Privacy & Cookies
Privacy Notice for Clients
As a client of my practice, in order to comply with data protection laws including the new GDPR (General Data Protection Regulation), there are a few things I need to let you know about the information I will hold about you and the reasons for this. Everything I do follows normal good practice for holding data generally as well as for a therapeutic practice, but it’s important and your legal right to read and understand the information before you come for treatment with me.
Information I hold about you
When you come for treatment, I take your name and contact details (address, phone numbers, email address), and your date of birth, as well as notes about your history that you give to me. This can include information about your physical and mental health, as well as personal history that you choose to give me.
All of this information will be given directly by you – some, such as your name and contact details, you may have supplied when we initially made contact and most will then be given in our session. Over time in future sessions, I will add to this information as you talk more about your circumstances or the issues you are seeking help with. I will also note my impressions from our sessions including what I perceive through the any treatment.
How is this information used?
Your contact information is used only in order to arrange appointments or to follow up with you, and never for any other reason.
The case history information is important in order to understand your situation, get to know you and give you the best treatment possible, as well as to be able to track your progress over time.
Reasons for holding information
The reason for all of these details is in order to give you the best therapy that I can. Because the work we do together is to support your health whether physical, mental or emotional, it’s important to hear some of your history in order to work with you responsibly and carefully, as well as to track your progress with you over time. You can choose how much you wish to share about your history and you should never feel obliged to talk about anything that you don’t want to.
Although I take notes and this is also a requirement of my professional body, I may not note every detail of our verbal conversations but just what is needed to keep a clear record of how you are doing.
The Legal Basis for holding your information
Under the new GDPR regulations, there are specific legal reasons which have to be met in order to hold information and which you have the right to know. In legal terms, the main reason for holding information about clients is in order to fulfil a ‘contract’ with you to give craniosacral therapy. In addition, because the information that is talked about in any kind of therapy can be very personal including information about physical or mental health, this is called ‘special categories’, and there is a separate legal basis for this with strict conditions such as confidentiality which must be met.
Sharing information about you
In general, your information is never shared with anyone else unless you ask me to do this.
As you would expect within a therapeutic relationship, and as a requirement of the Code of Ethics of my professional body the CSTA, you can be assured that all of the information I receive about you is treated in complete confidence and will not be shared with others or used for any other purposes.
I am in regular supervision for my craniosacral work, as is good practice – this is support for me in my practice and although I may at times mention issues that are arising for some clients, nobody is ever mentioned by name so the confidentiality is still maintained.
How long will I keep your information?
I am not allowed to hold on to your personal data for longer than needed, and only related to the original reason for holding the information in the first place. After that I may retain your records for a limited time where needed for business /accounting or legal purposes. This is called the retention period.
My professional body the CSTA requires me to keep your notes for at least seven years after your last visit if you are an adult, or up to age 21 plus seven years for children. For those who legally lack ‘capacity’, the rules are more complicated but will usually be at least 15 years rather than seven, sometimes followed by legal advice.
In order to be able to provide follow-up if clients return after a break, as well as to allow time for disposal of notes, the maximum time I will keep your notes is 15 years.
After this time they are deleted securely.
I am very aware of the sensitive nature of the information I receive as a practitioner, and I take steps to protect your personal information against loss or theft, as well as unauthorised access, disclosure, copying, use, or modification.
Given that emails can never be guaranteed to be fully secure, and that they may count as ‘data processing’ under the GDPR, if you want to discuss something personal about your situation or treatment I ask that you contact me to arrange a chat rather than sending personal information by email.
Will your information remain in the UK?
You have the right to know if I expect to remove or send your information outside the UK or the European Economic Area (EEA), and if so the safeguards that have been put in place to protect your information and your rights. This is important because not all countries are governed by the same strict regulations as the UK, and some ways of holding information (such as on a ‘cloud’) can mean information is stored on computers which may be outside the area governed by the GDPR.
As I travel including outside Europe, I may access your information from a country outside the European Economic Area. Not all countries outside the EEA may comply with the GDPR but I have checked the level of security of the cloud on which I access information. I also have extra protection on my laptop to ensure security.
Data protection and your rights
Data regulations say that anyone who has information held about them has various rights, including the right to know what information is held and to correct anything that isn’t right in their records.
Your right to refuse to give information
Under the GDPR, you are not required to give your personal information, and you have right to be informed of any consequences of refusing to give it.
A case history is needed in order to ‘fulfil our contract’, to give you the best treatment possible, including understanding your situation and any difficulties you are seeking help for, as well as to comply with my Code of Ethics. So if you do not wish to give any information at all I may be unable to give you craniosacral therapy, but I am always happy to have a chat about what may or may not feel comfortable for you.
Your right to object to me holding your information
If you object to me holding your information, you can ask me to stop. Because my Code of Ethics has a requirement for me to keep notes for a minimum time as described above, I will need to retain your records in order to comply with this.
Your right to see what information I hold about you
If you request it I must give you a copy of the information I hold about you. This can be in paper or electronic form, and I can explain the notes and respond to any concerns or questions you may have.
Your right to ‘rectify’ any information I hold which is not correct
If you believe that any of the information I hold about you is inaccurate or incorrect you have the right to tell me about this and request that the information is corrected.
Please do let me know if any of your details change so I can keep your records up to date.
Your right to make a complaint
You have the right to complain if you are unhappy about the way I look after your information, or feel I have not properly respected your rights – in the first instance to me, and then also to my professional body the CSTA firstname.lastname@example.org, or if you are still unhappy to the Information Commissioner’s Office (ICO) https://ico.org.uk/concerns/ or 0303 1231113
Understanding and agreeing to this information
You should make sure you understand and agree to me keeping this information about you – if you have any questions at all please ask and I’ll be happy to answer them.
Changes to this notice
I may make changes to this notice and information from time to time, for example if there are changes in the laws about data protection. While you are a client, I will always let you know of changes by updating it here on my website.