General Data Protection Regulations (GDPR)

The General Data Protection Regulations (GDPR) come into force on 25 May 2018 and most processing of personal data by organisations will have to comply with the GDPR. Here are details on how Consera Relationship Wellness is complying.

Complying with the GDPR includes giving you clear and detailed information about the data we keep about you, how we use this data, and your rights.

If you have any questions about this please contact Sarah McConnell at sarahmcconn@gmail.com

you can also find more information about GDPR here: https://ico.org.uk/

Definitions:

Personal data includes information such as: name, address, photos, email addresses, bank details, posts on social networking sites. Personal data is: ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Processing personal data is:  obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data.

Data subject: The person whom the personal data is about.

Data Controller:  A controller determines the purposes and means of processing personal data.

Data Processor: A processor is responsible for processing personal data on behalf of a controller.

Lawful Basis: There are 6 lawful bases for keeping and processing personal data and the two that apply to Consera Relationship Wellness are “Consent” (i.e., the individual has given clear consent for Consera Relationship Wellness to process their personal data for a specific purpose (i.e., the conduct of psychotherapy) and “Legitimate interests”: ‘Legitimate interests is most likely to be an appropriate basis where you use data in ways that people would reasonably expect and that have a minimal privacy impact.’

What data do we have about you?

The data we have about you will come from some, or all, of the following:

  • Life Functioning Inventory: Details about your history that you provided when you started therapy
  • Emails between you and Sarah McConnell

The information that we have from you will include personal data such as: name, address, email address, emails, phone number.

Who is working with your data and why?

Sarah McConnell, Psychotherapist and Owner at Consera Relationship Wellness, is the Data Controller. She will make decisions about how data is used.

Sarah McConnell is also the ‘data processor’ who makes use of your data, where you have given permission.

In addition, we share your data with the following people:

  • Write Upp (https://www.writeupp.com): A therapy management system on which client information is held for the purposes of note taking and record keeping. Write Upp have their own Data Controllers and Processors who are subject to the GDPR requirements. Write Upp have in place appropriate technical and organisational measures (underpinned by their award of ISO27001:2013), to protect against unauthorised or unlawful processing of Patient Data and against accidental loss or destruction of, or damage to, Patient Data. Write Upp also confirm that Patient data is NOT transferred outside of the EU/EEA; that they will NOT transfer Patient Data to their group or subsidiaries and that that they will only process Patient Data in accordance with the conditions for processing set out within the GDPR. If you would like details of this organization, please contact Consera Relationship Wellness via Sarah McConnell.
  • In some cases, Randall Horton, the administrator and accounting officer for Consera Relationship Wellness will have access to your name and email address for the purposes of sending Paypal requests or checking on BACs payments only.
  • If you use Paypal to pay for your sessions, we will use your email address to send the Paypal request to you.
  • Medical or other helping professionals may have access to your information in the case of you disclosing or harm to yourself or others. You will be informed if the therapist assesses that this course of action is necessary.

How are we working with your data?

We use your data:

  • To communicate necessary logistical and treatment issues to and with you
  • To understand your background and personal history for the purposes of effectively treating you in psychotherapy sessions

There will be period audits by the Data Controller to ensure that we are working in accordance GDPR. Any breaches will be dealt with in a professional way in accordance with current procedure – if you want to know more about this please contact the Sarah McConnell (sarahmcconn@gmail.com).

How long will your information be held?

Your data will normally be stored for up to 7 years after the termination of the therapy relationship. This is based on guidelines published by the UKCP (UK Council for Psychotherapy). After this period your personal data will be removed or destroyed.

How will your data be stored?

Your data will be stored in a paper personal file in a locked storage box in Sarah McConnell’s office and will also be stored on the WriteUpp server.

Your rights under data protection law are:

  • You can withdraw your consent, in writing, to the processing and holding of your personal data at any time. We will have one month to respond to your request to withdraw consent.
  • You can refuse to consent to the processing of your personal data without any detriment to your treatment. We will need to keep a list of people who have asked for consent to be removed – this will be the only data that we will continue to keep.
  • You have the right to data portability which means you have the right to transfer your data to another source or provider. This request must be in writing and Consera Relationship Wellness is required to comply with your request within one month
  • You have the right to make a Subject Access Request to your data. This means that you have the right to request verbally or in writing access to personal data held by Consera Relationship Wellness about you. Consera Relationship Wellness will have one month to respond to a request. Consera Relationship Wellness can refuse such requests but must have a justifiable basis to do so.
  • The right to rectify data that Consera Relationship Wellness holds about you.
  • The right to erasure data that Consera Relationship Wellness holds about you.
  • The right to restrict processing of data that Consera Relationship Wellness holds about you.
  • The right to be informed about arrangements for processing, handing and storing data that Consera Relationship Wellness holds about you.
  • If you are unhappy with any response regarding the processing or holding of your personal data you can make a complaint to the ICO (Information Commissioner’s Office https://ico.org.uk).

If you have any questions about this please contact Sarah McConnell at sarahmcconn@gmail.com. You can also find more information about GDPR here: https://ico.org.uk/