Berkshire Independent Psychology Services Limited
Privacy Policy

This Privacy Policy applies to Berkshire Independent Psychology Services Limited (referred from here on by our Trading Name ‘Berkshire Psychology’). We understand that it is important to you how information about you is used, stored and shared and we assure you that we take your privacy and confidentiality very seriously.

This privacy policy describes how Berkshire Psychology collect, store, process and share the information you provide and are asked to provide for the purposes of our work together, as well as your rights in relation to the information collected, processed and shared.

In order to respond and process any enquiries from you, we require you to agree to the conditions set out in this privacy policy. This statement will be regularly reviewed and updated.

This privacy policy was last updated on the 16th May 2022.

If you have any questions about this privacy policy, please email: admin@berkshirepsychology.co.uk. Berkshire Psychology Limited is registered with the Information Commissioner’s Office (ICO), registration number: ZB334879

How We Collect Data?

We will use a number of methods to collect data about you to enable us to provide the services you have enquired about or requested from us, including:

  • Website: We will collect personal data and technical data from you when you use our website, including use of the contact form.
  • Telephone: We may telephone you and other people connected to your care to gather information as part of our assessment, intervention, supervision, consultation and training services.
  • Text and Email: We may use email to communicate with you and other third-parties connected to your care. We may use text messages for the purposes of communication with you, for example, about appointment reminders.
  • Face to face: We will meet face-to-face with you and other parties connected with your care and take written and/ or electronic notes to inform our work.
  • Written Communications: We may use other forms of written communication, including letters and email to communicate with you and others connected with your care. We may also ask you to complete forms as part of our assessment, intervention, supervision, consultation and training services.
  • Third-party sources: We may collect personal data about you from third-parties connected with your care, for example, other health and social care providers. We may also use search analytics providers to provide us with personal data about individual’s accessing our website.

What Data We Gather?

We collect information about you and/ or your child to enable us to work with you safely and effectively in providing the clinical services we offer and also to ensure efficient appointment and payment processes. We will gather personal data about you to enable us to fulfil these service needs, including:

  • Identity data: Personal details including your name, address, date of birth and gender.
  • Contact data: Including your postal address, billing address, email address, contact telephone number(s).
  • Other data: Including General Practitioner (GP) details, health and social care support agencies (including voluntary and statutory services), details of educational and occupational history, details of private health insurance providers (where relevant).
  • Financial data: Including bank details and payment/transaction information.
  • Technical data: As required for accessing and providing information through our website.

The nature of our work with you means that we will also need to gather, store and potentially share sensitive personal data about your and / or your child’s psychological and physical wellbeing, mental health, relationships, life events, diagnoses, medical and other forms of treatment and forensic/criminal history. We gather this information as is relevant for the purposes of our agreed work with you and to offer you the services you have sought from us.

How We Use The Data We Collect From You?

We will only collect data from you that is necessary and relevant to offering you the services that you have sought from us, for example, neurodevelopmental assessments, psychological assessments and/ or therapy, training, consultation and supervision. Collecting this data helps us to:

  • Find out if we are the right service to help you.
  • Contact you to set up assessment, therapy, training, consultation or supervision.
  • Conduct a thorough assessment.
  • Provide appropriate recommendations for follow-up.
  • Invoice you for services provided.
  • Communicate with relevant third-parties to support you post-diagnosis.
  • Please also see our Terms and Conditions for information about when we may need to share information without your prior consent.

The nature of our work with you and the information we collect, store, process and must have a lawful basis. The lawful basis for collecting, storing, processing and sharing your personal data relates to ‘legitimate interest’ and the ‘provision of health treatment’. You can find out more about the lawful basis for personal data collection on the ICO website (www.ico.org.uk).

Controlling The Information We Hold About You

Any personal information we hold about you is stored and processed in line with the Data Protection Act (DPA, 1998) and the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679) adopted on 27th April 2016 and enforceable from 25th May 2018.

Your data will be kept for the duration of your work with us. When we end our work together, we will continue to store your data using the methods outlined in this policy for seven years from the date of our last contact with you as a client of Berkshire Psychology. Berkshire Psychology has the right to retain your data for this seven-year period so that we can respond effectively to any questions or complaints that may later be raised by you and/or your representatives. You have the right to ask for your information to be erased after the period of seven years but not before then. After the seven-year period, Berkshire Psychology will erase (delete) the information we held about you securely.

Security

We will always store and process the information we collect about you securely. Specifically, this includes:

  • All client records, including personal data and sensitive personal data will be held on a secure, GDPR-compliant electronic system.
  • Any paper records kept will be kept secure in a locked filing cabinet.
  • Any clinically relevant email correspondence from/with you will be uploaded to the secure electronic system.
  • We will share sensitive and confidential information about you (for example, reports) via secure message/email systems and/or password-protected documents.
  • Access to your personal information is restricted on a ‘need-to-know’ basis only, i.e. for those concerned directly with your care.

In the unlikely event of a data protection breach, we will notify the Information Commissioner’s Office (ICO) so that the appropriate procedures can be followed.

Data Accuracy

It is important that the information, including personal data (for example, name, contact details, support network details) and sensitive personal data we hold about you is accurate. During the course of your work with us, if your personal data changes, please notify us at the earliest opportunity to enable us to update the information to ensure accuracy and that our records are up-to-date. This is necessary for both data protection and safety/safeguarding purposes. 

