Remote Therapy Privacy Statement
Therapist and Data Controller
Erna Evans – 105 Bouverie Road West, Folkestone, Kent CT20 2LD
Contact email – erna.aagaard.evans@gmail.com
Privacy Statement and GDPR Compliance
This Statement outlines the privacy measures put in place by Erna Evans (“the Therapist”) to ensure that data pertaining to service users(1) is kept secure and in line with GDPR regulations when engaging in Remote Therapy (this includes via telephone, messaging app, video conferencing app). The Therapist is registered with the Information Commissioner’s Register of Data (ICO), which requires transparency about what personal information is collected by the Therapist, how this data is used and stored, and what your options are should you wish to cease sharing this information.
The Therapist abides by the Code(s) of Ethics and applicable Privacy Policies established by the United Kingdom Council for Psychotherapy (UKCP) and the British Association for Counselling and Psychotherapy (BACP). These national bodies’ ethics and privacy policies are reflective of all legal requirements and are in line with the UK data legislation as described by the ICO. The relevant policies can be found below:
· UKCP | Safeguarding Protocol, Code of Ethics and Professional Practice
· BACP | Ethical Framework
· BPC | Privacy Policy, Code of Ethics
The Therapist may collect various types of personal data pertaining to their service users in order to provide the best remote service possible, so please make sure that you read the relevant sections of this policy and get in touch if you have any questions. By using these therapeutic services, you are acknowledging the terms of the Privacy Statement as outlined below. Your continued use of the service following any amendments or changes to the Privacy Statement signifies your continued acceptance of the terms.
NOTE: This Statement applies only to the therapeutic practice pertaining to Erna Evans. Each therapist advertising their services on the associated SKCP website (https://www.southkentcounselling.co.uk) identifies as an independent sole trader and each therapist is responsible for their own methods of practice and patient security.
This Privacy Policy is effective from 02/06/2020 and may be updated without notice.
1. Collection and use of personal data
In order to provide remote therapeutic services, certain types of data are likely to be collected anytime you are in contact with the Therapist. There is no requirement to provide the information that they request, but it is likely to inhibit the therapeutic service or responses to queries should you choose not to do so.
1.1. What information is collected
When making an enquiry about remote therapy, the Therapist may collect a variety of information, including your name, postal address, telephone number, email address, and contact preferences.
If the service is commissioned for you by third parties (i.e. by private medical insurers), they will also be expected to provide a variety of information including your name, postal address, telephone number, email address, medical/educational history and, occasionally, an assessment note.
Here are some examples of the types of personal information the Therapist may collect:
· Name
· Date of birth
· Address
· Telephone number
· Email address
· Physical and mental health information
· Marital status
· GP name and address
When engaging in remote therapy, the Therapist may also need to utilise a third-party telecommunications app which, during use by the user, will assume the role of Data Processor. The Therapist takes great precautions to ensure that any third-party apps used are GDPR compliant. The individual data protection policies of all apps that may be utilised have been outlined in Section 1.4.
1.2. How your personal data is used
The personal information that the Therapist collects and stores allows them to provide appropriate therapeutic services. The Therapist will not sell, share, or give information to third parties for marketing purposes.
1.3. Email
The Therapist utilises a dedicated Gmail account for their email services. When you contact the Therapist via the contact details posted on the website or otherwise listed in an online directory, you agree to Google’s terms of use and give consent for the Therapist to contact you in response.
Google stores these email messages on their server and it is a general policy of the Therapist to routinely delete messages when no longer needed: once your query is fulfilled, your message and email address are deleted from their email account.
The Therapist takes the necessary precautions to apply the appropriate security measures on their email accounts (e.g. strong passwords) to ensure that a user’s email addresses and messages are kept private and secure.
To find out more about how Google operates as a data processor in this instance, see their Privacy Policy and GDPR protection page.
1.4. Third-Party Communications Apps
When working remotely, it may be necessary to utilise a third-party telecommunications app, program, or service. It is the general policy of the Therapist to routinely assess the security of the third-party services they use, and, should one avenue of online communication become no longer reliable, necessary steps will be taken to implement a safer alternative.
Possible third-party services necessary for engaging in remote therapy currently include: FaceTime, Signal, Zoom, and Skype. These applications each have their own policies regarding the collection, storage, and use of personal data, which are outlined below.
FaceTime
FaceTime is a video calling app created by Apple for use on iPhone and iOS. End-to-end encryption is utilised during calls, which will not be stored by Apple.
An Apple ID is needed to use FaceTime, through which Apple may collect the following data: name, mailing address, phone number, email address, contact preferences, device identifiers, IP address, location information, and credit card information. The Therapist has no access to any of this information other than the corresponding email address or phone number used to contact you via FaceTime.
