PRIVACY NOTICE (Data Processing)
Who I am and how I process your personal data
I (Mary Bowmer) am registered with the Information Commissioners Office as a Data Controller. I comply with obligations under the General Data Protection Regulation (GDPR) by keeping personal data up to date; by storing (and destroying it) securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
I use your personal data for the following purposes
To deliver the services that you have requested;
To contact you if necessary in accordance with the service you have requested;
To contact you via feedback forms or surveys to ascertain your opinions on the service you received from me;
To maintain my accounts and records.
N.B. In the event that my recorded data is utilised for research purposes or my own supervision, all such data will be sufficiently anonymised to the extent that individual clients cannot be identified. Should a client indicate that their data should not be used for these purposes, I would refrain from using that data.
Individual client data will never be passed to a third party without the express consent of the respective client, always provided that such confidentiality is neither inconsistent with the therapist’s own safety or that of the client, the client’s family members or other members of the public, nor in contravention of any legal action or legal requirement.
In accordance with my need to maintain the possibility of access to client data as a result of returning clients or those who may wish to lodge a complaint in respect of my professional services to either my professional body or my insurers (i.e. in all cases perhaps after a long period of time has elapsed), I retain client data for a minimum period of 7 years. For clients under the age of 18, data will be retained until their 25th birthday.
My Lawful Basis for processing client personal data
The client has given clear consent for me to process their personal data for a specific purpose. Further, the processing is necessary for both my client’s and my own legitimate interests.
Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
The right to request a copy of your personal data which I hold about you;
The right to request that I correct any personal data if it is found to be inaccurate or out of date;
The right to request your personal data is erased where it is no longer necessary for me to retain such data;
The right to withdraw your consent to the processing at any time;
The right to request that I provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable)
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;
The right to object to the processing of personal data, (where applicable)
The right to lodge a complaint with the Information Commissioners Office. (See below).
You have the right to complain to the Independent Commissioner’s Office (ICO) if you think there is a problem with the way I am handling your data