GDPR Privacy Policy
We have updated our terms and conditions alongside our data protection policy adhering to the newly developed EU General Data Protection Regulation (GDPR). For further information please visit: https://www.eugdpr.org
Woodbridge Clinical Psychology aims to be as clear as possible about how and why we use information about you and your chid so that you can be confident that your privacy is protected. This policy describes the information that Lydia collects when you work with us. This information includes personal information as defined in the General Data Protection Regulation (GDPR) 2016 and the subsequent UK Data Protection Bill 2018.
The policy describes how we manage your information when you use our services, if you contact us or when we contact you. It also provides extra details to accompany specific statements about privacy that you may see when you use our website.
Woodbridge Clinical Psychology uses the information we collect in accordance with all laws concerning the protection of personal data, including the Data Protection Act 1998 and the GDPR 2016. As per these laws, Lydia Bell is the data controller;
Lydia@lydiajbell.co.uk Telephone Number 01394 617680
Framfield Medical Centre
Ipswich Road
Woodbridge
IP12 4FD
If another party has access to your data we will tell you if they are acting as a data controller or a data processor, who they are, what they are doing with your data and why we need to provide them with the information. If your questions are not fully answered by this policy, please contact our Data Protection Officer.
Lydia@lydiajbell.co.uk Telephone Number 01394 617680
Framfield Medical Centre
Ipswich Road
Woodbridge
IP12 4FD
1. Why do we need to collect your personal data?
We need to collect information about you so that we can:
• Know who you are so that we can communicate with you in a personal way. The legal basis for this is a legitimate interest.
• Deliver services to you. The legal basis for this is the contract with you.
• Process your payment for services. The legal basis for this is the contract with you.
• Verify your identity so that we can be sure we are dealing with the right person. The legal Basis for this is a legitimate interest to prevent identity theft and ensure we provide services to the correct person.
2. What personal information do we collect and when do we collect it?
For us to provide you with services, we need to collect the following information:
• Your name and your child’s name.
• Your contact details including a postal address, telephone number(s) and electronic contact such as email address.
• Relevant educational provision
• Your child’s GP and/or additional healthcare provider
• Clinical Information
We collect this information directly from you. If you do not provide us with this information we are not able to provide you with our services. We may also collect information about you from third parties; for example, if we need to gather information from another health professional (such as your Doctor) to provide a complete health assessment.
3. How do we use the information that we collect?
We use the data we collect from you in the following ways:
• To communicate with you so that we can inform you about your appointments with us we use your name, your contact details such as your telephone number, email address or postal address
• To deliver the correct service to you we use your name, your contact details and the details about your healthcare plan
• To create your invoice we use your name and email address
• To process your payment, we use your BACS payment details
• To optimise our website so that users can find the information they need
4. Where do we keep the information?
We keep your information in the stores described below. Please note that we do not store your payment card details in any of our systems; these are passed straight through to our payment provider, via your BACS payment system.
4.1. On our company computers
We use personal computers that are located in our office and clinic premises. The computers are password protected and the hard drives are encrypted. Passwords are stored securely and are not shared. We do not use Dropbox, Google Drive or any other cloud service to store your data.
Your client record:
We use a Mac computer program that stores the information on a computer in our office.
Your report:
We create a report that contains pertinent information that we gather and our findings and conclusions.
4.2. In our accounts package
We use an independent UK based accounting firm. No data is sent electronically. The company that provides the accounts software has stated that they are compliant with GDPR.
4.3. As a paper copy
We take hand written notes when we meet you. These notes are used to create the report that we provide to you. Paper copies are destroyed once pertinent information is added to our computer record.
5. How long do we keep the information?
We keep electronic invoices for seven years as this is the required length to comply with the HMRC requirements. After seven years we delete the invoices. Clinical records will be held electronically for children until their 25th birthday in accordance with British Psychological Society advice.
6. Who do we send the information to?
We send your report to you and anyone we are required by law to inform. All reports are sent through the postal system. Any reports that are sent electronically are sent as attachments that are encrypted and password protected.
7. How can I see all the information you have about me?
You can make a subject access request (SAR) by contacting the Data Protection Officer. We may require additional verification that you are who you say you are to process this request. We may withhold such personal information to the extent permitted by law. In practice, this means that we may not provide information if we consider that providing the information will violate your vital interests or affect the rights of others
8. What if my information is incorrect or I wish to be removed from your system?
Please contact the Data Protection Officer. We may require additional verification that you are who you say you are to process this request. If you wish to have your information corrected, you must provide us with the correct data and after we have corrected the data in our systems we will send you a copy of the updated information in the same format at the subject access request in section 7.
9. How can I have my information removed?
If you want to have your data removed it is our duty to determine if we need to keep the data, for example in case HMRC wish to inspect our records. If we decide that we should delete the data, we will do so without undue delay.
10. Will we send emails and text messages to you?
As part of providing our service to you, we may send your report to you via email. The report will be encrypted, and password protected. Also, as part of this service, we need to send details of your appointments to you. To protect your information, we prefer to use an end-to end encrypted messaging service. If you are not able to use such a service, we may use SMS (text messages); however, this does increase the risk of someone intercepting the message.