Your privacy is of great importance to Shortland Psychology and we are committed to complying with the terms of the General Data Protection Act (GDPR) regarding the responsible and secure use of your data.
Shortland Psychology provides psychological services, including psychological assessments and therapy. We understand that we are provided with personal and sensitive information that has been entrusted with our organisation and that this information is important to the individual person. We will only collect and retain personal information that enable us to perform our services and are committed to protecting and respecting the privacy of our clients.
Shortland Psychology aims to be as clear as possible about how and why we use your information so that you can be confident that your privacy is protected. The purpose of this policy is to let you know what personal information we hold, why this data is collected, how long it is kept, why it might be shared with another party and what your rights are regarding this data.
When you are referred for psychological services with Shortland Psychology you will be asked to consent to the processing of your data under the terms of this policy.
If your questions are not fully answered by this policy, please contact Dr Andrea Shortland.
If you are not satisfied with the answers from Dr Shortland, you can contact the Information Commissioners Office (ICO) https://ico.org.uk.
1. Why do we need to collect your personal data?
2. What personal information do we collect?
For us to provide you with our services, we need to collect the following information:
This information will be collected either directly from you or from a third party, such as a Social Worker. We may also need to gather information from another health professional (such as your Doctor) to provide a complete health assessment.
3. How do we use the information we collect?
4. Where do we keep the information?
4.1. In our database – stored in One Drive Business (a secure cloud-based storage service)
We use One Drive Business to store your personal data and to share it with a third party, such as an Associate. One Drive Business is GDPR compliant, which means it keeps files secure through 2 encryption. We keep your personal data stored in a folder which is your ‘Patient Record’. It includes our notes, assessments and videos from appointments. It would also include any written reports, containing all the information that we gather and our findings and conclusions. We use personal computers that are located on private premises. The computers are password protected. Your personal data will not be stored directly on these computers.
4.2. In a locked cabinet on private premises
We need to write notes when we meet with you. Some assessments and forms are also hand written. These notes, assessments and forms are a necessary part of our therapeutic services and help us to create our report. The paperwork is stored in a locked cabinet.
4.3. In a cloud-based accounting package
We use a cloud-based accounting package called FreeAgent. The company that provides the accounts software is based in the UK and is GDPR compliant.
5. How long do we keep the information?
6. Who do we send the information to?
Shortland Psychology will not share any information about you with other organisations or people except in the following situations:
Video and audio recordings may be shared with an Associate Psychologist for coding or transcribing interviews, with a Supervisor or with the Lead Solicitor if requested by Court. Videos and audio recordings are sent via WeTransfer. WeTransfer is GDPR compliant, which means the content of videos is encrypted user to user i.e. From us to the lead solicitor. Once the files are safely stored, they can only be accessed using the unique links sent to sender and recipient.
If a Solicitor, Agency or Social Worker has instructed the work, we will communicate with them and will send updating reports. These updating reports will be sent as password-protected email attachments or via Egress (an email system for reports). Court Reports are sent to the Lead Solicitor electronically through a secure email system such as CJSM (a Government email system) or Egress. A Report to a privately-paying client would be sent as a password-protected email attachment.
Our Accountant has access to our accounts package (FreeAgent) to prepare our accounts. He is compliant with all applicable data protection regulations.
7. Your rights
You have the right to access your personal data – to rectify, erase or restrict your data – to object to the processing of your data – to request transfer of data (data portability).
Please contact Dr Shortland if you wish to do this.
If you wish to have your information corrected, you must provide us with the correct data and after we have corrected the data in our systems we will send you a copy of the updated information.
If you want to have your data removed we must determine if we need to keep the data, for example in case HMRC wish to inspect our records. If we decide that we should delete the data, we will do so without undue delay.
8. Will we send emails and text messages to you?
As part of providing our service to you, we may communicate with you via email or text message. We need to send details of your appointments to you and may need to discuss your therapy between appointments. Personal data is not stored in our email account or on a mobile phone. We will not send emails or text messages to you about marketing or additional services.
9. What happens to your data if Dr Shortland dies unexpectedly?
In the event of Dr Shortland’s unexpected death, an Associate would take responsibility of her work, including current cases and all previous records. This would ensure that your data remained secure and protected and that data was deleted at the appropriate time.
Dated: 1st June 2020
By: Saskia Raymond