Minimal personal data is collected to support the provision of therapy, invoicing for therapy sessions, and communication with you. The details you provide are held in compliance with General Data Protection Regulation (GDPR, 2016) and the UK Data Protection Act (anticipated update in 2018). This document provides further information regarding what data is collected and how your privacy is protected.
Appendix 1 contains specific information regarding the personal data Psychology Me’s website might store about you.
Dr. Meirav Dagan, Health Psychologist, provides psychological treatment services under the trade name Psychology Me*. Dr. Meirav Dagan is registered with the Information Commissioner’s Office (ICO registration number is ZA476648) and acts as the Data Controller. Please contact Dr. Meirav Dagan at email@example.com with any questions or requests about the personal information that Psychology Me processes.
Psychology Me is committed to protecting your rights to privacy. They include:
Right to be informed about what we do with your personal data;
Right to have a copy of all the personal information we process about you;
Right to rectification of any inaccurate data we process, and to add to the information we hold about you if it is incomplete;
Right to be forgotten and your personal data destroyed;
Right to restrict the processing of your personal data;
Right to object to the processing we carry out based on our legitimate interest.
Right to complain to a regulator if you think that we haven't complied with data protection laws. You can lodge a complaint with the Information Commissioner’s Office (ICO).
What is the purpose for collecting personal data?
The primary lawful premises upon which Dr. Meirav Dagan collects personal information are known as ‘legitimate purpose’ – this means that the service provided by Dr. Meirav Dagan could not be properly conducted without this information – and ‘contractual fulfilment’. For instance, obtaining your contact details enables communication with you, although you will be asked for your preferences regarding your preferred method/s of contact.
What information does Psychology Me collect and process?
Psychology Me collects and processes the personal data of individuals who inquire about therapy services and of individuals that are clients. This might include:
Personal data: basic contact information: name, address, email, contact number, video conference ID (if online therapy), dates of birth, Health information including GP contact details.
Sensitive personal data: Signed Therapy Client Agreement, therapy records (therapist notes, letters, reports and/or outcome measures).
If you are referred by your health insurance provider, then we will also collect and process personal data provided by that organisation. This includes basic contact information, referral information, and health insurance policy number and authorisation for psychological treatment.
If you complete a web-based enquiry form, Psychology Me will also collect any information you provide to us as well as your internet protocol (IP) address. This is automatically supplied by Wix.com the online platform that is hosting our website. All web services used by Psychology Me are verified by themselves as GDPR compliant.
Other personal data
Psychology Me also processes personal data pursuant to our legitimate interests in running our business such as:
Invoices and receipts;
Accounts and tax returns;
Information to help with our marketing (such as how you heard about my service).
How personal information is being used?
Psychology Me takes your privacy seriously. Psychology Me will only use your personal information to provide the services you have requested from us and to process payment for such services. If you do not provide the personal information requested, then the psychologist may be unable to provide a therapy service to you.
How long does Psychology Me store personal information?
Information is stored for as long as it is required. Where it is not necessary to retain personal data, this is destroyed at the end of assessment/therapy for such cases.
For assessment and therapy cases, basic contact information held on a therapist’s mobile phone is deleted six months following the end of therapy. This allows the psychologist to provide better service for returning clients.
The sensitive personal data defined above is stored for a period of 7 years after the end of therapy. After this time, this data is deleted at the end of each calendar year in compliance with my professional guidelines, accountancy and indemnity obligations.
Administrative data is retained for up to seven years as necessary, in the event there are queries from HMRC. Where it is not necessary to retain the data for seven years, it is destroyed as soon as possible.
What personal information is shared and with whom?
Our conversations are strictly confidential. This means that we will not normally share your personal information with anyone else. However, there are exceptions to this when there may be a need for liaison with other parties:
Supervision: The The British Psychological Society (BPS) and the British Association of Behavioural and Cognitive Psychotherapists (BABCP) recommend that therapists receive supervision to support therapists’ well-being and best practice. Client details are being anonymised (e.g. through use of a pseudonym and changing or omitting identifying details) and supervisors are bound by the same privacy processes described here.
Health care provides: if you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then we will share appointment schedules with that organisation for the purposes of billing. We may also share information with that organisation to provide treatment updates if necessary.
Exclusions to confidentiality
Where there is serious concern for your safety or the safety of others (protection of vital interests), or where legal obligation to breach confidentiality exists, confidentiality may be broken. Discussion between you and me would precede any such actions wherever possible.
