PRIVACY POLICY

1.    GDPR Privacy notice. 
This privacy notice provides information about the personal information we process about you as a data controller, in compliance with the GDPR.
1.1.    The General Data Protection Regulation (GDPR)  seeks to protect and enhance the rights of EU data subjects across the EU. The UK has in place a new domestic data privacy law called UK-GDPR which is exactly the same as the EU version and is supported by the UK’s Data Protection Act of 2018. Compliance with the UK-GDPR and EU’s GDPR remains an obligation for any website, company or organisation who process personal data from either inside the UK or the EU.
1.2.    Dr Katriona Taylor (Kat Taylor Psychology) is registered with the Information Commissioner’s office (ICO: XXXXXXXX). Please see the ICO’s website for further information: https://ico.org.uk.

​

2.    Cookies:

2.1.    This website uses cookies. Cookies are strings of information which a website stores on a visitor’s computer and that the visitor’s browser provides to the website each time they return. Cookies help to identify and track visitors and their website access preferences.  For visitors who do not wish to have cookies placed on their computers, they should set their browsers to refuse cookies before using the website. Whilst this should improve privacy and security it will mean that certain personalised services cannot be provided and may prevent the user from taking full advantage of a website’s features. For further information please visit www.aboutcookies.org .
2.2.    In general, the cookies placed on this website are essential cookies: security, anti-fraud, and other purposes related to the specific functionality of our service. This website is hosted by Wix.com. For further information regarding the cookies which they use please see:  https://support.wix.com/en/article/cookies-and-your-wix-site 

​

3.    Website contact forms:

3.1.    Information from the contact form is used to contact clients to arrange an initial consultation, therapy session or to contact you regarding bespoke packages which you have enquired about. This information enables me to provide the appropriate service for you.
3.2.    No information or data from the contact or booking form is stored by the website.
3.3.    I use the personal data of your e-mail address and name for correspondence with you regarding your enquiry. I only retain the information for the period we are in correspondence then it is deleted as confidential waste.
3.4.    I do not use the information you supply via the contact form for marketing purposes or share with third parties. Exceptions to this may be if I feel that working with you would be outside of my professional remit and at this time, I may share an anonymised account of your difficulties with other professions in order to signpost you to relevant services or professionals. I will always seek your consent prior to sharing this information. 
3.5.    When responding to website enquiries I will respond using my protonmail.com e-mail account using either their web-based platform or their mobile app. ProtonMail provides end-to-end encryption and zero access encryption to secure emails meaning that these cannot be shared with third parties. ProtonMail is in adherence with GDPR.

​

4.    What information do I collect?
4.1.    For individual/couple/family assessment, therapy or consultations, I will gather information which is relevant to your assessment and enables me to provide a service for you. Some of the information I may collect may be classified as sensitive personal data which may include (but not limited to) details of your physical and mental health, relationships and offending behaviour. If you are referred by a third party, information provided by that organisation will also be used.

​

5.    How do I store your personal information (and for how long)?
5.1.    I will keep anonymous notes from our sessions in line with my professional insurance and the limitation act. Processing necessary for the establishment, exercise of defence of legal claims or whenever courts are acting in their judicial capacity. I am also required to keep financial records for the purpose of tax returns for 7 years. 
5.2.    If you choose not to continue with therapy after your assessment session your information will be disposed of 2 weeks after as confidential waste.
5.3.    If you choose to continue with therapy then I keep notes which are anonymous and separately your name/email dress for 7 years after your last session in line with the requirements of my professional insurance.
5.4.    Information is stored as confidential data in locked storage or password protected documents which only I am able to access. These will be destroyed at the end of the data retention period as confidential waste.

​

6.    Ethical and Professional Practice:
6.1.    As a clinical psychologist, I follow strict ethical principles and professional guidelines which are set out by the Health Care Professional Council (HCPC) under which I am registered to practice as a clinical psychologist. 
6.2.    When working in private practice I will receive regular clinical supervision (separate to my Clinical supervision for my NHS post) in which cases will be discussed anonymously and confidentially to ensure high standards of professional and reflective practice and as part of my continual professional development.

​

7.    Confidentiality:
7.1.    As an accredited clinical psychologist under the HCPC I operate under a strict code of confidentiality. Retaining your confidentiality is extremely important as part of providing you with a safe space to share your experiences and difficulties and as such, and in compliance with my professional code of practice as a HCPC registered psychologist. Information which you share with me will be treated with the utmost sensitivity and will not be shared with any third parties apart from under the circumstances outlined below:
7.1.1.    if I have reason to believe that either the client or somebody else is at risk of harm. In these circumstances, I will endeavour to speak to you prior to sharing your information and explain the reasons that this is necessary (unless I believe that discussing this will increase risk further). 
7.1.2.     In line with our standards of conduct, performance and ethics, we must take appropriate action if we have concerns about the safety or wellbeing of children or vulnerable adults. In this situation we will follow local policies and processes for raising a safeguarding concern. This may include information the local council, health professionals and emergency services. Information shared within the above circumstances will be adequate and proportionate e.g. the minimum required.
7.1.3.    I may be legally obliged to share information in your notes if I am issues with a court order. 
7.1.4.    There may be occasions where you would like information to be shared with other parties such as other healthcare or social care services. In this case, I will discuss this with you to agree what information you would like shared/omitted and obtain your written consent to share this information. There will be additional costs (usually your hourly rate) associated with reports or consultations with other services relating to such a request.
7.2.    Clients have the right to see information we hold about them and it is important that we respect these requests. Where sharing information may cause the individual psychological harm, this information may be omitted. A flat admin fee of £50 will be charged for any data requests in order to process these in a timely manner. Any such requests should be made via e-mail to kattaylorpsychology@protonmail.com  alongside documents which provide proof of your identity. Once I receive this evidence I will respond to your request within 30 calendar days. II want to make sure that your information is accurate and up to date and as such, you may ask me to correct or remove information you think is inaccurate. You also have a right to request the transfer of your data to another individual or company.
7.3.    There may be other times where it may be appropriate to share certain information with third parties such as referrers or health insurance providers. However, in these instances this will be explained to you and your consent will be sought beforehand.
7.4.    Where we have not received payment for any service which you have received or cancelled outside of the agreed cancellation window, your name contact details may be passed on to a debt collection service in order to retrieve payment. 

​

8.    Confidentiality when working with young people under the age of 18:
8.1.    For individuals between the ages of 16-18, in relation to confidentiality, information and consent will be treated in the same way as those over 18 (as outlined within the rest of this policy).
8.2.    For individuals who are under the age of 16, consent will usually be sought from someone with parental responsibility which may include: the child’s mother or father or legally appointed guardian. In cases where parents are separated but hold equal responsibility, consent from both parties will be sought. 
8.3.    Some children under 16 can give consent if they can fully understand the information given to them. This is known as Gillick competence. Where a young person is working with me individually (including where this is being paid for by their parents) all therapy and support offered will remain private and confidential, unless for the reasons outlined in section 7. In these circumstances, your consent will be sought prior to sharing information with third parties. Information pertinent to risk information will also be shared with you as a parent so that management plans can be put in place. 
 
9.    Complaints and Queries relating to GDPR
9.1.    I endeavour to ensure that your information is stored and processed in relation to GDPR and my professional code of practice outlined through the HCPC. However, if you have concerns that there has been a breach then you can make a complaint via the ICO website (https://ico.org.uk) or via HCPC (https://www.hcpc-uk.org/). 
9.2.     If you have any queries relating to GDPR, how your data is used and stored, or the boundaries of confidentiality then please e-mail me at kattaylorpsychology@protonmail.com