This policy aims to be as clear as possible about how and why your information is used, so that you can be confident that your privacy is protected. It describes how personal data is collected, handled and stored to meet with data protection standards and to comply with the law.
If you have any questions please do not hesitate to contact the data controller.
You have the right to withdraw your consent at any time.
The General Data Protection Regulation (GDPR) Compliancy
I am committed to ensuring that your privacy is protected and that information is used in accordance with all laws concerning the protection of personal data, including the Data Protection Act 1998 and the GDPR 2016 .
Should I ask you to provide certain information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement and/ or specified reasons as outlined in the Terms of Engagement in Occupational Therapy Assessment, Consultation and Therapy.
Name and Contact Details of the Data Controller:
Name: Rhona McAlpine
Secure email: Egress account
Why we Collect and Process Your Data
Consent – I will always ask for your consent and relevant consent of others as required to process your data in order to provide therapy services.
Professional obligations - I keep certain data so that I can work safely and professionally with you, in line with the guidelines of professional organisations that I belong to, including RCOT and HCPC.
How and What Information is Collected About You:
I may collect the following information by email, telephone call, electronic questionnaires / forms, or in person:
Date of Birth
Contact details (phone, email, address, videocall details)
Parent / Legal Guardian names and contact details
Diagnosis and circumstances
Names of professionals and contact details
Professional reports or healthcare records
Emails/message correspondence from me to you, you to me
Therapy records by Rhona McAlpine including reports, assessments and session notes
Quotations, invoices and receipts.
You have the right to view this information, and to ask for changes to be made.
What I Do with the Information I Gather and What it is Used For
Professional record keeping of client information;
Recording the initial assessment;
Provision of occupational therapy services and intervention;
Sharing your information with relevant parties when necessary.
Financial records - Banking transactions may be viewed by employees of the bank, my accountant, accounting software apps, my financial advisor, and tax officers (HMRC). When payment is made via BACS, your account name or reference or details of person making payment may show up on my online or paper bank statements. You have the right to discuss alternative payment options with me.
Client specific information will be also specified in the Terms of Engagement.
I may use the following applications in relation to working with you, please see below the links for their website and privacy notices in relation to how they may use your data.
Egress email: https://www.egress.com/legal/privacy-policy
Skype / Microsoft Teams video calling: https://privacy.microsoft.com/en-gb/privacystatement
If you have given your consent to us processing your data, you have a right to withdraw your consent to any further processing.
You have the right to request data be transferred to another organisation.
If you wish to withdraw consent or request a transfer, please email firstname.lastname@example.org
How You Can Access Your Information
You may request details of personal information which I hold about you under the General Data Protection Regulation. If you would like a copy of the information held on you please email Rhona McAlpine (email@example.com). This may be facilitated in a therapy session.
How Long I Keep Your Information For
The Regulation does not set out any specific minimum or maximum periods for retaining personal data. Instead, it says that: Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
See this link: https://ico.org.uk/for-organisations/guide-to-data-protection/principle-5-retention/.
I will retain personal data in accordance to each individual client. This will be specified in your Terms of Engagement.
I will retain financial data for the current year plus six years as advised by HMRC.
Once retention period has expired, data is destroyed under confidential conditions.
I am committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, I have put in place highly secure electronic systems on computer and phones and procedures to safeguard and secure the information I collect. All Client files and therapy notes are kept secure in a locked filing cabinet.
I have a secure email in place as specified in this document. This ensures end-to-end encryption. It is an encrypted email system called Egress.
I will always password protect electronic documents that are sent via email.
I will meet GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments. I will inform you and relevant persons of any breeches.
Disclosing data for other reasons
In certain circumstances the Data Protection Act allows data to be disclosed (including sensitive data) without the data subjects consent.
• Carrying out a legal duty.
• Protecting vital interests of a Data Subject or other person.
• If the data subject has already made the information public.
• Conducting any legal proceedings, obtaining legal advice or defending any legal rights.
• Monitoring for equal opportunities purposes – i.e. race, disability or religion.
• Providing a confidential service where the data subject’s consent cannot be obtained or where it is reasonable to proceed without consent: e.g. where we would wish to avoid forcing stressed or ill data subjects to provide consent signatures.
Under these circumstances, Rhona McAlpine will disclose relevant data. However, all reasonable steps will be taken to notify the individual whose data is being disclosed about the disclosure. Such data request must be legitimate, reasonable and necessary
Audits and Inspections
I will submit to audits and inspections, providing all necessary information to ensure it meets the Article 28 obligations, always cooperating with supervisory authorities (such as the ICO).
Right to Complain
If you have a concern about our information practices, you have a right to complain. You can do so by contacting Rhona McAlpine at firstname.lastname@example.org or the Information Commissioner’s Office on 0303 123 1113 or by visiting www.ico.org.uk
Rhona McAlpine reserves the rights to update this policy accordingly, all clients will be notified of any changes in relation to the policy and may be asked to re-sign updated copies.