As the sole proprietor of Talk to Karin Therapy, I am committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR), which took effect on 25 May 2018. This privacy notice outlines what information I hold about you and how I am permitted to use it. For more details, please visit the Information Commissioner's Office website at www.ico.org.uk.
Your Rights Under GDPR:
- The right to be informed.
- The right of access.
- The right to ractification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
This privacy policy explains how I protect your data and covers all these rights. When you schedule your first appointment, I will email you a separate consent form that includes the information outlined here. If you agree to my holding your information as detailed, please click the consent button. You may also fill out the consent form during your first session if you prefer.
Lawful Basis for Holding and Processing Your Personal Data:
Under GDPR, I must have a lawful basis for holding and processing your personal data. There are different lawful bases depending on the context:
- Contacting or Undergoing Therapy: If you are contacting me to consider therapy or are having therapy, I use the lawful basis of contract as it is necessary for the performance of our agreement.
- After Therapy Ends: If you have completed therapy, I use legitimate interest as the lawful basis for holding and using your personal information.
GDPR also requires that I handle any sensitive personal information you may disclose to me appropriately. This is known as special category personal information. The lawful basis for processing this type of information is that it is for the provision of health treatment (counselling/psychotherapy) and necessary for a contract with a health professional (between me, your therapist, and you).
Who I Am:
Talk to Karin Therapy is operated solely by me, Karin, offering counseling and psychotherapy services. I adhere to strict confidentiality and data protection policies and am registered with the ICO.
Information I Collect About You and How I Use It:
When you enquire about therapy, I collect basic personal information for contact and identification purposes. This information is necessary for arranging and managing your appointments, including sending reminders if you request them.
I collect and store personal information such as your name, email address, phone number, date of birth, address, and GP's name. I would only contact your GP under specific circumstances (see my confidentiality policy for details).
I keep notes of our therapy sessions to aid in providing consistent and effective therapy. These notes include personal and sensitive details about your life and are used solely for delivering therapy services to you.
Under GDPR, the lawful basis for storing and processing your personal data is contract, as I require this information to provide you with therapy services.
How I Keep and Use Your Data:
I use a GDPR-compliant client management database (Write Upp) to store your personal details, manage appointments, and create invoices. Any contact with third parties, such as your GP, is also recorded in this system (see my confidentiality policy for more details). This information is only visible to me.
This website uses cookies to enhance user experience and monitor its usage. This includes an 'Acceptance Cookie' for cookie consent and a third-party 'Google Analytics' cookie for performance monitoring. You can opt out of cookies via the pop-up on the website or by changing your browser settings.
If you use the contact form on my website, your information is kept securely and in an encrypted format.
Any paper records, including signed contracts, are kept in a locked filing cabinet. Clinical notes are stored either electronically in the client management database or in written form, depending on my preference. Digital notes are password protected and accessible only to me. Paper notes are stored in a locked filing cabinet in my office.
I keep your notes for seven years in accordance with insurance guidelines. If you were under 18 at the time of therapy, I keep your notes for seven years from the date you turn 18.
Your Rights:
If you need to amend any of the contact details I hold about you, please inform me during a session or email karin.usher@proton.me, and I will update your records.
You have the right to request a copy of any data I hold about you (subject access request). If information is provided by more than one individual, I will release it only with consent from all parties involved. To exercise your rights under GDPR, email karin.usher@proton.me with your request, including proof of identity such as a passport or driver's license and proof of address. I will respond within 30 days of receiving your request.
If you wish to transfer your records to another therapist or organisation, please email your request to karin.usher@proton.me.
I take your privacy seriously and will take all reasonable steps to ensure the protection of your data. In the event of a data breach, I will follow GDPR guidelines and notify you and the ICO within 72 hours.
Under GDPR, you have the right to be forgotten and have your information deleted. Note that this right does not override legal requirements to keep clinical notes for mandatory periods. You can request a copy of any data held about you by submitting a subject access request as detailed above.
Last updated 01 September 2023