Privacy Policy

Your privacy is of great importance to Shortland Psychology and we are committed to complying with the terms of the General Data Protection Act (GDPR) regarding the responsible and secure use of your data.

Shortland Psychology provides psychological services, including psychological assessments and therapy. We understand that we are provided with personal and sensitive information that has been entrusted with our organisation and that this information is important to the individual person. We will only collect and retain personal information that enable us to perform our services and are committed to protecting and respecting the privacy of our clients.

Shortland Psychology aims to be as clear as possible about how and why we use your information so that you can be confident that your privacy is protected. The purpose of this policy is to let you know what personal information we hold, why this data is collected, how long it is kept, why it might be shared with another party and what your rights are regarding this data.

When you are referred for psychological services with Shortland Psychology you will be asked to consent to the processing of your data under the terms of this policy.

If your questions are not fully answered by this policy, please contact Dr Andrea Shortland.

If you are not satisfied with the answers from Dr Shortland, you can contact the Information Commissioners Office (ICO) https://ico.org.uk.

1. Why do we need to collect your personal data?

  • To know who you are so that we can communicate with you in a personal way
  • To verify your identity so that we can be sure we are dealing with the right person
  • To deliver a service to you

2. What personal information do we collect?

For us to provide you with our services, we need to collect the following information:

  • Your name
  • Your contact details including a postal address, phone numbers and email address
  • Personal information relevant to your health assessment / therapy

This information will be collected either directly from you or from a third party, such as a Social Worker. We may also need to gather information from another health professional (such as your Doctor) to provide a complete health assessment.

3. How do we use the information we collect?

  • To communicate with you about appointments
  • To deliver our services to you we use your name, contact details and any personal information that is relevant to your health assessment / therapy
  • To create an invoice we may use your name and contact details
  • To optimise our website so that users can find the information they need

4. Where do we keep the information?

4.1. In our database – stored in One Drive Business (a secure cloud-based storage service)

We use One Drive Business to store your personal data and to share it with a third party, such as an Associate. One Drive Business is GDPR compliant, which means it keeps files secure through 2 encryption. We keep your personal data stored in a folder which is your ‘Patient Record’. It includes our notes, assessments and videos from appointments. It would also include any written reports, containing all the information that we gather and our findings and conclusions. We use personal computers that are located on private premises. The computers are password protected. Your personal data will not be stored directly on these computers.

4.2. In a locked cabinet on private premises

We need to write notes when we meet with you. Some assessments and forms are also hand written. These notes, assessments and forms are a necessary part of our therapeutic services and help us to create our report. The paperwork is stored in a locked cabinet.

4.3. In a cloud-based accounting package

We use a cloud-based accounting package called FreeAgent. The company that provides the accounts software is based in the UK and is GDPR compliant.

5. How long do we keep the information?

  • Any enquiries which did not develop into confirmed work, will be deleted after 6 months.
  • Paper notes, assessments and forms will be kept for a maximum of 6 months after the report is completed or therapy has ended. Once they have been scanned and saved securely to our database, the paper copies will be shredded using a secure shredding service.
  • Videos and audio recordings will be kept for a maximum of 6 months after the report is completed or therapy has ended. After this they will be deleted.
  • We keep your Patient Record (which includes any reports, notes and assessments) for seven years (or seven years after the age of 18). This is the guideline given by the British Psychological Society (BPS). After this it will be deleted.
  • We keep your electronic invoice for seven years as this is the required length to comply with the HMRC requirements. After this it is deleted.

6. Who do we send the information to?

Shortland Psychology will not share any information about you with other organisations or people except in the following situations:

  • Consent: We may share information with relevant medical professionals or others whom you have requested or agreed we need to contact
  • Serious harm: We may share your information with the relevant authorities if we have reason to believe that this may prevent serious harm being caused to you or another person
  • Compliance with law: We may share information when the law requires us to, for example, safeguarding, terrorism, serious crime
  • In the event of Dr Shortland’s death: A named colleague would be able to access the contact details to notify clients
  • Supervision: It is an ethical requirement for any clinician offering psychological services to have regular supervision. Any supervisor used is an accredited member of the relevant accredited body and works within their ethical framework

Video and audio recordings may be shared with an Associate Psychologist for coding or transcribing interviews, with a Supervisor or with the Lead Solicitor if requested by Court. Videos and audio recordings are sent via WeTransfer. WeTransfer is GDPR compliant, which means the content of videos is encrypted user to user i.e. From us to the lead solicitor. Once the files are safely stored, they can only be accessed using the unique links sent to sender and recipient.

If a Solicitor, Agency or Social Worker has instructed the work, we will communicate with them and will send updating reports. These updating reports will be sent as password-protected email attachments or via Egress (an email system for reports). Court Reports are sent to the Lead Solicitor electronically through a secure email system such as CJSM (a Government email system) or Egress. A Report to a privately-paying client would be sent as a password-protected email attachment.

Our Accountant has access to our accounts package (FreeAgent) to prepare our accounts. He is compliant with all applicable data protection regulations.

7. Your rights

You have the right to access your personal data – to rectify, erase or restrict your data – to object to the processing of your data – to request transfer of data (data portability).

Please contact Dr Shortland if you wish to do this.

If you wish to have your information corrected, you must provide us with the correct data and after we have corrected the data in our systems we will send you a copy of the updated information.

Where explicit consent has been provided, this may also be withdrawn in writing to: Shortland Psychology, KBSP, Harben House, Harben Parade, Finchley Road, London, NW3 6LH

If you want to have your data removed we must determine if we need to keep the data, for example in case HMRC wish to inspect our records. If we decide that we should delete the data, we will do so without undue delay.

8. Will we send emails and text messages to you?

As part of providing our service to you, we may communicate with you via email or text message. We need to send details of your appointments to you and may need to discuss your therapy between appointments. Personal data is not stored in our email account or on a mobile phone. We will not send emails or text messages to you about marketing or additional services.

9. What happens to your data if Dr Shortland dies unexpectedly?

In the event of Dr Shortland’s unexpected death, an Associate would take responsibility of her work, including current cases and all previous records. This would ensure that your data remained secure and protected and that data was deleted at the appropriate time.

We are committed to reviewing our policy and good practice annually. Changes and updates to the Privacy Policy will be available on the website.