Data Protection Policy

Diagram Description automatically generated

enquiries@sleeptherapywest.org

I am required to keep records of our appointments and our work together and I cannot offer a service unless you allow me to do this. 

I am registered by the Information Commissioners Office (ICO) to keep data on the legal basis of legitimate interest. I abide by the law and keep records in accordance with standards in healthcare. I am required to keep data during the time I work with a client and for 7 years after. 

I keep personal data (e.g., name, contact information) and sensitive information (e.g., notes about our appointments, gender). I keep data on my laptop, USB Flash drive/memory stick, my mobile phone and in my email system. My website does not use cookies.


How I keep data safe

I keep no paper records. The only record I make is the report that I copy to you and, unless we agree that it should be copied to a third party (such as your GP), it will not include your full name, date of birth or address. I store this digitally and do not make a paper copy unless you request one. Your name and address will appear on invoices and receipts which I also store digitally. I do not keep old/inactive records on my computer but on a passworded memory stick which is stored securely.

I use a firewall on my laptop and a password or fingerprint is required to access it. My mobile phone needs a password or facial recognition to use it. My email system is encrypted and secured by a password.


Your rights

You have the right to request details of all the information that I keep about you, free of charge. If you consider any information inaccurate or incomplete, you can request to have it corrected. 

You can complain to the ICO (www.ico.org.uk) if you think I am acting unlawfully. However, I would ask you first to address any questions or concerns that you have to me so that I can respond to them.


Other points

  • The only circumstances in which I would breach confidentiality would be if I thought that a patient posed a threat to others, especially children, or is planning an act of terrorism, whereupon I would be obliged to alert the authorities; if I thought a patient was a risk to himself/herself, I would inform their GP or other service. (This is why I insist on knowing who a patient’s GP is before a first meeting.)

  • I might discuss your case, without any identifying information, in supervision with a fellow professional; this is a means of quality control.

  • There are no circumstances in which I would use your contact information for marketing, and I would not pass it to others for marketing or any commercial purpose.