Privacy Policy

This policy explains what personal information I keep, how I use it and how I keep it secure.

I comply with the Data Protection Act 2018 and the General Data Protection Regulations (GDPR). I am a registrant of the Information Commissioners Office (ICO). ‘Data controller’ is the term used to describe the person/ organisation that collects, stores and has responsibility for people’s personal data. In this instance, the data controller is me, Mairi Summers.

In line with the principles of GDPR I aim to record as little personal information about you as possible. I only process the data I do so that I can provide clients with therapy, supervision and any other agreed services. To do this effectively I need to record contact details to get in touch regarding appointments. For therapy and supervision clients, I also need to keep a record of sessions and brief session notes for the purpose of helping me remember themes in our work. The lawful basis, under GDPR, under which I hold and process this personal data is “legitimate interest”.

Personal data and your rights

Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. Examples of personal data I may hold about you include your contact and appointment details.

You have the right to ask me to delete your personal data, to limit how I use your personal data, or to stop processing your personal data. You also have a right to ask for a copy of any information that I hold about you and to object to the use of your personal data in some circumstances. You can read more about your rights at ico.org.uk/your-data-matters.

To make a request for any personal information I may hold about you, please put the request in writing addressing it to hello@innersoundarttherapy.com

Sharing personal data

If we agree to work together, I will ask you to share with me your contact details (name, email address and telephone number). I will only use these details to provide the agreed service and for no other purpose. I will also ask for the details of an emergency contact, usually your GP, to hold on file should there be immediate and serious danger to yourself where I believe someone else should be notified to help keep you safe. It is a choice if you want to give me these details or not. On the rare occasions where I might consider using these details I will always try to discuss this with you first, unless there are significant safeguarding or risk issues that prevent this.

There may be times where you may want another professional or organisation to share information with me about you, or for me to share information about you with them. This could include me writing a letter or report confirming the service you receive from me. Any sharing of this type of information about you will only happen with your consent. Any letters or reports I may write about you will be seen by you first, with an opportunity for you to ask me to correct anything, before they are shared. Any such information shared electronically will be transferred securely to protect your privacy.

There are limited circumstances in which I might also need to share your information which could include:

  • in the case of my sudden death or incapacitation, contact details – but not client notes – would be used to inform current clients.

  • with the relevant authority such as the police or a court, if necessary for compliance with a legal obligation to which I am subject e.g. a court order.

  • with the police or a local authority for the purpose of safeguarding children or vulnerable adults.

  •  with my regulatory body HCPC and/or with Howden Insurance Services in the event of a complaint or a claim being brought against me.

  • my solicitor in the event of any investigation or legal proceedings being brought against me.


Financial data
I keep financial information including bank statements for 7 years as advised by HMRC. If you pay me via BACS, please be aware that your account name and reference may be viewed by employees of the bank.
 

Data Storage

Any documents that hold data about you will be stored securely to protect your privacy. Information held electronically will be stored in password protected files held on secure devices that only I have access to and any paper documents will be kept in locked storage cabinets. I may carry a paper diary to keep track of appointment times, which indicates initials against times. No other identifiable information is recorded alongside this. If you are someone who uses the phone to contact me, for the duration of our work, I will also save your telephone number under your Initials.

After we have finished our work together, as per my insurer’s recommendations, I will also keep basic records (name, dates of sessions, minimal session notes) for 6 years after our sessions have ended. If our work together began before your 18th birthday, I will keep these notes until 6 years after your 18th birthday. After these periods of time they will be confidentially destroyed.

To store information I currently use iCloud, which is password protected and has two factor authentication. I record brief session notes for the purpose of helping me remember our sessions. I also use this to record sessions attended and missed. Your contact details are also held in my iCloud account.  iCloud GDPR privacy info here.

User of the website / Use of cookies

None of your personal date is stored on my website. When someone visits www.innersoundarttherapy.com, Squarespace collects standard internet log information and details of visitor behaviour patterns, this is to monitor the number of visitors to the various parts of the site. This information is processed in a way which does not identify anyone. This website uses Cookies. A Cookie is a small text file that stores on your computer when you are browsing a webpage to collect information regarding your preferences and tailor the website experience to you. Cookies do not collect any personal information. You can change the settings in your browser if you want to disable cookies. For a list of the cookies used on this site please see here.

Online Appointments

I use Zoom as a secure platform for videocalls. You can read Zoom’s GDPR policy here. Our meeting link will be saved as your first name and does not contain any identifiable information. You do not need to have an account to join the zoom meeting.
If Zoom is inaccessible to you, we can discuss other options.

Complaints and changes

If you have any complaint about how I handle your personal data, please do not hesitate to get in touch with me by email. I welcome suggestions for improving my data protection procedures. If you want to make a formal complaint about the way I have processed your personal information you can contact the ICO which is the statutory body that oversees data protection law in the UK. For further information go to ico.org.uk/make-a-complaint.

Whilst we are working together I will make you aware of any changes to my privacy policy via email, and any changes will also be updated to the relevant page of my website.