Sarah James Therapy

Privacy policy


I am fully compliant with current GPDR legislation and will let you know how I use and protect the data you’ve given me. GDPR replaces the previous Data Protection Act. I wish to be transparent with regard to the processes I have in place. Identifiable information, if shared, will only be used in accordance with this privacy statement. I follow guidance from my governing bodies, the BACP and my insurance company.

Data processing
As a private practitioner, I am a data processor and controller in my practice. As the data controller, I process some of your personal data. During the assessment process information such as next of kin, family members and medication are gathered and held. This is anonymised, coded and securely stored. No one but me can access this information.

Data Processing means obtaining, recording or holding information. The definition is very wide, and most of what I do involves a degree of processing. I process the personal data I have collected as controller. I maintain records of personal data and processing activities and hold responsibility should there be a breach.

Consent
This is a primary concern and is separate to other terms and conditions. As my client, you can withdraw consent at any time. I hope to offer you choice and control. I will never use any of your data for writing, publishing, research or training purposes without your written consent, separate to this general consent.

I have ongoing supervision to support and ensure my practice is safe, which is a requirement of my governing body, the BACP. When I share client material this is always done confidentially, protecting your identity. I name my own supervisors in my supervision agreement to be transparent to those I supervise. Nobody but me has access to any of your data. I will keep this process under review and refresh it if anything changes.

Note keeping
I do not keep process notes. When I decide to do so I shred and dispose of this confidential material as soon as possible, often after supervision. I keep minimal content notes which I hold for seven years. After this time frame, they are disposed of securely. You have a right to see the information I hold about you should you wish to. You have a right to change any information which you consider to be incorrect. You can also ask me to delete all/any of the information that I hold. There are however some details I need to keep due to legal and professional obligations.

Data storage
I promise to keep all sensitive data safely. This involves my anonymising, using passwords and encrypted documents. I keep all sensitive data in my private practice. I dispose of data after seven years for financial purposes, or after current supervision. I dispose of emails on a current or annual basis.

While we work together I will store your name and phone number and email address on my smartphone. My website contact page wilI give me your email address and any information you chose to share with me when you first contacted me. I only contact you in response to you or concerning appointments. When we discontinue working I will delete your number, and email address. I do not engage with clients through any social media.

In the event of a complaint
Please contact me directly. And if we cannot resolve this you could then contact the Information Commissioner Office (ICO). I am registered with them and my reference is ZB874734. https://ico.org.uk/concerns/handling/ or Guidance for GDPR Compliance.

Clinical will
In the event of a sudden cessation of practice, for example through an accident, illness or death, I have appointed a professional executor to manage my caseload on my behalf. This is arranged for your welfare as my client and every step is taken to ensure GDPR standards are met.