top of page

​

Privacy Policy

Mr SJ Howarth t/a Trust Therapy & Training                                                                        

ICO Registration no: ZA426061

 

This Privacy Policy sets out important details about information that Trust Therapy & Training (TT&T) may collect and hold about you, how that information may be used and your legal rights. I review this policy regularly.

1. Who has information about me?

When acting as a Data Processor regarding your healthcare, the records I create may be shared with the NHS provider (if relevant) and they may share information about you, in order to provide safe and effective care. In my locality this may include your local CMHT, Crisis Teams and your GP. Information is shared for your direct care purposes. There may be instances where I am required under legislation to share information, but I will only do so if I have a legal basis.

2. What information does TT&T hold about you?

I hold 2 types of data about you.

a) Personal data (data which Identifies you)

• Personal data only includes information relating to natural persons.

• Personal data may also include special categories of personal data or criminal conviction and offence data. These are more sensitive and I may process this in more limited circumstances.

• Anonymised data can help reduce privacy risks by making it more difficult to identify individuals, but it is still personal data.

b) Special Category (sensitive data)

This sort of data could include:

• racial or ethnic origin

• political opinions

• religious or philosophical beliefs

• trade union membership

• genetic data

• biometric data (where used for identification purposes)

• health

• sex life

• sexual orientation

3. Information I may collect

I only collect information about you which you have supplied - or has been supplied by others involved in your care and treatment (i.e., hospital, community, employers). This is likely to include your personal data see Personal Data (see definition section 2). I may also hold more sensitive information about you, see Sensitive Data (see definition section 2).

I may collect information from you:

a) If you contact me via telephone calls. Calls are not recorded but I may make brief notes which are stored electronically, password protected and anonymised. 

b) If you communicate with me via email

c) You visit me for an appointment.

Sometimes I may obtain information about you from:

• other health care providers.

4. How will TT&T use the information it holds about me?

I use information about you in connection with

• treatment and/or care,

• tests or assessments.

I may use your phone number or email address (where you have provided it to me) to contact you in advance of appointment for reasons connected with your care or treatment. Where you have provided us with your mobile number or email address, I may send you confirmations/reminders of your appointments via text message or email and I may respond to your email enquiries via email.

I may also use information about you for:

• quality assurance

• maintaining business records

• monitoring outcomes where I believe there is a business need to do so and our use of information about you does not cause harm to you.

This may include planning and workload management to help develop and plan the most appropriate levels of care and to ensure I have got the right levels of productivity and efficiency and good outcomes for clients.

I may also use information about you where there is a legal or regulatory obligation on us to do so (such as the prevention of fraud or safeguarding) or in connection with legal proceedings. I may also use information about you where you have provided your consent to us doing so. I do not carry out automated decision making or profiling.

5. Staff access to your personal and sensitive data.

I control who has access to your information and only I access your information (for occasional exceptions, please see below). If a data breach does occur and includes access to your information, I will contact you. I also have an obligation if it is a serious data breach to inform the Information Commissioners Office. I am registered with the appropriate professional and regulatory bodies (BACP-British Association for Counselling & Psychotherapy) and have a responsibility to uphold the highest standards when handling patient/client information.

6. How I keep your information safe and secure

 • TT&T complies with Data Protection/GDPR Legislation to ensure I understand the ‘must’ or ‘must not do’ with client data.

• Passwords are changed on a regular basis (with different passwords for accessing my computer and any notes kept).

• Where incidents do happen, any investigation will include actions I take and lessons learnt.

 

7. Will TT&T share information about me with others?

Yes, I set out reasons below and assure you that in each case, I share only such information as is appropriate, necessary, and proportionate.

Sharing information with those involved in your health assessment, care, or treatment:

1. I may share your medical information with those involved in your health assessment, care or treatment (such as your GP, CMHT’s and secondary care mental health providers) for direct care purposes.

2. For clients who come to me through their employer’s healthcare/benefits scheme, please be assured I will not share your medical information with your employer without your consent.

3. I may share information about you with anyone you have asked us to communicate with or whose details you have provided as an emergency contact (such as your next of kin).

8. Sharing information with third parties who are not involved in your health assessment, care, or treatment

I may share information about you with external organisations such as:

• BACP auditors

• Insurance companies

I would only do this where I have a legal basis to do so or with your consent.

9. Sharing with regulators or because of a legal obligation

I may share information about you with our regulators, including the

• NHS England (which leads the NHS in England) and the Department of Health (the government department responsible for health and adult social care policy).

• Health & Safety Executive.

• Public Health England.

Sometimes, I am required to disclose information about you because I am legally required to do so.

This may be because of a:

• court order

• regulatory body with statutory powers to access clients’ records as part of their duties to investigate complaints, accidents, or health professionals’ fitness to practise.

Before any disclosure is made, I will satisfy myself that any disclosure sought is required by law or can be justified in the public interest. Information about you may also be shared with the police and other third parties where reasonably necessary for the prevention or detection of crime. On occasion, this may include the Home Office and HMRC.

10. Audits, surveys, and initiatives

In common with all healthcare providers (both NHS and private), I look at the quality of the care I provide:

• to ensure that patients are getting the best possible outcomes from their treatment and care

• to help patients make informed choices about the care they receive.

I can assure you that your personal information always remains under my control.

