GDPR Policy for Talk Therapies
Last updated: Sept 2024
At Talk Therapies, we are committed to protecting your privacy and ensuring the security of your personal data. This policy outlines how we collect, use, store, and protect your information in compliance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
1. Data Controller
Talk therapies is the data controller for the personal information we process. We are registered with the Information Commissioner's Office (ICO) under registration number registration:
ZB695802
2. Personal Data We Collect
We may collect the following types of personal data:
- Name and contact details
- Date of birth
- Medical history and current health information
- Session notes and treatment plans
- Payment information
3. How We Collect Your Data
We collect personal data through:
- Our website contact form
- Email correspondence
- Telephone conversations
- Face-to-face consultations
- Referrals from other healthcare professionals (with your consent)
4. How We Use Your Data
We use your personal data to:
- Provide psychotherapy services
- Maintain accurate client records
- Communicate with you about your treatment
- Process payments
- Comply with legal and professional obligations
5. Legal Basis for Processing
We process your data under the following legal bases:
- Consent: You have given clear consent for us to process your personal data for a specific purpose.
- Contract: The processing is necessary for a contract we have with you.
- Legal obligation: The processing is necessary for us to comply with the law.
- Vital interests: The processing is necessary to protect someone's life.
6. Data Retention
We will retain your personal data for as long as necessary to provide you with our services and to comply with our legal obligations. Typically, we retain client records for 7 years after the last contact, in line with professional guidelines.
7. Data Security
We implement appropriate technical and organizational measures to ensure the security of your personal data, including:
- Encryption of digital files
- Secure, locked storage for paper records
- Limited access to personal data by staff and contractors
- Regular security assessments and staff training
8. Your Rights
Under GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate personal data
- Erase your personal data (in certain circumstances)
- Restrict processing of your personal data
- Data portability
- Object to processing of your personal data
To exercise these rights, please contact us using the details provided below.
9. Data Breaches
In the event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and will inform affected individuals without undue delay.
10. Third-Party Processors
We may use third-party processors for services such as secure email hosting and payment processing. All third-party processors are GDPR compliant and have entered into data processing agreements with us.
11. Enhanced DBS Check
All our therapists undergo enhanced Disclosure and Barring Service (DBS) checks to ensure the safety of our clients. This information is processed and stored securely in compliance with GDPR and DBS regulations.
12. Cookies
Our website uses cookies to enhance your browsing experience. You can adjust your browser settings to refuse cookies if you prefer.
13. Changes to This Policy
We may update this policy from time to time. Any changes will be posted on this page with an updated revision date.
14. Contact Us
If you have any questions about this policy or how we handle your personal data, please contact:
Rav Sohal
Data Protection Officer
Talk Therapies
07378 774344
15. Complaints
If you have concerns about our data processing practices, you have the right to make a complaint to the Information Commissioner's Office (ICO). However, we would appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
By using our services, you acknowledge that you have read and understood this policy.