Privacy policy

Version 1
27 Jun 2018

Oxford Psychologists Ltd takes your confidentiality and privacy rights very seriously. This notice explains how we collect, process, transfer and store your personal information and forms part of our accountability and transparency to you under the General Data Protection Regulation (GDPR) 2018.

How will we meet the principles of the GDPR?

We will process your personal information fairly and lawfully by;

    a) Only using it if we have a lawful reason and when we do, we make sure you know how we intend to use it and tell you about your rights;

      We do not rely on consent to use your information as a ‘legal basis for processing’. We rely on specific provisions under Article 6 and 9 of the General Data Protection Regulation, such as ‘…a task carried out in the public interest or in the exercise of official authority vested in the controller.’ This means we can use your personal information to provide you with your care without seeking your consent. However, you do have the right to say ‘NO’ to our use of your information but this could have an impact on our ability to provide you with care.

    b) Only collecting and using your information to provide you with your care and treatment and will not use it for anything else that is not considered by law to be for this purpose;

      We would never share it for marketing or insurance purposes.

    c) Only using enough of your personal information that will be relevant and necessary for us to carry out various tasks within the delivery of your care;

    d) Keeping your information accurate and up to date when using it and if it is found to be wrong, we will make it right, where appropriate, as soon as we can;

    e) Only keeping your information in a way that it will identify you for as long as we are legally required to, whilst ensuring your rights;

    f) Having secure processes in place to keep your personal information safe when it is being used, shared, and when it is being stored.

What information do we collect from you?

We keep records about you, your health and any care and treatment you receive.

This may include:

  • Basic details such as name, address, date of birth, phone number, GP contact details, name of educational establishment (where relevant), details of health insurance policies (where relevant) and email address - where you have provided it to enable us to communicate with you by email
  • Registration forms, therapy notes and reports about your physical or mental health and any treatment, care or support you need and receive
  • Results of your tests and diagnosis
  • Relevant information from other professionals, relatives or those who care for you or know you well
  • Information on medicines, side effects and allergies
  • Patient experience feedback and treatment outcome information you provide
  • We collect information about you when you complete the contact form on our web page. The contact form asks for your name, telephone number, email address and the reason for your enquiry. We need this information in order to respond appropriately to your enquiry. If you contact us via telephone or direct email, a record will be kept of that correspondence or conversation.

Why do we collect this information about you?

Your information is used to guide and record the care you receive and is vital in helping us to;

  • have all the information necessary for assessing your needs and for making decisions with you about your care
  • have details of our contact with you, such as referrals and appointments and can see the services you have received
  • assess the quality of care we give you
  • properly investigate if you and your family have a concern or a complaint about your healthcare
  • invoice for the services rendered

Professionals involved in your care will also have accurate and up-to-date information and this accurate information about you is also available if you:

  • Move to another area
  • Need to use another service
  • See a different healthcare professional

Who might we share your information with?

We hold information about each of our clients and the therapy they receive in confidence. This means that we will not normally share your personal information with anyone else. However, there are exceptions to this when there may be a need for liaison with other parties, as follows:

  • If you are referred by your health insurance provider, or are otherwise claiming through a health insurance policy to fund therapy, then we will share appointment schedules with that organisation for the purposes of billing. We may also provide information with that organisation to provide treatment updates.
  • In rare situations it might be necessary for us to share information to ensure safeguarding. If your therapist felt a substantial possibility existed of you or others suffering significant harm their professional duty of care will require them to share information with other professionals. Your therapist may also be required by law enforcement authorities or a court of justice to impart information. See our Standard Terms & Conditions.

We will not share your personal information with third parties for marketing information.

How we keep your information safe?

We are committed to keeping your information secure and have operational policies and procedures in place to protect your information whether it is in a hardcopy or electronic format.

Electronically, information is held on a computer system and secure IT network. Some of the information held electronically is stored within Google Cloud. Google Cloud is GDPR compliant. For more information on Google Cloud compliance, please visit:
https://services.google.com/fh/files/misc/google_cloud_and_the_gdpr_english.pdf

All hard copy information is stored securely within locked filing cabinets.

How long do we keep your information?

All records held by Oxford Psychologists Ltd are retained in line with the Department of Health recommendations.

Information on a child will be kept until their 25th birthday or 26th if they were 17 at the conclusion of treatment, or 8 years after death.

Records for adult clients are retained for a period of 7 years in accordance with the guidelines and requirements for record keeping by The British Psychological Society (2000) and the Health Care Professions Council (2017).

An annual check is made and the clients data deleted once the time has elapsed.

How can I access the information you hold about me?

You have a right to see the information we hold about you, both on paper or electronically, except for information that:

  • Has been provided about you by someone else if they haven’t given permission for you to see it
  • Relates to criminal offences
  • Is being used to detect or prevent crime
  • Could cause physical or mental harm to you or someone else

Your request must be made in writing and we will request proof of identity before we can disclose personal information. Your information will be provided free of charge and within one month of an individual requesting it, unless there are extenuating circumstances which will be communicated within one month.

Withdrawing Consent or Making a Complaint

For any requests relating to personal information or complaints, please put these in writing as follows.

Controller / Data Protection Officer:
Dr Kai Thilo
kai.thilo@oxfordpsychologists.com
40 North Hinksey Lane, Oxford, OX2 0LY