Any information I might provide for national audits and initiatives will not contain any information in which any patient can be identified, unless required by law. Any publishing of this data will be in anonymised statistical form.

I may partake in local audits where there has been a Serious Incident in order to identify any potential clinical risks to yourself or other clients.

11.What legal basis does TT&T have for using information about me?

Data protection law requires I set out the legal basis for holding and using information about you.

I have set out the various reasons I use information about you and alongside each, the legal basis for doing so.

Processing shall be lawful only if and to the extent that at least one of the following applies:

a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes.

b) processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract.

c) processing is necessary for compliance with a legal obligation to which the controller is subject.

d) processing is necessary to protect the vital interests/safety of the data subject or of another natural person.

e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

 f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, where the data subject is a child. For the purpose of delivering your direct health care within TT&T and sharing your information I use Article 6(e) above Where I have to share your information because I are required to do so under law, I use Article 6(c) above.

12. Where and for how long does DRCS store information about me?

The information about you that I hold/access is held securely in the United Kingdom and stored electronically. No paper records are kept and no records are stored outside the EU. I retain your records for certain periods (depending on the record) according to BACP guidance. This is to ensure that information is properly managed and is available whenever and wherever there is a justified need for that information, including:

• to support patient care and continuity of care.

• to support evidence-based clinical practice.

• to assist clinical and other audits.

• to meet legal requirements. Your records may not be retained in hard copy form where a digital copy exists. If you would like more detailed information, please contact me (contact details below).

13. What rights do I have?

Under certain circumstances, you have rights under data protection laws in relation to any personal information I hold about you. If you wish to exercise any of the rights set out below, please contact me using the contact details below.

14. Details of your rights are set out below:

• The right to be informed. This privacy notice forms part of that, but I also aim to keep you fully informed during your appointments as appropriate.

• The right to access your personal information. You are usually entitled to a copy of the personal information we hold about you and details about how we use it. Your information will usually be provided to you in the form you request, if I am unable to do that, I will inform you. If you have made the request electronically (e.g., by email) the information will be provided to you by electronic means where possible.

You are entitled to the following under data protection law.

Under data protection law I must usually confirm whether I have personal information about you. If I do hold personal information about you, I usually need to explain to you:

• The purposes for which we use your personal information.

• The types of personal information we hold about you.

• Who your personal information has been or could be shared with.

 • Where possible, the length of time we expect to hold your personal information. If that is not possible, the criteria we use to determine how long we hold your information for.

• If the personal data we hold about you was not provided by you, where we obtained the information from.

• Your right to ask me to amend or delete your personal information (if appropriate).

 • Your right to ask me to restrict how your personal information is used or to object to our use of your personal information (if appropriate).

• Your right to complain to the Information Commissioner’s Office (see below for more information)

• I may also need to provide you with a copy of your personal information. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, I may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

I can refuse to comply with your request in these circumstances:

I may need to request specific information from you to help us confirm your identity (this will be proportionate) and ensure your right to access your personal information (or exercise any of your other rights).

I may also contact you to ask you for further information in relation to your request to speed up our response. I respond to all requests within one month. Occasionally it could take me longer than a month if your request is particularly complex or you have made a number of requests. In this case, I will notify you and keep you updated.

The right to request correction of your personal information

I take reasonable steps to ensure that the personal information I hold about you is accurate and complete and up to date. However, if you do not believe this is the case, you can ask me to update or amend it.

The right to request erasure of your personal information

In some circumstances, you have the right to request the erasure of the personal information that I hold about you. This is also known as the ‘right to be forgotten’. However, there are exceptions to this right and in certain circumstances I can refuse to delete the information in question.

The right to object to the processing of your personal information

In some circumstances, you have the right to object to the processing of your personal information. This would usually apply to processing for other purposes other than your direct health care i.e., research (which I don’t engage in). 

The right to request a transfer of your personal information

In some circumstances, I must transfer personal information that you have provided to us to you or (if this is technically feasible) another individual/ organisation of your choice. The information must be transferred in an electronic format.

The right to object.

You can ask me to stop processing your information for any other purposes other than your health care.

The right to withdraw your consent

You have the right to withdraw your consent where I rely upon this as a legal ground for processing your information. To apply any of the Individual Rights above please contact me.

15. CCTV & recordings

Any CCTV at any of the venues where counselling/supervision take place is not viewed/accessed/controlled/stored by me. Please see the DRCS privacy policy relating to their use of CCTV. I make no CCTV recordings.

• Telephone calls are not recorded.

• Video consultations/sessions are not recorded or stored anywhere.

16. The right to complain to the Information Commissioner’s Office

You have the right to complain to the Information Commissioner’s Office if you are unhappy with the way that I have dealt with a request from you to exercise any of these rights, or if you think I have not complied with our legal obligations under data protection law.

Making a complaint will not affect any other legal rights or remedies that you have.

More information can be found on the Information Commissioner’s Office website: https://ico.org.uk/ and the Information Commissioner’s Office can be contacted by post, phone, or email as follows:

Information Commissioner’s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 (if you prefer to use a national rate number)

Fax: 01625 524 510

 

Contact details:

Simon Howarth, t/a Trust Therapy & Training.

Email: sj_howarth@hotmail.com

Tel: 07803257450.

Heading 3

bottom of page