Accessing Your Information

All individuals whom Berkshire Psychology collect, store and process personal information about as a client/user of our services are entitled to:

  • Ask what information Berkshire Psychology holds about them and why.
  • Ask how to gain access to this information.
  • Be informed about how it is kept up-to-date.
  • Be informed about how Berkshire Psychology is meeting data protection regulations.

If you would like to request a copy of the data we hold about you, this is called a Subject Access Request (SAR). Subject Access Requests should be made in writing to the Data Protection Lead at Berkshire Psychology (jennymurray@berkshirepsychology.co.uk). We will aim to provide relevant data within 30 days of receipt of the Subject Access Request (SAR). We will always verify the identity of anyone making a Subject Access Request before disclosing any data.

Berkshire Psychology may use the services of other professionals who, in the service of their work, may access your data for the same legitimate interests. For example, we may work with and/or employ other professionals (including, but not limited to) Associate Psychologists and Allied Health Professionals, Assistant Psychologists and Administrative Staff who also adhere to the General Data Protection Regulations.

Sharing and Disclosing Data

We may share your personal data, including sensitive personal data with other individuals, agencies and third-parties for the purposes of providing safe and effective services to you. We will discuss and explain the rationale and purpose of sharing information with others with you and obtain your consent to this, where necessary. Please also see our Terms and Conditions for further details about the times when we may share your personal data, both with and without your consent.

In certain circumstances, Berkshire Psychology may be required to disclose personal data, including sensitive data without the data subject’s consent. These circumstances include:

  • Carrying out legal duty or as authorised by the Secretary of State.
  • Protecting the vital interests of a data subject or other person.
  • If the data subject has already made the information public.
  • Conducting any legal proceedings, obtaining legal advice or defending any legal rights.
  • Monitoring for equal opportunities purposes.
  • Providing a confidential service where the data subject’s consent cannot be obtained or where it would be reasonable to proceed without consent.

Under these circumstances, Berkshire Psychology will disclose personal data, including sensitive personal data deemed to be necessary for the particular purpose. We will, however, take reasonable steps to notify the data subject whose personal data is being disclosed about the disclosure, including the rationale for this and with whom the information is being shared. We will also ensure that any personal data sharing is legitimate, reasonable and necessary.

Your Rights

We are fully committed to protecting your rights to privacy. Under the Data Protection Act and General Data Protection Regulations (GDPR), you have certain rights in relation to the personal data collected, stored, processed and shared about you, including the rights to:

  • Request access to your personal data.
  • Request correction of your personal data.
  • Request erasure of your personal data.
  • Object to processing of your personal data.
  • Request restriction of processing of your personal data.
  • Request transfer of your personal data.
  • Right to withdraw consent.

If you wish to exercise any of these rights, please contact the Data Protection Lead at Berkshire Psychology (jennymurray@berkshirepsychology.co.uk). 

Third-Party Links

The Berkshire Psychology website may contain links to third-party websites and information. Clicking on those links may enable other third-party organisations to gather personal data about you. We do not control these third-party websites and are not responsible for their privacy policies and how they use your personal data once you have chosen to visit their website.

Complaints

If you are unhappy with any aspects of the way we collect, store, process and share the information about you, please contact the Data Protection Lead at Berkshire Psychology (jennymurray@berkshirepsychology.co.uk) so we can answer any questions you have and try to resolve the issue. You also have the right to complain to the Information Commissioner’s Office (ICO) which is the United Kingston (UK) supervisory authority for data protection issues. Please see: www.ico.org.uk for further information, if required.

Management of Information in the Event of Incapacitation or Death of Psychologist

In the event of incapacitation or death of the psychologist working with you, another allocated professional may be asked to access and manage information related to our work with you with a view to informing you of such an event, supporting you in the transition to another psychologist or service and ensuring continued safe storage and management of records. This psychologist also adheres to the GDPR principles and will only be shared if and when there is a legitimate need for them to access the information.

Further Information

You can find further, detailed information about the handing and protection of personal data on the Information Commissioner’s Office (ICO) website at: www.ico.org.uk

Email Communication

We may use email communication to liaise with you about practical details, such as appointment dates, times and changes. We kindly ask that you do not share sensitive personal information, such as details about your situation or that of another person via email. If we need to communicate information via email, we will use a more secure method, such as password-protected documents and/or secure email systems.

Accessibility

If you have any difficulties reading and/or understanding this privacy policy, please contact us and we will try to help you understand the information.

Online Appointments

Some of our work may be conducted via online video link using programmes such as Zoom and Microsoft Teams. We have taken reasonable steps to ensure the confidentiality of the sessions using this online platform, including the use of client-specific meeting links and a waiting room so all guests of the session are admitted by the host.

These sessions are not audio or video recorded (unless discussed and agreed with the client and clinician) and we would kindly ask our clients not to audio or video record the sessions without prior discussion, agreement and consent from the clinician they are working with.

Clients accessing our services must be able to access the sessions on an appropriate device and be able to set-up and protect the environment in which they access the online session(s) to maintain their confidentiality. For example, this means being able to meet for the specified time duration in a room/environment which is private, confidential and with no interruptions or distractions.

Updated: 16th May 2022