My GDPR agreement sets out how any personal data I collect from you, or that you provide to me, will be stored and processed confidentially.

How I gather your personal information

·        Information that you provide by emailing me or by completing a contact form via my website and via various therapy directories and platforms (Psychology Today), or by phone to request further information about my Clinical Psychology service.

·        Information that you provide when booking an appointment via acuity scheduling, my online scheduler.

·        The pre-therapy CORE outcome measure

·        Session notes handwritten in session

·        Regarding online therapy, I use the platform  Zoom. All these platforms are securely encrypted. Zoom has the facility to record sessions which I will not use without your written permission.

Where I store your personal data

·        Any data stored electronically is always accessed from my personal computer which is password protected and never left unlocked when it’s unattended.

·        Personal data that I collect from you via any form of contact by computer or phone will be kept securely on online systems that are password protected and encrypted:

• my google account (calendar bookings)
• acuity scheduling (appointment scheduling)
• zoom (online sessions)
• paypal (payment online)
• quickbooks (online accounting software).

·        The CORE form is stored on my computer in my Google account which is password protected.

·        Letters to other professionals regarding your care or summaries of our sessions are kept on my OneDrive account, which is password protected.

·        Letters to other professionals regarding your care or summaries of our sessions are emailed via a secure email server Egress or sent by royal mail post marked private and confidential.

·        The brief session notes are kept in a locked filing cabinet in my clinic room.

·        I do not store your phone number in my contacts directory.

·        I take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Uses made of the information

·        I use your contact details to allow me to provide you with information of the service that you request from me, to allow you to tell me about changes in your availability and to notify you about changes to my availability and any other relevant administrative changes.

·        I use the brief session notes to carry out my obligation arising from the agreement entered into between you and me regarding therapeutic intervention.

·        As part of my commitment to providing a professional service, I attend supervision regularly. This is bound by a confidentiality contract (separate to this policy) and to protect your identity I only use your first name and refrain from providing other personal details which may identify you.

How long I keep your information/notes for

·        I will retain your contact details, pre-therapy questionnaire and brief sessions notes for as long as we are working together.

·        After therapy has finished, I will retain these documents for a further seven years in case you decide to return to therapy with me, and which is also a requirement of my indemnity insurance and my professional code of conduct (British Psychological Society), and then after which the documents will be destroyed and data permanently deleted.

Your rights

·        You are entitled to view, amend, or delete the personal information that I hold. All requests have a month to be carried out.

In the event of a data breach

·        I have a legal obligation to report a data breach to you and the Informations Commissioners Office (ICO) within 72 hours.

Disclosure of your personal information

·        In the event of my incapacity or death your personal contact information will be disclosed to my two clinical executors of my Professional Will so that they can notify you. In the event of my death my executors will also destroy all contact information and notes on my computer.

·        If I am under a duty to disclose or share your personal data in order to comply with any legal obligation. For example, if I am subpoenaed to court, or as a legal requirement such as safeguarding children or vulnerable adults, terrorism or money laundering.

Changes to the GDPR agreement

·        I will notify you of changes I may make to this privacy policy in the future.

Consent to the GDPR agreement

Your use and undertaking of the services of Compassionate Cambridge and / or Dr Kate Brierton constitutes your approval and acceptance of this agreement, and are consenting to my use, and storage of your personal information, you have disclosed to me, as detailed above. You have the right to withdraw your consent at any time.