This website is operated by Dr Rachel Lee of North Star Psychology Ltd. Your privacy is very important, so please read this policy carefully for information about the personal information that will be collected about you, ‘you’, as a past, present, or future service user, what North Star Psychology Ltd does with your information and who your information may be shared with.
What is the General Data Protection Regulation (GDPR)?
General Data Protection Regulation (GDPR) is a regulation in UK and EU law on data protection and privacy that came into effect from 25 May 2018. The aim of the GDPR is to protect the privacy of all EU citizen’s data privacy and bring together data privacy laws across Europe. The GDPR applies to all organisations or persons that process or collect personal information. You can find out more about the GDPR on the Independent Commissioner’s Office website.
Dr Rachel Lee is the data controller for “North Star Psychology”. Associate staff (psychologists and other clinicians or therapists) who might take on referrals and co-working with “North Star Psychology” will be additional data controllers for the clients they work with.
At “North Star Psychology” we are committed to protecting your rights to privacy. They include:
· Right to be informed about what we do with your personal data
· Right to have a copy of all the personal information we process about you
· Right to rectification of any inaccurate data we process, and to add to the information we hold about you if it is incomplete
· Right to be forgotten and your personal data destroyed
· Right to restrict the processing of your personal data
· Right to object to the processing we carry out based on our legitimate interest.
Reasons for collecting and processing information about you
“North Star Psychology” may collect information about you because you are a client (or potential future client) of the company. Dr Rachel Lee will process the data because it is in her legitimate interest as a clinical psychologist to do so. Psychologists need to see and analyse information about you, and any relevant documents containing information about you, in order to provide expert advice, to carry out an assessment or to deliver and monitor psychological intervention.
Another lawful reason for processing your data may be Legal Obligation. If “North Star Psychology” is processing “special category data” about you, this is their second lawful reason to do so. This is likely to apply in regards to a litigation claim. As a client or patient of “North Star Psychology”, their lawful reason for processing “special category data” is that it is necessary for the purposes of the provision of health or social care or treatment.
What type of personal data is collected and processed?
North Star Psychology Ltd receives, collects and stores any information you enter on our website or provide in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page.
North Star Psychology collects information about you that may include personal or sensitive information, such as:
· Personal information: name or given name, family name or surname, address, telephone numbers, date of birth, gender (or preferred identity), age, relationships and children, occupation, telephone/SMS number, email address, video conference ID (if online therapy), GP contact details, school details (for children).
· Sensitive information: medical conditions (if relevant), prescribed medication, psychological history and current difficulties, sexuality, financial information, including bank account details (if you are a private patient);
· Sensitive personal data: signed therapy client agreement, therapy records (therapist notes, letters, reports and/or outcome measures).
To make sure that you are assessed and/or treated safely and appropriately, “North Star Psychology” records your personal information, as well as all contacts you have such as appointments and the results of assessments and letters or reports relating to your care. “North Star Psychology” will also process personal data pursuant to legitimate interests in running the business such as invoices and receipts, accounts, VAT and tax returns as necessary.
How will you collect my personal information?
North Star Psychology Ltd will collect your personal information from the information you enter on to the website: www.northstarpsychology.co.uk, over the telephone, or via email when you make you make your initial enquiry. During your initial consultation and any subsequent therapy sessions data will be collected in order to assist the process of therapy. Data will also be collected in relation to the running of the business (e.g. creating invoices and receipts).
Web access collection of information
The web services used by North Star Psychology are GDPR compliant. Consultations and appointments are booked via the Calendly app, when you book an online appointment in Calendly this also creates an individual appointment in Zoom. Calendly and Zoom are companies that are based in the USA. When you book your appointment, the personal data that you enter will be shared with Calendly and Zoom. As these companies are based in the USA, data will be transferred out of the UK
Dr Rachel Lee.
What are cookies? Cookies are simple text files that are stored on your computer or mobile device by a website’s server. Each cookie is unique to your web browser. It will contain some anonymous information such as a unique identifier, website’s domain name, and some digits and numbers.
What types of cookies do we use? Necessary cookies Necessary cookies allow us to offer you the best possible experience when accessing and navigating through our website and using its features. These cookies do not collect data that could be used for marketing.
Functionality cookies Functionality cookies let us operate the site in accordance with the choices you make.
