I, Stephanie Eddington am the Data Controller and Processor of Soul So Strong.
The basis on which I keep client data is that of “Legitimate Interests”. This means that the data is necessary for me to fulfil the contract that we have together (i.e. to provide therapy) and that it is data that you would reasonably expect me to hold and use.
For those who enquire about therapy, the data I hold includes any information you have sent me by email/text/message.
For those who book and attend at least one session, the data I hold includes:
- Basic information such as name, email address, phone number
- Information that you give me as part of the work we do together
- Records of what interventions that I use (or potentially do not use) in our sessions
- Emails, texts and/or PM messages that are sent between us
- Information sent from any third party, e.g. GP, insurance company, Employee Assistance Program
Health data is regarded as a special category of data by the General Data Protection Regulation. The condition for processing this special data is “processing is necessary for medical diagnosis, the provision of health care or treatment pursuant to contract with a health professional”.
Data is not shared with anyone, except possibly your GP, and for any reasons covered by the Requirements for Disclosure which are detailed and discussed when we first meet.
The data is primarily used to enable me to provide therapy for you. It may also be used scientific research purposes and statistical purposes.
Details of where data is held:
- Any emails sent between us are held either on my computer’s hard drive or if archived, in Dropbox which is secure cloud based storage which is itself GDPR compliant.
- Any texts/Facebook Private Messages sent between us (See Social Media and Electronic Information section) are held on my mobile phone which is biometric protected.
- Your notes are typed up and kept electronically on a password protected and secure laptop and hand written notes are destroyed once typed up.
- A client database is kept with name, address, telephone number and condition. I.e. Clinical, Phobia, Smoking Cessation. This file is password protected, and stored on my laptop which is again password protected. The use of the database allows me to quickly check if I have seen a client before allowing me to respond to my clients quickly. It is also used for statistical analysis.
- If you use PayPal or online banking then clearly these systems will hold your data.
Your data is kept for 5 years. The length of time is based on the stipulation of my insurer. After this time any paper records are shredded and computer records permanently deleted.
Soul So Strong takes the security of data seriously and as such:
- All data is held securely (see details of where data is held above)
- Any data transmitted is sent encrypted where possible
- For accounting purposes an accounts based software is used however no client information is used within this. It is in terms of general payment terms. Amount in amount out and not specific identifiable client information is used.
However:
- I am not in control of data (including emails and texts) which you send me
- Apps such as Facebook routinely access any information held and this is beyond my control.
If there is any breach of data security Soul So Strong will give full details to the Information Commissioners Office and any person affected within 72 hours of the breach and do all possible to minimise any potential impact.
You have rights with regards to the data held:
- You have the right to ask to see the information we hold about you. If you wish to see this please ask to view it in a session.
- You can ask us to change any information that we hold about you that is incorrect.
- You have the right to ask us to delete information that we hold about you, which we will do, except for that which we have a legal obligation to keep – for example, for our business tax purposes.