PRIVACY POLICY
Libratum understands that your privacy is important to you and that you care about how your personal data is used. The following summary highlights how we use, collect and hold your personal data and how we are currently implementing General Data Protection Regulation or GDPR. Please see https://ico.org.uk for more details.
Why do we keep information?
Our professional registration requires us to keep personal data or information about our clients and the work that we do. Personal data refers to any information about you that enables you to be identified. We cannot offer you services unless you allow us to keep data about you and our work together, and we have a legitimate interest for keeping your data. We are registered with the Information Commissioners Office (ICO) to do so. We are bound by the ethical and practical rules set by our professional regulatory bodies (the Health and Care Professions Council; HCPC, and the British Association for Behavioural and Cognitive Psychotherapies; BABCP).
What kind of information do we keep?
Keeping records is an essential component of healthcare. Your personal data includes paper and electronic records of your name, address, gender, Date of birth, job title, profession, contact details (mobile, home number, e-mail address), financial or payment details, GP details, IP address, sensitive data which may include references to your psychological health and wellbeing, and your engagement with the service (such as session notes, questionnaires, email correspondence, invoices, and therapy letters). Prior to our first appointment, you will be asked to complete an information sheet and email consent form.
What do we do with the information?
Under the GDPR, we must always have a lawful basis for using personal data. This may be because the data is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate business interests to use it. Your personal data may be used for one of the following purposes:
• Supplying our services to you. Your personal details are required in order for us to enter into a contract with you.
• Communicating with you. This may include responding to emails or calls from you.
• For billing and processing payments.
• To help prevent serious harm.
Who might we share personal information with?
We hold information about each of our clients and the therapy they receive in confidence. This means that we will not normally share your personal information with any third parties. However, in some limited circumstances, we may be legally required to share certain personal data with a third party and/or legal authorities, such as:
• If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then we will share appointment schedules with that organisation for the purposes of billing. We may also share information with that organisation to provide treatment updates.
• If there is need-to-know information for another health provider, such as your GP.
• If the information concerns risk of harm to the client, or risk of harm to another adult or a child. We will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else.
• If disclosure is in the public interest, to prevent a miscarriage of justice
• If there is a legal duty, for example if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority
How will we store records?
● All information recorded on paper will be securely stored in a locked filing cabinet
● Confidential digital information will be stored on a password protected laptop computer
● All electronic devices (e.g. computer, laptop and phone) used to access stored information will themselves be password protected
● Letters sent to professionals such as GP’s will be encrypted and password protected, with the password sent separately How long do we keep records for? • Mental health records are subject to special legislation e.g. adult records are kept for 8 years after the last contact with the service www.gov.uk/government/publications/records-management-code-of-practice-for-health-and-social-care. This benchmark will be applied to all clinical records made in the process of engagement with our therapy.
• Some records may be held indefinitely if there were any issues of concern that could lead to police investigation in the future.
What are your rights?
• The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.
• The right to access the personal data We hold about you.
• The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
• The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have.
• The right to restrict (i.e. prevent) the processing of your personal data.
• The right to object to us using your personal data for a particular purpose or purposes.
• The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
• Rights relating to automated decision-making and profiling. We do not use your personal data in this way. We aspire to the highest data privacy standards.
If you have questions, concerns or feedback then please let us know so that we can address them. Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau. If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) and you can visit www.ico.org.uk/concerns or phone 0303 123 1113.
How Can I Access My Personal Data?
If you want to know what personal data We have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”. All subject access requests should be made in writing and sent to the email of Libratum.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within one month of receiving it. Normally, We aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date We receive your request. You will be kept fully informed of our progress.
E-mail Correspondence
Libratum would like clients to have the opportunity to communicate by e-mail and e-mails will be accessed by the Libratum practice. Please be aware that that communication via e-mail has a number of risks, which include, but are not limited to, the following:
• E-mail can be circulated, forwarded and stored in paper and electronic files.
• Backup copies of e-mail may exist even after the sender or the recipient has deleted his/her copy.
• E-mail can be received by unintended recipients.
• E-mail can be intercepted, altered, forwarded or used without authorization or detection.
• E-mail can be used to introduce viruses into computer systems.
Guidelines for e-mail communication:
• Please inform Libratum of changes in your email address.
• Please include your name and phone number in the email.
• The e-mail message is not time sensitive. We cannot guarantee that any e-mail will be responded to within any particular time.
• The content of the email should only be used for non-sensitive and non-urgent issues.
• Email should not be used if you are in crisis. In case of emergency please contact the crisis lines as detailed above. Website Our website may place and access certain first party Cookies on your computer or device.
First party Cookies are those placed directly by Us and are used only by us. We use Cookies to facilitate and improve your experience of our website and to provide and improve our products and/or services. In addition, our website uses cookies so that we can see how many people have visited our site, how people use our site and which pages are most popular. Google may send additional cookies if you use the Google map links on the site. Cookies are anonymous and contain no personal data. You can turn cookies off in your website browser if you wish to.
How Do I Contact You?
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details:
• E-mail: enquiries@libratum.co.uk
• Telephone: (+0044) 020 7164 6934
Changes to this Privacy Notice
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if We change our business in a way that affects personal data protection.