Your privacy is important to us, and we will always endeavour to maintain this. This document outlines our duties to you.
Minimal personal information is collected by Cleeve Therapy Group in order to provide our services to you, to enable communication with you, and to provide invoicing for therapy sessions. This document provides further details about what data is collected and how your privacy is protected.
The personal information you provide is held in compliance with the Data Protection Act (2018), and General Data Protection Regulations (GDPR, 2016).
Please contact Lianne Davies (as data controller) at Cleevetherapy@gmail.com with any questions or requests in regards to personal information processed by Cleeve Therapy Group.
What type of information do we collect?
We currently collect and process the following information from people who enquire about the service and people who are clients of the service:
Personal data: Name, address, dates of birth, telephone number, email address, GP contact details.
Sensitive personal data: therapist notes (session notes, supervision notes, letters and outcome measures), signed therapy contract agreements.
Web based information: if you complete our web based enquiry form then we collect the details you provide, including your internet protocol (IP) address. This is supplied by Wix which is the platform on which our website is based. All web services used by Cleeve Therapy Group are themselves GDPR compliant.
How we get the information and why we have it
The personal information we process is provided to us directly by you. We collect this information for the legitimate purpose of providing our therapy services to you, and for processing payments. Without this information we may be unable to provide a service to you.
Sharing of information
All personal sensitive information you share with us in sessions is confidential. This means we will not share any information about you with others. There are two exceptions to this:
Supervision: The British Association for Behavioural and Cognitive Psychotherapies (BABCP) strongly recommends regular supervision where we will discuss our clients sessions to support best practice in the provision of therapy to you. These discussions are anonymised and pseudonyms used. This will be discussed with you, and agreed upon in our therapy agreement contract.
Issues of concern: Where we have significant concern for your own safety, or the safety of others then we may need to break confidentiality. For example, where there may be significant risk of harm to yourself. Breaking of confidentiality will usually be discussed clearly with you before any actions are taken, and will also be detailed in your therapy agreement. Where there is disclosure of criminal activity that may be of harm to yourself or others then we may also be legally obliged to pass on this information.
How we store your information
Cleeve Therapy Group will store your information securely. This means:
All paper information and notes will be kept in a securely locked cabinet in our office. Paper notes will be transported as securely as possible between office and clinic. Session notes will be kept anonymised or only initials used.
All personal information (as detailed above) will be stored digitally. Digital information will be stored on a password protected computer with anti-virus software in place. Mobile devices are also secured by confidential passcode/thumbprint.
Text and email communication will be kept to a minimum.
Skype calls are protected by end-to-end encryption which protects us from potential malicious eavesdropping. If you are using a mobile phone for face to face sessions we recommend using the Skype app as this is more secure.
We anticipate these procedures will be effective but no security system can be absolutely guaranteed.
How long do we store your information?
Personal information is stored for a minimum of 7 years after the end of therapy. After 7 years the information will be deleted at the end of the year. For children the time is 3 years after they turn 18yrs of age. This is in line with common law and professional indemnity insurance obligations.
Data on mobile phones will be removed as soon as therapy ceases
Your data protection rights
Under data protection law, you have rights including:
Your right of access - You have the right to ask us for copies of your personal information.
Your right to rectification - You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing - You have the the right to object to the processing of your personal data in certain circumstances.
Your right to data portability - You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at firstname.lastname@example.org if you wish to make a request.
Please note we do reserve the right to refuse requests for deletion of personal information in certain cases, as it is a requirement of our insurance to keep records for a minimum of 7 years.
Information about cookies
Cookies are small pieces of data stored on a site visitor's browser. They are typically used to keep track of the settings users have selected and actions they have taken on a site.
Types of cookies:
Session (transient) cookies: These cookies are erased when site visitors close their browsers and are not used to collect information from their computers. They typically store information in the form of a session identification that does not personally identify the user.
Persistent (permanent or stored) cookies: These cookies are stored on a site visitor's hard drive until they expire (at a set expiration date) or until they are deleted. These cookies are used to collect identifying information about the user, such as web surfing behaviour or user preferences for a specific site.
If you want to delete or block any cookies, please refer to the help and support area on your internet browser for instructions on how to locate the file or directory that stores cookies. Information on deleting or controlling cookies is also available at www.aboutcookie.org (note that this website is not provided by Wix, and we, therefore, cannot ensure its accuracy, completeness or availability).
Please note that deleting cookies or disabling future cookies or tracking technologies may prevent you from accessing certain areas or features of the website, or may otherwise adversely affect your user experience.
Wix.com provides us with the online platform that allows us to sell our services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.