Composure Psychology Privacy Policy
Composure PS Ltd T/A Composure Psychology (‘We’) are committed to looking after your privacy and confidentiality.
This privacy policy describes how Composure Psychology looks after, protects, and uses the information you give to us. If you provide, or are asked to provide information when contacting or working with us, it will only be used in the ways detailed in this privacy policy.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting https://composurepsychology.com or www.composureps.com (for psychologists) you are accepting and consenting to the practices described in this policy.
COOKIES CONSENT - To go directly to the Cookies Consent information please click here.
This policy has been developed to support our adherence to the following legal acts, regulations and industry standards;
- The Data Protection Act 1998
- General Data Protection Regulation (GDPR) - (Regulation (EU) 2016/679) adopted on 27th April 2016 and enforceable from 25th May 2018.
- Human Rights Act (1988)
- The Health and Care Professions Council (HCPC) – Standards for Practitioner Psychologists and guidance on holding and disclosing medical records
- British Psychological Society (BPS) – Record keeping- guidance on good practice
This policy was last updated in April 2018. It will be reviewed on a regular basis and may be updated. The latest version is available on our website https://composurepsychology.com
If you have any questions regarding this policy please email info@composureps.com adding PRIVACY into the subject line.
Introduction
Composure Psychology gathers and uses certain information about clients and prospective clients in line with the information contained in our Therapy Agreement and Terms and Conditions document. This privacy policy describes how the data is collected, managed and held to ensure it complies with the law and meets Composure Psychology’s data protection standards.
What data do we collect?
We collect:
- Name and address (postal and email)
- Date of birth
- GP details
- Name of educational establishment (where relevant)
- Details of private health insurance policies (where relevant)
Later, if you begin work with a therapist, we will collect information about factors that can often influence the difficulty you would like support with. Examples include questions about whether you have had therapy before and what has and hasn’t worked well, any cultural, spiritual or physical health factors that you think may be involved and that you wish to share.
Why do we collect data and how do we use it?
We collect your information only to carry out our business and deliver our psychological services for you.
The data helps us to;
- Work with you safely and effectively
- Communicate with you to arrange an assessment and therapy
- Complete a thorough assessment and fully understand the difficulty you are living with
- Determine which therapist may be best placed to help you
- Enable effective therapeutic treatment options to be identified, planned, agreed with you and delivered
- Manage payments, invoices and receipts efficiently with you, your sponsor or your insurer
- Liaise with relevant third parties (when necessary and agreed with you) to manage risks and support your treatment
The data also helps us;
- as part of our efforts to keep our sites safe and secure
- to administer our sites and internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes
- to improve our sites to ensure that content is presented in the most effective manner for you and for your computer
- to allow you to participate in interactive features of our service, when you choose to do so
- to measure or understand the effectiveness of any contact we make with you to follow up after your treatment and check on your welfare (usually bi-annually) and with consent (an opt in/out provision to be sent first)
- to measure or understand the effectiveness of any promotion of resources or events (predominantly free) to supplement your and others’ therapy: you will be provided an opportunity to opt in before these are sent to you.
- to make suggestions and recommendations to you and other users of our site about goods or services that may interest you or them: you will be provided an opportunity to opt in before these are sent to you.
We or our web service providers such as google analytics and full story may compile and analyse statistical data we collect from visitors to our website so we can improve our services and your experience of using our sites. We can't personally identify you as the source of that data.
We will not use, sell or disclose your information for any other purpose without your consent unless the law requires us to. We do not disclose your information to overseas recipients.
Where does the data come from?
From you:
You provide us with your data when you contact us by telephone or take up our offer for a free brief chat or email us.
If you use our website, we only collect information you supply (for example, when using our online contact form or to book an appointment with us online). When you browse our website as a visitor, we don’t collect any of your personal information.
If you book an appointment you will provide us with your data via our ‘new client intake form’ either in hard copy, scanned and attached by email or via our online systems.
You also provide us with your data when undergoing therapy.
From a referrer:
Your GP, another psychologist, health professional or health insurer may, after speaking with you and usually with your permission, provide us with a referral letter or email explaining what you would like help with, how to contact you, and authorisation for number or duration of sessions and payment.
From Cookies
Like most websites, we use cookies. Cookies are small text files that are placed on your computer and they allow us to do several helpful activities including;
- differentiate you from other users of our site,
- help our site to work efficiently,
- give you a better experience when you are browsing our site
- help us learn about how our site is used and to improve our service
When you continue to browse the site, you are agreeing to our use of cookies.
We use different types of cookies including;
- Strictly necessary cookies that make our site work and that are essential for safe secure online booking and payment.
- User recognition cookies that help identify you when you visit and return to our website; they allow us to remember your preferences and display relevant content for you.
- Performance analysis and targeting cookies that help us record how many visitors come to our site, how they move around the site and what they click on so that we can identify ways in which to make navigating and finding what you are looking for quicker and easier for you.
We may use cookies to record information about your visit like:
- the type of browser and operating system you use
- your server’s IP address
- the previous site you visited
- the pages you access on our site
- the information you download.
We can’t personally identify you as the source of that data.
Third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies. We have no control over these cookies. In general, third party cookies are often (though not always) performance, analysis and targeting type cookies.
Except for essential cookies, all cookies will usually expire after a month though the period may vary according to your individual browser settings.
Blocking cookies
You can block cookies by selecting the setting on your browser that allows you to refuse the setting of all or some cookies. Please note, if you do select block all cookies (including essential cookies) on your browser settings, you may not be able to access all or parts of our site.
Security and How do we store your data?
