Privacy Policy

Dr Lucy’s Privacy Policy 

 

1.0 Introduction 

​

Dr Lucy uses the information collected in accordance with all UK laws concerning the protection of personal data, including the Data Protection Act 1998 and the General Data Protection Regulation (GDPR) 2018. Dr Lucy is the data controller. If another party has access to your data you will be informed they acting as a data controller or a data processor, who they are, what they are doing with your data and why they are required to be provided with the information. If your questions are not fully answered please contact Dr Lucy. If you are not satisfied you can contact the Information Commissioner's Office (ICO) https://ico.org.uk. Further details are included at the end of this policy. 

 

2.0 Contact details  

​

Name: Dr Lucy Rigley 

E-mail: info@drlucy.co.uk 

​

3.0 The type of personal information we collect  

​

Dr Lucy collects and processes the following personal data: 

 

3.1 Therapy clients: 

​

• Personal data: basic contact information including name, date of birth, postal address, email address, contact number. Emergency contact details and/or next of kin details, and GP contact details. 

• Sensitive personal data: Signed Therapy Client Agreement, brief medical history, therapy records (e.g therapist notes, letters, reports, forms and outcome measures). 

• Web-based enquiry form, we will also collect any information you provide to us as well as your internet protocol (IP) address.  This is automatically supplied by the website software used to offer the form.  All web services used by Dr Lucy are verified by themselves as GDPR compliant. 

• Third party information: for example, if she receives a referral from another health professional (such as your Doctor or Occupational Therapist). If you are referred by your health insurance provider, then we will also collect, and process personal data provided by that organisation. This includes basic contact information, referral information, and health insurance policy number and authorisation for psychological treatment. 

 

 

3.2 Individuals attending a group/workshop/course: 

​

• Personal data: basic contact information: name, email, contact number. 

• Web-based enquiry form, we will also collect any information you provide to us as well as your internet protocol (IP) address.  This is automatically supplied by the website software used to offer the form.  All web services used by Dr Lucy are verified by themselves as GDPR compliant. 

​

3.3 Signing up for the mailing list(s): 

​

• Your name and your email address.​ 

​ 

3.4 Browsing Dr Lucy’s Website, Facebook and Instagram Page: 

 

• When you engage with this media your information will be stored in the form of cookies. We gather general information (not personally identifiable information) which might include which pages are visited most often and which services, events or information are of most interest to our web site visitors. You can opt out of this from the website when the pop up appears.  

• Dr Lucy’s website is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell services to you. Your data (limited to name, e-mail address and telephone number) may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.    

• To change your Facebook or Instagram privacy preference please do this directly on either of these platforms. 

 

4.0 How we get the personal information and why we have it 

​

Most of the personal information we process is provided to us directly by you for one of the following reasons: 

​

• To communicate with you to arrange and remind you of appointments. 

• To keep any clinical notes arising from therapy sessions and related cancellations or communications between us. 

• To conduct a psychological assessment. 

• To devise and implement an effective treatment plan and conduct therapy. 

• To communicate here necessary with relevant third parties to support your treatment and manage any risks which may arise 

• To create your invoice and process your payment 

• To notify you of any ongoing content you have asked to be informed about, such as groups, workshops, and blog posts 

• To send you mailing list emails or email communications regarding key aspects of her business. 

 

We may also ask for information on how you found our service for the purpose of our own marketing research.  No information you provide is passed on without your consent.  We will never sell your information to others. 

 
Any personal information we hold about you is stored and processed in line with The Data Protection Act 1998 (in force on the date this statement became operational) and the General Data Protection Regulation (Regulation (EU) 2016/679) adopted on 27th April 2016 and enforceable from 25th May 2018. 

 

Dr Lucy will not share any of your information with others, except in the following circumstances: 

• She has your permission 

• The law allows it 

• It is in your best interests, such as preventing you from seriously harming yourself. 

• It is in the public interest, such as if it is necessary to protect public safety or prevent harm to other people. 

 

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are: Dr Lucy has a legitimate interest in using the personal data and sensitive personal data we collect to provide health treatment. It is necessary for us to provide psychological therapy to clients.   

 

5.0 How we store your personal information  

​

Your information is securely stored. 

