly used, electronic form.
- Restriction: You can ask me to restrict the processing of the personal information I have about you
Please note, some of these rights only apply in certain circumstances and I may not be able to fulfil every request.
I try to meet the highest standards when collecting and using personal information and welcome any suggestions for improving my procedures. If you do have a complaint or believe the collection or use of your information is unfair, misleading or inappropriate, please do contact me. If you are not satisfied with my response or believe I am not processing your personal data in accordance with the law you have the right to raise your complaint with the Information Commissioner’s Office (ICO)
Contact information : ICO:Website: https://ico.org.uk/concerns/ Email: email@example.comTelephone: +44 (0) 303 123 1113
This site uses the following categories of cookies:
- Strictly necessary cookies which are essential for you to move around my site and to use its features
- Performance cookies which collect anonymous information about how you use the site, such as which pages are visited most, how long you spend on each page and what links you click.
As a rule, cookies will make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. I suggest consulting the Help section of your browser or taking a look at the About Cookies website which offers guidance for all modern browsers
Google Analytics Cookies
You can find out more about Google Analytics here developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage