Auric Psychology keeps records that hold your personal information. The information below will explain what data we hold, why we hold it, where we hold it and what your rights are.
Auric Psychology keeps records about you in order to provide you with a service, and to process payments
We cannot work with you unless you allow us to keep these records
Auric Psychology follows the law and the codes of practice set out by the HCPC and BPS
Auric Psychology has a system in place to protect your data
You are entitled to request a copy of your information free of charge and to have inaccurate information corrected.
If you have any questions or concerns, you can contact us at firstname.lastname@example.org and we will address this immediately.
You can complain to the Information Commissioners Office (ICO) if you think we are acting unlawfully: Visit www.ico.org.uk/concerns or phone 0303 123 1113
Who keeps your data
Dr Jessica Golden is the data controller for Auric Psychology. This means that she is responsible for data held within Auric Psychology and keeping it safe in line with the law.
Associate psychologists and associate counsellors taking on referrals within Auric Psychology will be additional data controllers for the clients they work with directly and may have access to more data than Dr Golden due to the confidential nature of their therapy work with a specific client. In such cases, associates will be the primary data controller for those clients. This means your therapist will be primarily responsible for your sensitive data and keeping it safe in line with the law.
What personal data we process
Personal data: basic contact information: name, address, email, contact number, next of kin name and phone number, and GP contact details.
Sensitive personal data: Signed Therapy Client Agreement, therapy records (therapist notes, letters, reports and/or outcome measures).
If you complete a web-based enquiry form, we will also collect any information you provide to us as well as your internet protocol (IP) address. This is automatically supplied by the website software used to offer the form. All web services used by Auric Psychology are verified by themselves as GDPR compliant.
If you are referred by your health insurance provider, then we will also collect and process personal data provided by that organisation. This includes basic contact information, referral information, and health insurance policy number and authorisation for psychological treatment.
The lawful basis for processing personal data
Auric Psychology has what is known as a legitimate interest for keeping and using personal data. This means it is necessary for us to collect and use this data in order to provide psychological therapy to clients.
We may also ask for information on how you found our service for the purpose of our own marketing research. No information you provide is passed on without your consent. We will never sell your information to others.
What we do with your personal information
We use your data for three purposes 1) to provide you with services 2) for billing and processing payments and 3) to help prevent serious harm
If you do not provide the personal information requested, then we will be unable to provide a therapy service to you.
If you opt in, we may also send you information about our services that we think could be of interest to you. You can change your mind about this at any point and we will remove your information from our mailing lists.
How long we store personal information
We will only store your personal information for as long as it is required. Basic contact information held on a therapist’s mobile phone is deleted within 6 months of the end of therapy.
The sensitive personal data defined above is stored for a period of 7 years after the end of therapy. After this time, this data is deleted at the end of each calendar year.
Who we might share personal information with
We hold information about each of our clients and the therapy they receive in confidence. This means that we will not normally share your personal information with anyone else. However, there are exceptions to this when there may be need for liaison with other parties:
If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then we will share appointment schedules with that organisation for the purposes of billing. We may also share information with that organisation to provide treatment updates.
In cases where treatment has been instructed by a solicitor, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.
In exceptional circumstances, we might need to share personal information with relevant authorities:
When there is need-to-know information for another health provider, such as your GP.
When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.
When the information concerns risk of harm to yourself, or risk of harm to another adult or a child. We will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else.
What we will NOT do with your personal information
We will not share your personal information with third-parties for marketing purposes.
Where we keep your data
Your data is predominantly kept
In our clinic management software Writeupp (writeupp.com)
In our mobile phones
In our email systems
On occasion your information will also be stored
In paper files
On our laptops
How we keep your data safe
Personal information is minimised in phone communication.
Email applications use private (SSL) settings, which encrypts email traffic so that it cannot be read at any point between our computing devices and our mail server.
Writeupp data is encrypted in flight. This means that no one can read data that is sent to, or coming drom our Writeupp account. This account is locked with a strong password and two step verification.
Our laptops are password protected and encrypted. Malware and antivirus protection is installed on all computing devices.
Mobile devices are protected with a passcode/thumbprint scanner, mobile security and antivirus software.
Our paper notes are stored in a locked cabinet in a locked office.
You have a right to access the information we hold about you.
We will usually share this with you within 30 days of receiving a request.
We may request further evidence from you to check your identity.
A copy of your personal information will usually be sent to you in a permanent form (that is, a printed copy).
You have a right to get your personal information corrected if it is inaccurate.
You can complain to a regulator. If you think that we haven't complied with data protection laws, you have a right to lodge a complaint with the Information Commissioner’s Office.
Auric Psychology reserves the right to refuse a request to delete a client’s personal information where this is for therapy records. Therapy records are retained for a period of 7 years in accordance with the guidelines and requirements for record keeping by The British Psychological Society (BPS; 2000)and The Health and Care Professions Council (HCPC; 2017).
Dr Jessica Golden
Clinical Director of Auric Psychology.
Last updated February 2019
The British Psychological Society (2000). Clinical Psychology and Case Notes: Guidance on Good Practice. Leicester: Division of Clinical Psychology, BPS.
Health and Care Professions Council (2017). Confidentiality – guidance for registrants. London: HCPC.