Dr Liza Morton Registered Counselling Psychologist Chartered Psychologist Updated 29th of May 2018
This policy describes the information that I gather and how I manage that information when you contact me or attend to see me as client / supervisee. This is to maintain standards of privacy and confidentiality compliant with the General Data Protection Regulation (GDPR, 2018), Data Protection Act (1998) and the British Psychological Society Practice Guidelines Third Edition 2017.
The data controller responsible for this policy and www.drlizamorton.com website is Dr Liza Morton, Counselling Psychologist based in Stirling, Scotland. If you have any questions in relation to my use of your details, contact me at drlizamorton@gmail.com.
1. What personal information do I collect? I collect information about you for the purposes described below on the basis of your consenting to this. I gather information about you in order to provide an effective service. For example:
To know who you are so that I can communicate with you.
Verify your identity so that I can be sure I am dealing with right person.
Deliver a service to you under the terms of an agreed clinical contract.
Contact you, should I need to share information. I would only do this where there is a concern regarding a risk of harm to you or others or under other specific circumstances as outlined in this policy.
The information I collect broadly includes:
Your name, date of birth and your contact details including a postal address, telephone number(s) and electronic contact such as email address.
Information required to deliver a clinical service to you under the terms of an agreed clinical contract. This includes GP name and contact details, your background history and information relevant to your attendance to see me.
I may also collect information about you from third parties; for example, if I need to gather information from another health professional (such as your GP) to complete a clinical assessment. I would only do this with your consent.
2. How will your information be used? I use the data collected from you in the following ways:
To communicate with you so that I can inform you about your appointments with me. I use your name, your contact details such as your telephone number, email address or postal address.
To deliver an effective service to you, I will use your name, your contact details and the details gathered at your initial assessment appointment. I use written notes taken at the end of each session to record attendance and to provide an effective service to you. This is in line with guidance from my regulatory body (HCPC) and professional organisation (BPS)
3. Where do I keep your personal information? I keep records in paper based (file) format:
Paper based recording: I am required to record relevant information that you provide to me. I do this by taking handwritten notes following sessions which are stored in a physical file. I may use this information to create a report, should you or your insurance provider request it. The paper-based file also includes the information sheet you complete at the assessment appointment giving personal details (eg. date of birth and GP contact details). Your psychology therapy notes/file are stored in a locked filing cabinet in a secure location.
Mobile phone storage: I may keep your mobile or other contact telephone number stored in the memory of my mobile phone. This would be for contacting you at short notice should the need arise. Only your initials are stored. The mobile phone I use is pin protected.
emails: I use a gmail email account to organise appointments and respond to enquires. I do not email to exchange clinical information.
4. How long do I keep your personal information? I retain your psychology file/notes for 7 years in accordance with guidance issued by our professional body, the British Psychological Society. After this time, I will shred your file/notes and delete any electronic copies of reports relating to you.
5. Who do I disclose your personal information to? If psychological reports are required I will send these to you, or to another health professional/provider or insurance company authorised by you. In addition, I may have to share data I collect if I am required to share data with the legal authorities to fulfil my obligations under Scottish law or if there is a significant risk to you or others. Under Child Protection legislation, I may be required to contact child protection services if you disclose information that indicates that a child may be currently still at risk. If I wish to access or share your data in any way not described in this privacy policy, I will contact you beforehand and only proceed with your explicit consent.
6. Data collected by third parties The www.drlizamorton.com website is hosted by Weebly.
7. Record of payments and retention of payment information: I keep records of invoices, payments and receipts for accounting purposes. I am required to retain this information for 6 years in line with HMRC requirements. After six years I will delete and/or shred this information. 8. Your rights:
How can I see all the information you have about me? You can make a subject access request (SAR) by contacting me. I may require additional verification that you are who you say you are to process this request. I will aim to provide you with this information within one month of your written request. I may withhold such personal information to the extent permitted by law. In practice, this means that I may not provide information if I consider that providing the information will violate your vital interests.
What if my information is incorrect? Please contact me. I may require additional verification that you are who you say you are to process this request. If you wish to have your information corrected, you must provide me with the correct data and after I have corrected the data in our systems I will send you a copy of the updated information in the same format as the subject access request.
How can I have my information removed? If you want to have your data removed I have to determine if I need to keep the data, for example in case HMRC wish to inspect my records. If I decide that we should delete the data, I will do so without undue delay.
How do I make a complaint? If you wish to raise a complaint on how I have handled your data, you can contact me to have the matter investigated (drlizamorton@gmail.com) If you are not satisfied with my response or believe I am not processing your data in accordance with the law you can complain to the Information Commissioner’s Office: https://ico.org.uk
Changes to this privacy policy: I may occasionally make changes to this data protection and privacy policy. Following any changes, the date at the top of the privacy policy will be updated. If any change allows for the wider access to or sharing of data, such changes will only apply to data collected after the date of the updated privacy policy.
Dr Liza Morton Registered Counselling Psychologist Chartered Psychologist.