My name is Liz Armstrong and I am a Cognitive Behavioural Therapist running my own private practice, Open Minds, in Motherwell. For all intents and purposes, I am also a data controller and data processor at Open Minds which means that I decide how your personal data is to be processed and shared.
I take your privacy seriously and am committed to ensuring that your privacy is protected.
Any information collected by me, by which you can be identified when using this website, will only be used in accordance with this privacy statement.
I will never share your information with a third party for marketing purposes.
If you have any questions or concerns about how your data is processed or shared, you can contact me on 07449 684999 or by emailing firstname.lastname@example.org
The lawful basis for processing your data
A lawful basis for processing is how I justify the processing of your personal data.
I process your personal data in line with GDPR legislation (General Data Protection Regulation) (EU) 2016/679.
The lawful basis for processing your data is legitimate interests.
In order for me to fulfil my role as a CBT therapist, I may take during sessions and store these notes in your file. I will also create an electronic record of each session. My notes allow me to reflect on our sessions, and make good clinical judgment about your treatment and care, including developing a treatment plan and adhering to the treatment plan throughout the duration of your psychotherapy journey. I only use your data in ways you would reasonably expect, and which have a minimal privacy impact.
How do I collect information about you?
I obtain information about you in the following ways:
When you visit my website
When you enquire about my services via email and I reply to you via email, I cannot guarantee that your email, or my reply, is 100% secure. It is important that you understand that no data transmission over the Internet can be guaranteed to be 100% secure. If you wish to send me any documents via email and have any concerns about confidentiality and the data contained within your documents, I am happy for you to password protect your documents before sending them to me. You can either provide me with your password in a separate email, or phone me and provide me with your password over the phone.
Over the phone
If you choose to make contact with me over the phone, I may collect information from you as a prerequisite for inviting you in for an assessment (see below “What type of information is collected from you”?
Face to face
When you attend for CBT sessions, I collect and record data from you in order to get to know you, understand you, and help you overcome your difficulties.
During your initial session, I will ask you to complete an Intake form. This form will ask you to provide me with personal information, including your name, date of birth and address.
What type of information is collected?
I may collect some or all of the following personal information from you, either prior to your first session (usually by phone), or face to face, throughout the course of therapy:
• Contact details including email address
• Date of birth
• GP name and contact details
• IP address and webpages visited on my website (if applicable)
Special Category Data (Sensitive Data)
Given the nature of healthcare related data, some of the information I may collect from you will be classified as sensitive, either prior to your first session (usually by phone), or face to face, throughout the course of therapy. This data will only be collected if it is appropriate to your course of therapy and not every item listed below will be collected:
• Your and/or your family’s physical and mental health history (including history of alcohol consumption, drug use and any medication previously prescribed)
• Current physical and mental health symptoms including suicide risk, alcohol and drug use, and any medication you are currently taking
• Questionnaire scores (questionnaires that assess the severity of your symptoms)
• Offences and alleged offences
• Sexual orientation
• Sexual behaviour and history
• Relationship history
I collect the above personal and sensitive data from you to ensure that the service I provide to you is adequate, and for monitoring and evaluation purposes.
What do I use your information for?
I process personal information to enable me to provide cognitive behavioural therapy to my clients, which may include:
• making appropriate referrals
• coordinating your care when working with other health professionals who may be involved in your care
• communicating with you regarding your treatment/ appointments
• account for my clinical decisions and/or respond to complaints
I will never sell or provide your details to any third party for marketing purposes.
Your insurance company
If you are claiming the cost of your sessions through your insurance company, your insurance company may request details of your treatment and progress from me in order to authorize further funding for your treatment. Under these circumstances, I will share the minimum amount of information necessary with your insurance company.
If I am required to disclose data about you under a Court Order
If I am concerned about the welfare of a child, i.e., where there are child protection issues
Risk to self or others
Where there is an imminent risk of harm to yourself or others, i.e., you have expressed an intent to kill yourself, or to kill someone else, imminently.
As per the COSCA and BABCP Standards of Conduct, Performance and Ethics, I must take appropriate action to protect the rights of children and vulnerable adults if I believe they are at risk, including following national and local policies.
Retention period-how long do I store your data?
My retention period is seven years, and I use two main criteria for determining my retention period.
Criteria 1: According to the Limitation Act 1980, you, as my client, have six years within which to bring against me a complaint of breach of contract, breach of trust or a claim in relation to negligence. It is therefore in both our interests that I store your data for this period of time.
Criteria 2: The second criteria that I use in deciding how long to store your data is the likelihood of you returning to me for further therapy at some point in the future. In my experience if a client returns to me for further therapy in future, they normally do so within seven years. Once you are discharged from my service, paper records will be retained for three months after which these documents will be scanned and stored electronically. If you have not been discharged but have not made contact with my service the same process applies starting from the date of last contact.
Security of information shared over the internet
I process your personal data in line with GDPR legislation (EU) 2016/679, and take all appropriate measures to keep it secure.
I make every effort to ensure that your personal information is held securely and to safeguard against unauthorised access to your personal information. Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure.
I strive to protect your personal information after I have received it, however:
1. You acknowledge that the privacy of your communications and personal information can never be completely guaranteed when it is being transmitted over the internet.
2. You acknowledge and agree that you share and transmit the information at your own risk.
Your Individual Rights
You have a number of rights (including Right to be informed, Right to access, and Right to lodge a formal complaint) when it comes to your personal data. Please refer to the ICO’s website for full details of your rights.
Right of Access
You may request details of personal information which we hold about you under the Data Protection Act 1998 and in line with GDPR legislation (EU) 2016/679. Depending on the volume of information requested and the administrative costs involved in providing you with this information, there may be a charge for this information. You will be informed of the costs at the time the request is made. Requests for information must be put in writing. If you would like to request access to the information held on you, please email me.
Requests that are considered excessive or unreasonable may be refused. In the event your request to obtain details of information held about you is refused, you will be provided with an explanation as to why that is.
Right to rectification
If you believe that any information I am holding on you is incorrect or incomplete, please email me with details and I will promptly correct any information found to be incorrect.
Right to lodge a formal complaint with a supervisory authority
If you believe that your rights under the GDPR regulation have been infringed, or that the processing of personal data relating to you does not comply with this Regulation, you can inform the ICO (Information Commissioner’s Office) or by phoning their helpline on 0303 123 1113.