At the Amber practice we are committed to protecting and maintaining the privacy of your personal data. Our privacy statement outlines how we manage personal data in compliance with the General Data Protection Regulation (GDPR) and applicable UK data protection laws.

This statement applies when we are acting as a data controller to determine the purposes and means of processing the personal data of our website users and service users.

In this statement “we” refers to the sole practitioners that form the ‘Amber Practice’.

You are responsible for securing your computer hardware and any other devices you may use for sessions or synchronise with, your internet access points, email and passwords. We will not be liable for any breach of confidentiality or personal data arising or in connection with the action of third parties or a lack of security in your devices or location.

Data collections are processed under the legal basis of ‘legitimate interests’. Any further sensitive data shared is processed under the ‘special category condition’ for the provision of health care.

Website Visitors

Usage data may include your IP address, geographical location, browser type and versions, operating system, referral source, length of visit, page views and website navigation paths. The legal basis for this processing is the analysis of website usage to monitor and improve our website and service provision.

Cookies: Our website uses cookies to enhance user experience and analyse website use usage. You can manage your cookie preferences through your browser settings.

Initial Therapy Enquiries

The data collected during initial therapy enquiries depends on your enquiry route.

The Amber Practice website: We collect your name, e-mail, phone number and a brief description of your difficulties and preferences for therapy.

E-mail enquiries: We collect any information you choose to share via email including name and e-mail address.

Third Party enquiries: On receiving third party referrals e.g. from insurance companies or General Practitioners we collect any data sent via the third party, including name, e-mail address and phone number.

Data Storage and access: Enquiry and referral data are stored on our e-mail and online calendar (GDPR compliant). Your name, e-mail, telephone number and brief self-referral notes will be accessed by the Amber Practice practitioners. An Amber Practice therapist will contact you via your preferred method to discuss an initial therapy session. The details and preferences shared by you and provided in the initial therapy enquiry will be used to allocate the most suitable therapist. In the event of you opting to be added to a waiting list we will provide any relevant updates via e-mail or telephone.

Therapy Sessions

Before commencing therapy, we request that you provide the following data; your name, gender identity, date of birth, next of kin or emergency contact person, address, telephone number, e-mail address, GP contact details and any relevant insurance policy information if required e.g. pre-authorisation numbers. During assessment and therapy sessions additional information is collected including occupation, relationship information, therapy history, medical conditions, prescribed medications, past and present difficulties and any correspondence via e-mail or telephone.

Data storage and access:

·        Data collected including personal details, assessment notes, therapy session notes, supervision notes and outcome measures are stored electronically on a password encrypted device in line with GDPR requirements and accessible only by your therapist.

·        Your name, e-mail address and phone number may be stored on your therapist; s smartphone under password protection.

·        Your name, e-mail address and any e-mail correspondence will be stored on your therapist’s secure email account. E-mails may also be access via your therapist’s smartphone or a portable computing device. All devices are protected with password security.

Confidentiality

We respect your right to confidentiality, and this will be maintained within the HCPC codes of ethics and legal requirements. Confidentiality does not apply in of circumstances where withholding information would entail a breach of the codes of ethics or where your therapist is required to provide information in line with legal obligations to appropriate agencies (e.g. GPs, Social Services, the Police) or under a court order.

·        Confidentiality may be breached if  there is considered to be a risk you may harm yourself or others. In such exceptional circumstances, where there is concern for your well-being or that of others, it may be necessary to seek help outside the therapeutic relationship. Every effort will be made to discuss this with you before taking any action.

·        In the case of a disclosure concerning acts of terrorism, vulnerable adult or child protection issues or drug trafficking, confidentiality will be breached, and such disclosures will be passed onto the relevant authority without delay. Due consideration should be exercised before disclosing anything of a previously unreported criminal nature, as therapists are obligated to contact relevant authorities.

·        Therapist and clients must agree not to make any type of recording of sessions conducted by phone or video call.

Confidentiality with Children and Young People

When beginning direct work with a child or young person, the psychologist should discuss and agree who will have access to the information arising from the work, with direct reference to principles of ‘Gillick competence’. In undertaking this discussion it is helpful to acknowledge that there may be those adults (e.g. parents/carers, other relevant professionals such as teachers, social workers, counsellors) who may have a supportive interest in the work and may wish to have appropriate access to information but the wishes of a ‘Gillick competent’ young person should take precedence unless there are safeguarding concerns.

Parents or those with legal responsibility may be made aware of this agreement if appropriate, although a young person deemed to be Gillick competent is able to agree to work with a psychologist independently. Those with parental responsibility do not have an automatic right of access to the psychologist’s records by making a subject access request under data protection legislation.

The nature and purposes of any work will vary and this will determine how and to whom information will be shared, however the child or young person should always be made aware of who will have access to what and for what purpose and due consideration given to the wishes of a ‘Gillick competent’ young person about who can have access to information about any involvement with a psychologist. The child or young person should be fully aware of the content of any shared information, including as appropriate, copies of the documents. Whatever is agreed about information sharing including work where information is confidential, the psychologist must ensure the child or young person knows and understands that if there is a risk of harm the psychologist must follow safeguarding procedures.

Your rights

You have the right to:

·        Request access to your personal data

·        Rectify any inaccurate personal data

·        Withdraw consent for us to process your data

·        Request that your personal data is erased

Contact Us:

Please contact use with any requests or concerns regarding your personal data. Please be aware that we may be obliged to refuse requests in accordance with lawful requirements and the HCPC professional code of conduct (www.hcpc-uk.co.uk).

All personal data is deleted 7 years after our final correspondence.