Privacy Notice

This document serves to outline how I comply with the General Data Protection Regulation (GDPR) 2018. It will look at why I keep data about you, what I do with it, how I store it and what your rights are. I am registered with the Information Commissioner’s Office (ICO) and I, Dr Fiona Garratt, am the data controller.

Why I process your data:

As a Clinical Psychologist, in order to be able to do my job well, I will need to process the following

information about you:

1) Personal data

 Your date of birth

 Your address

 Your contact details (phone number/email)

 Your GP details

 Your school/college details

2) Sensitive Personal data

 Any medical or mental health diagnoses including reports that you share with me

 Information about the difficulties that you are asking for help with and about your history

 Therapy notes

 Therapy contracts/agreements

 Outcome measures/psychometric assessments

3) Financial information

 If you pay by BACS your name will be on my bank statements.

 If appropriate I will need the details of your healthcare insurance provider including your policy

number and authorisation number.

All of the above information is important to help me build up a picture of how things are for you and how I may best be able to help you and your family. It will be used to inform a therapeutic assessment, recommendations and intervention. It will also enable me to communicate with other professionals involved with you with your permission. For example it might be helpful to talk with your teachers about a worry about school. Some of the information is needed in order for me to be able to bill you and collect payments.

I can not work with you if you are not able to allow me to process this data.

Lawful basis: All of these reasons come under ‘legitimate purposes’ for processing information.

Keeping your data safe:

I will keep your information securely. This means that any paper files will be locked away in a lockable filing cabinet. I have a lockable bag to carry any paperwork to and from the clinic room. My computer is password protected and has appropriate virus protection. Any files on my computer will also be encrypted and password protected. My email account is password protected and if being used through my mobile phone is subject to a password or thumbprint every time I use it. I do not use non-secure wi-fi sources.

I do not use emails for sensitive information and would not send a report over email unless using a secure email system or password protecting a document. I would then send you the password by a different means eg SMS.

All data will be stored in the UK.

Sharing your information:

During the course of our work I will only share your details with a third party with your consent. However if I am concerned for your safety or the safety of another person as a result of our conversations then I will need to use your details to make contact with the relevant professionals. I would discuss this with you first where possible. The only other exception to confidentiality would be if I were required legally to share your notes for example if ordered to by a court or as part of a criminal investigation.

Additionally, I have appointed a therapeutic executor (a professional colleague) who in the event of my sudden illness, death or inability to work would make contact with you to let you know of this and to discuss options with you.

I will never sell your details onto a third party for marketing purposes.

What I do with your records after we have finished meeting:

I will keep your records for 7 years after you have reached the age of 18. I will then delete/shred them.

Any notes I make and data I process for an enquiry about therapy which does not lead to my involvement will be deleted after 6 months.

I am required by HMRC to keep all bank statements for 6 years + the current accounting year.

Your rights:

You have the right to request to see your notes. I will not charge a fee for this and will let you see them within 20 working days of the request. I have the right not to include information that I believe might be harmful to yourself or another person. You have the right to have a correction made to your notes if you believe that I have recorded something incorrectly or incompletely.

You do have the right to object to your data being processed and the right to withdraw your consent at anytime. You can do this by contacting me on drfionagarratt@gmail.com. It is important to note however that I would no longer be able to provide you with therapeutic services in this case.

Data breach procedure:

If a data breach were to occur this would be recorded. If a data subject were identifiable the ICO would be informed. If the breach involved sensitive data and the subject were identifiable then the data subject would be informed.

This website:

My website uses cookies. Am implied consent policy is operating which assumes you are in agreement with this. However you can control whether your computer allows this through your browser settings.

The information that is collected by the website when you use it is for monitoring and tracking purposes only in order to conduct statistical analyses of site traffic and to improve the quality of the site. This information may include IP address, geolocational data and device information.

I do not collect personal sensitive information through my website.

If you are concerned that I have not handled your data appropriately you can raise your concern with the ICO by visiting www.ico.org.uk/concerns/ or calling 0300 123 1113 .

Dr Fiona Garratt

Clinical Psychologist

drfionagarratt@gmail.com

www.drfionagarrattpsychologist.co.uk

Updated 2021