Analytical cookies These cookies enable us and third-party services to collect aggregated data for statistical purposes on how our visitors use the website. These cookies do not contain personal information such as names and email addresses and are used to help us improve your user experience of the website.
How your personal information is stored
“North Star Psychology” takes your privacy very seriously. “North Star Psychology” is committed to taking all reasonable steps to protect any individual identifying information that you provide to them. Once your data is received, “North Star Psychology” makes its best effort to ensure its security on our systems. All personal information provided is stored in compliance with EU General Data Protection Regulations rules.
How long your personal information is stored for
“North Star Psychology” does not keep your data for longer than is necessary. Basic contact information held on a therapist’s mobile phone is deleted within 6 months of the end of therapy and the sensitive personal data defined above is stored for a period of 7 years after the end of therapy. After this time, this data is deleted at the end of each calendar year. Administrative data is retained for up to six years as necessary, in the unlikely event there are queries from HMRC and the VAT commissioner. Where it is not necessary to retain the data for six years, it is destroyed as soon as possible.
What we do with your personal information
“North Star Psychology” only uses your personal information to provide the services you have requested from us. If you do not provide the personal information requested, then it may not be possible to provide a therapy service to you. “North Star Psychology” uses the information collected to provide services to you, process payment for such services and send you information.
Who personal information may be shared with
North Star Psychology holds information about clients and the therapy they receive in confidence. However, in some circumstances “North Star Psychology” may need to share information and liaise with other parties, as outlined below:
If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then we will share appointment schedules with that organisation for the purposes of billing. “North Star Psychology” may also share information with that organisation to provide treatment updates.
In cases where treatment has been instructed by a solicitor or a rehabilitation agency, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.
· In exceptional circumstances, “North Star Psychology” might need to share personal information with relevant authorities:
o When there is need-to-know information for another health provider, such as your GP.
o When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.
o When the information concerns risk of harm to the client, or risk of harm to another adult or a child.
North Star Psychology will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else.
What North Star Psychology will NOT do with your personal information
“North Star Psychology” will not share your personal information with third-parties for marketing purposes.
How the security of personal information is protected
Personal information is minimised in phone and email communication. Sensitive personal data will be sent to clients in an email attachment that is password protected. “North Star Psychology” will never use open or unsecure Wi-Fi networks to send any personal data. Personal information is also stored electronically. Information used to book appointments is stored in Calendly and Zoom. Personal information connected to consultations and treatment is stored within practice management software (Write Upp) and / or cloud-based password-protected Onedrive files on a computer owned by ‘Dr Rachel Lee’. Any computers used by North Star Psychology are password protected. Malware and antivirus protection is installed on all computing devices. Mobile devices are protected with a passcode/face recognition scanner. Any hard copies of personal information are stored in locked cabinets.
How will you communicate with me?
North Star Psychology Ltd may contact you to notify you regarding any enquiries you make, to arrange or follow-up on appointments, to send helpful information, to troubleshoot problems, to resolve a dispute, to collect fees or monies owed, to gain your feedback, to send questionnaires as part of therapy, to send updates to subscribers about forthcoming events, or as otherwise necessary in order to offer a helpful service to you. For these purposes we may contact you via email, telephone, text messages, or postal mail.
Your right to access the personal information “North Star Psychology” holds about you
You have a right to access the information which is held about you. This will usually be shared with you within 30 days of receiving a request. There may be an admin fee for supplying the information to you. Further evidence from you to check your identity will be requested. A copy of your personal information will usually be sent to you in a permanent form (that is, a printed copy). You have a right to get your personal information corrected if it is inaccurate. You can complain to a regulator. If you think that “North Star Psychology” has not complied with data protection laws, you have a right to lodge a complaint with the Information Commissioner’s Office (ICO). North Star Psychology reserves the right to refuse a request to delete a client’s personal information where this is therapy records. Therapy records are retained for a period of 7 years in accordance with the guidelines and requirements for record keeping by The British Psychological Society (BPS; 2000) and The Health and Care Professions Council (HCPC; 2017). More information about GDPR can be found at the following weblink: https://ico.org.uk.
Dr Rachel Lee’s ICO registration number is ZB058621
How can I find out more information?
If you have any questions about this policy or the information North Star Psychology Ltd holds about you, please contact Dr Rachel Lee.
Image by Unsplash