Further details are provided in the ‘Therapy Agreement’, reviewed when therapy is contracted.
How is information secured?
Psychology Me will keep information securely in accordance with ICO guidelines. Physical, electronic and managerial procedures are in place to protect personal information. This includes controlled access and, where possible, the anonymization of personal information. It is anticipated that these measures will be effective, however no security system can be guaranteed.
Personal information is minimised in phone and email communication.
Storage may be electronically or hard copy.
Hard copies will be stored in a locked filing cabinet. The files may be transferred between my house and the clinics.
Electronic information will be stored on a password protected computer with antivirus protection. Mobile devices are protected with a passcode/thumbprint scanner. Emails will be stored in a password protected account in a GDPR compliant email account. Sensitive personal data will be sent to clients in an email attachment that is password protected.
Your right to access the personal information Psychology Me holds about you
If you request access to the information Psychology Me holds about you, it will usually be shared with you within 30 days of receiving a request.
There may be an admin fee for supplying the information to you.
Psychology Me may requests further evidence from you to check your identity.
A copy of your personal information will usually be sent to you in a permanent form (that is, a printed copy).
Psychology Me reserves the right to refuse a request to delete a client’s personal information.
Therapy records are retained for a period of 7 years in accordance with the guidelines and requirements for record keeping by The British Psychological Society (BPS; 2000) and The Health and Care Professions Council (HCPC; 2017).
Records of invoices and payments received are retained for 6 years, in compliance with HMRC
Appendix 1: Website and Cookies
1. What is a cookie?
A cookie is a small amount of data stored on a computer that contains information about the internet pages that have been viewed from that computer. They are commonplace on the internet and are used by websites to improve the user’s online experience by storing information about how the user navigated around and interacted with it. This information is then read by the website on the next occasion that the user visits.
Cookies are sent automatically by websites as they are viewed, but in order to protect a user’s privacy, a computer will only permit a website to access the cookies it has sent, and not the cookies sent by other sites. Furthermore, users can adjust the settings on their computer to restrict the number of cookies that it accepts, or notify them each time a cookie is sent. This should improve privacy and security but will generally meant that certain personalised services cannot be provided, and it may therefore prevent the user from taking full advantage of a website’s features.
2. What sort of cookies do Psychology Me uses on the it’s website?
Psychology Me uses two types of cookies: Session cookies and Stored cookies.
Session (Transient) cookies expire at the end of the user’s browser session and can also expire after the session has been inactive for a specified length or time, usually 20 minutes. Session cookies are stored in the computer’s memory and are automatically deleted from the user’s computer when the browser is closed. Session cookies do not collect information from your computer. They typically store information in the form of a session identification that does not personally identify the user.
Stored (Persistent or Permanent) cookies are stored on the user’s computer and are not deleted when the browser is closed; they are based on a set expiration date or until you delete them. Stored cookies are used to collect identifying information about the user, such as Web surfing behaviour or user preferences for a specific site.
3. How does Psychology Me store personal information that is collected via the website?
Psychology Me’s website is hosted on the Wix.com platform. Wix.com provides Psychology Me with the online platform that allows us to offer our services to clients. The data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by Wix.com and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
Wix.com gather information regarding the visitors to Psychology Me website on our behalf using cookies, allowing Psychology Me to understand the amount of traffic to the website and whether they are returning visitors. We do not pass any information to a third party.
5. Can I browse your website without receiving any cookies?
Currently, it is not possible to opt in or out of cookies. But if you have set your computer to reject cookies, you might still be able to browse parts of the website.
6. How can I find and control cookies?
You can usually adjust for yourself the number of cookies that your computer (or other devices, such as a mobile phone, receive. How this is done, however, varies according to which device and what browser software you are using.
As a general rule, the more commonly used web browser software packages tend to have a drop-down menu entitled ‘Tools’. One of the options on this menu is usually ‘Options’ – and if this is selected, ‘Privacy’ is usually one of the settings that may be adjusted by the user. In the case of any device other than a PC (egg and mobile phone) you should always refer to the manufacturer’s instructions.
If your questions are not fully answered by this policy, please ask for further information: Data Controller – Dr. Meirav Dagan - firstname.lastname@example.org
If you are not satisfied with the answers, you can contact the Supervisory Authority: ICO (Information Commissioner's Office) – https://ico.org.uk