Composure Psychology takes all reasonable steps to hold your information securely:
- All client files and therapy notes are kept within a secure client management system widely used in the health service industry called WriteUpp or within Dropbox for Business (for larger files unable to be stored within WriteUpp).
- Please refer to WriteUpp’s privacy policy here for more detail. The highlights are that WriteUpp:
- have in place appropriate technical and organisational measures (underpinned by their ISO27001:2013 accreditation), to protect against unauthorised or unlawful processing of Patient Data and against accidental loss or destruction of, or damage to, Patient Data
- that Patient data is NOT transferred outside of the EU/EEA
- that WriteUpp will NOT transfer Patient Data to their group or subsidiaries
- that WriteUpp will only process Patient Data in accordance with the conditions for processing set out within it.
- Dropbox Business is certified as being compliant with the most widely accepted security and privacy standards and regulations in the world, such as ISO 27001/2, ISO27018/17 and SOC 2. Please refer to Dropbox for Business privacy policy here for more details.
- Access to your personal information is restricted on a ‘need-to-know’ basis only i.e. for those concerned directly with your care and with your account
- Any information you send us by email is held within a password protected, encrypted email system hosted by 1and1, who use green data centres based in Europe. Please refer to their privacy policy here for more details. Only a minimum amount of information is held within email systems for safe contact and administration as described above. Any other information you provide such as an attachment is transferred to WriteUpp secure client record system as soon as possible and deleted from email.
- To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards.
In addition, Composure Psychology takes the following security measures:
- implementing procedures to comply with all relevant statutory requirements and monitoring internal procedures periodically to ensure that there is such compliance;
- making all officers of Composure Psychology, its employees, sub-contractors and Associate Therapists aware of the rules and procedures laid down by Composure Psychology from time to time in respect to the security of information and the importance of confidentiality. Officers of Composure Psychology, employees, sub-contractors and Associate Therapists have a duty to follow the rules laid down by Composure Psychology and to co-operate with us to ensure that this policy is effective.
- taking measures to ensure the proper training, supervision and instruction of employees, sub-contractors and Associate Therapists dealing with your information;
- requiring all employees, sub-contractors and Associate Therapists to enter confidentiality agreements in respect to information they acquire from Composure Psychology;
- not retaining information for longer than is necessary for the purposes set out in this policy
In the unlikely event of a data protection breach we will notify the Information Commissioner’s Office (ICO) so that their procedures can be followed. We will also notify all individuals whose data may have been accessed to alert them to the breach and any potential risks.
Who do we share it with?
We will not use, sell or disclose your information for any other purpose than those stated in this policy without your consent unless the law requires us to.
In certain circumstances, the Data Protection Act allows Composure Psychology to disclose data (including sensitive data) without the data subject’s consent. These are:
- Carrying out a legal duty or as authorised by the Secretary of State
- Protecting vital interests of a Data Subject or other person (e.g. risk of harm to self or others)
- If the data subject has already made the information public
- Conducting any legal proceedings, obtaining legal advice or defending any legal rights
- Monitoring for equal opportunities purposes – i.e. race, disability or religion
- Providing a confidential service where the data subject’s consent cannot be obtained or where it is reasonable to proceed without consent: e.g. where we would wish to avoid forcing stressed or ill data subjects to provide consent signatures.
Under these circumstances, Composure Psychology will disclose relevant data. We will take all reasonable steps to notify the individual whose data is being disclosed about the disclosure. We will also ensure that any such data request is legitimate, reasonable and necessary.
How long do we keep your data?
Your data will be kept for the duration of the time you are a client with us. When you stop being a client with us, usually after your last treatment or last contact, we will keep your data for at least seven years and up to a maximum period of ten years in accordance with General Medical Council guidelines. We do this for several reasons. One is so we can best support you if you return for further therapy in that period and do not wish to repeat much of what you have already disclosed. Also, we have the right to keep your records for this period or longer so that we may effectively respond to any questions you or your representatives may raise later, or if there is an ongoing concern for your or others welfare or if you were 16 years or under when receiving treatment. Health records for children are usually kept for longer periods so that any queries can be addressed effectively whenever they arise. Composure Psychology will not keep your records longer than necessary.
Data accuracy
Should, during your contact with us, any personal data change, for example if you move, change GPs, change your name etc., we would be grateful if you could notify us at the earliest opportunity so we can ensure our records are up to date. Thank you.
Access to your information
All individuals who are the subject of personal data held by Composure Psychology are entitled to:
- Ask what information we hold about them and why.
- Ask how to gain access to it.
- Be informed of how to keep their information up to date.
- Be informed of how we meet our data protection obligations.
If you would like to request a copy of the data we hold about you, this is called a Subject Access Request. Subject Access Requests should be made in writing on email to the Data Protection Officer (info@composureps.com). We will aim to provide the relevant data within 30 days. We will always verify the identity of anyone making a subject access request before handing over any information.
What is the legal basis on which we process data?
Processing is necessary
- for the performance of the therapy contract to which you are party or to take steps at your request prior to entering a therapy contract
- to protect your vital interests or the vital interests of another natural person
- for the purposes of the legitimate interests pursued by the controller or by a third party
Who is our Data Protection Officer?
Dr Janine Hayward, Director, Composure Psychology, Composure PS Ltd is our Data Protection Officer. Composure Psychology is the data controller and WriteUpp (where client details are stored) is the data processor. Janine can be contacted on info@composureps.com. Please enter ‘PRIVACY’ into the subject line.
Company Information
Composure PS Ltd
7a Highshore Rd
London SE15 5AA, UK
https://composurepsychology.com
Company Number: 08689100