For more information on what data Apple collects and how it is used, see their Privacy Policy and Platform Security Guide.
Skype is a telecommunications app created by Microsoft that offers video chat and voice calls. All communications between registered users of the Skype app (this excludes communications with traditional mobile or landline numbers) are automatically encrypted.
You will need to download the Skype app and sign in with a Microsoft account, ensuring that a strong password is used, in order for the video call to be safely encrypted. Microsoft may collect data from its users in order to provide personalised advertising. For more information on what data Microsoft collects via the Skype app and how it may be used, see their Privacy Statement.
Signal is a mobile messaging and calls app that prioritises the privacy and security of its users. The app utilises non-optional end-to-end encryption to keep conversations and personal information secure. Only a mobile number is required in order to use Signal. Other information such as messages, contacts, calls, and other data stored on your phone cannot be accessed or stored by Signal.
For more information on what data Signal collects and how it is used, see their Privacy Policy and GDPR Policy.
By providing your therapist with your mobile number upon agreement of utilising Signal as a means of communication, you are agreeing both to the terms outlined in this statement and the policies provided by Signal.
Zoom is a videoconferencing app that incorporates end-to-end encryption into its service.
There is no need to download an app when using Zoom for the purposes of remote therapy. A randomly-generated Meeting ID will be forwarded to you by the Therapist along with a secure passcode used to enter the meeting. The meeting will then open in your web browser through an encrypted connection. Alternatively, you can manually input the Meeting ID via the Zoom homepage. It is the policy of the Therapist to always utilise a secure passcode when engaging in meetings using the Zoom service.
For more information on the data that Zoom collects and how this data is used, refer to their Privacy Policy and GDPR Statement.
By utilising any of the above applications or services in order to access the therapeutic service, both you and the Therapist are thereby agreeing to the relevant Privacy Policy and Terms of Service set out by the corresponding service provider.
2. Protection of your personal data
The Therapist takes the security of personal information very seriously. In order to ensure personal protection of information, there are a series of technical and administrative measures in place. Access is limited only to the Therapist, who may need to access it for the purpose of acting in connection with any legitimate interest to the service user.
Any information shared with third parties is done either as a legal requirement or through an anonymised process, which is secured through end-to-end encryption.
The Therapist takes data security extremely seriously. All email communications with the Therapist are examined and replies are issued where appropriate as soon as possible. If you are unsatisfied with the reply you receive, you may refer your complaint to the Information Commissioner’s Office (ico.org.uk).
2.1. How your personal data may be stored
The personal information collected by the Therapist may be stored in a variety of paper and electronic forms. The Therapist applies appropriate and adequate technical and administrative processes in place to make sure that all your information is kept secure. However, in the unlikely event of a data breach occurring, anyone affected will be contacted within 30 days.
The Therapist is legally required to hold certain information for a set period. All personal information will be deleted or securely destroyed at the appropriate time and they will not keep personal information for longer than is required or permitted by law. All personal information stored in physical files are stored in a locked filing cabinet and are incinerated when no longer required. Any digital files are securely and permanently deleted when no longer needed.
Any information stored by the Therapist is deleted after 5 years automatically. Additionally, in the event of unforeseen death or incapacity of the Therapist, service users will be informed by a third party who holds the ‘Living Will.’(2)
2.2. Confidentiality and disclosure to third parties in response to a “Legitimate Interest”
All communications with and information collected by the Therapist will be treated with the strictest confidence.
The Therapist will only share your personal information with third parties in the following circumstances:
· Where you have given your consent to the information being shared;
· Where there are issues or concerns pertaining to the health and safety of service users
· Where information may be shared with appropriate consent from all parties
· Where there are issues concerning the safety of others: for example, acts of terrorism or child safety
· Where there is a legal requirement or responsibility to share the information.
Personal information of service users may also need to be shared with third parties to arrange the funding and/or payment of services received.
3. Website
The Therapist’s associated website (www.southkentcounselling.co.uk) is fully GDPR compliant. For more information on the various policies regarding the usage of the website, see the Privacy Policy.
4. Data Subject Rights
In accordance with GDPR, the service user retains the right to access, rectify, or erase the personal data held on them. More information on the Rights of Data Subjects can be found on the ICO website.
Any changes of information need to be communicated as soon as possible so that the Therapist’s records can be updated.
Notes:
(1) The term ‘service user’ has been used throughout as a generic term referring to any individual undertaking therapy either long or short term with the Therapist.
(2) A ‘Living Will’ is a document outlining brief information, such as name and telephone number, so that service users can be contacted if their therapist becomes suddenly unavailable.
Updated: 14/09/2020