​

Notes will be taken during and after each individual therapy session which will be kept in accordance with the General Data Protection Regulation 2018 (GDPR). These notes will be securely stored using Clinix Software. ”Clinix” is a commercially available system specifically designed for this purpose. This software also holds your contact information and automatically sends e-mail and/or text reminders for your appointments.  

​

Personal information is minimised in phone and email communication. Sensitive personal data will be sent to clients in an email attachment that is password protected. Email applications use private (SSL) settings, which encrypts email traffic so that it cannot be read at any point between our computing devices and our mail server. Dr Lucy will never use open or unsecure Wi-Fi networks to send any personal data. Dr Lucy’s e-mail provider includes encryptions, however the secuirty of your e-mail provider cannot be guarantees so please be aware of this when communicating with Dr Lucy in this way. 

​

Passwords are changed every 90 days and passwords are not shared. 

 

Dr Lucy’s website is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell services to you. Your data (name, e-mail address and telephone number) may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.    

 

6.0 How long is your information stored for 

 

We only retain personal information for as long as is reasonable and necessary for the relevant activity.  

 

• In circumstances where someone has received therapy with Dr Lucy, we comply with all statutory obligations relating to the proper time frames for storage of clinical information. As these records form part of your medical history and may be required by you, your doctor(s) or health care team in the future Dr Lucy keeps all patient electronic records for a full 7 years after your treatment has ended as this is the minimum/maximum length of time for records to be retained and then permanently and securely erases. You have the right to ask for your data to be deleted but Dr Lucy dord not to have comply with this request if there is a legitimate reason for continuing to retain this data (for example possible future legal requests). 

• During treatment you may have exchanged email communication with Dr Lucy as soon as treatment is completed Dr Lucy will permanently delete all emails received and sent. These will also be permanently deleted from her electronic ‘trash bin’. Any clinical information exchanged via email will have already been discussed with you and were appropriate and agreed placed in your clinical record, anonymised and password protected. 

• Contact information is stored for a period of 6 months if you do not become a client of Dr Lucy and then permanently and securely deletes all information.  

• Invoices are stored for seven years as this is the required length to comply with the HMRC requirements. 

 

 

7.0 Your data protection rights 

​

Under data protection law, you have rights including: 

​

7.1 Your right of access  

​

You have the right to ask us for copies of your personal information.  

You have a right to get copies of your data and can ask to do so in writing by e-mail. Making this request is called a ‘subject access request’. You can make a subject access request (SAR) by contacting Dr Lucy. Additional verification will be required to ensure that you are who you say you are to process this request. Dr Lucy may withhold such personal information to the extent permitted by law. In practice, this means that information may not be provided if Dr Lucy considers that providing the information will violate your vital interests. If you make such a request Dr Lucy will need a short amount of time to process this request but would expect to be able to send you the information within 30 days. 

 

 

7.2 Your right to rectification  

​

You have the right to ask Dr Lucy to rectify personal information you think is inaccurate. You also have the right to ask Dr Lucy to complete information you think is incomplete.  In order to exercise your right to challenge the accuracy of data and for it to be corrected this should be done in writing. Additional verification will be required to ensure that you are who you say you are to process this request.  You should: 

• state clearly what you believe is inaccurate or incomplete - explain how it should be corrected 

• where available, provide evidence for inaccuracies 

​

After your data has been corrected in the system, you will be sent a copy of the updated information as described above with SARs. 

 

 

7.3 Your right to erasure 

 

You have the right to ask us to erase your personal information in certain circumstances. If you want to have your data removed, Dr Lucy will have to determine if the data needs to be kept. This means that because your information has been collected lawfully and with a specific purpose, and forms part of your medical record it must be kept on file for a fixed period of time and cannot be deleted. If Dr Lucy decides that she should delete the data, she will do so without undue delay.  

 

If you wish to unsubscribe from any mailing list you can do this in each and every email she sends you by clicking the link which says unsubscribe.  

 

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. 

Please contact us at info@drlucy.co.uk if you wish to make a request. 

 
 

8.0 How to complain 

If you have any concerns about our use of your personal information, you can make a complaint to us at info@drlucy.co.uk 

You can also complain to the ICO if you are unhappy with how we have used your data. 

The ICO’s address:             

Information Commissioner’s Office 

Wycliffe House 

Water Lane 

Wilmslow 

Cheshire 

SK9 5AF 

 

Helpline number: 0303 123 1113 

ICO website: https://www.ico.org.uk