Edinburgh Psychologist Dr Barbara Douglas

Supervision for Therapists in Edinburgh

Dr Barbara Douglas                                                                                          Updated: 19th May 2018

                                                                               

Registered Counselling Psychologist

Chartered Psychologist                                                                                

 

Data Protection and Privacy Policy

 

This policy describes the information that I gather and how I manage that information when you contact me or attend to see me as client / supervisee. This is to maintain standards of privacy and confidentiality compliant with the General Data Protection Regulation (GDPR), Data Protection Act (1998) and the British Psychological Society Practice Guidelines Third Edition 2017.  The data controller responsible for this policy and www.edinburghpsychologist.co.uk website is Dr. Barbara Douglas, Counselling Psychologist based in Edinburgh, UK. If you have any questions in relation to my use of your details, contact me at This email address is being protected from spambots. You need JavaScript enabled to view it.

1. What personal information do I collect?

I collect information about you for the purposes described below on the basis of your consenting to this. I gather information about you in order to provide an effective service. For example:

  • To know who you are so that I can communicate with you.
  • Verify your identity so that I can be sure I am dealing with right person.
  • Deliver a service to you under the terms of an agreed clinical contract.
  • Contact you, should I need to share information. I would only do this where there is a concern regarding a risk of harm to you or others or under other specific circumstances as outlined in this policy.

The information I collect broadly includes:

  • Your name, date of birth and your contact details including a postal address, telephone number(s) and electronic contact such as email address.
  • Information required to deliver a clinical service to you under the terms of an agreed clinical contract. This includes GP name and contact details, your background history and information relevant to your attendance to see me.
  • I may also collect information about you from third parties; for example, if I need to gather information from another health professional (such as your GP) to complete a clinical assessment. I would only do this with your consent.

 

  1. How will your information be used?

 

I use the data collected from you in the following ways:

  • To communicate with you so that I can inform you about your appointments with me. I use your name, your contact details such as your telephone number, email address or postal address.
  • To deliver an effective service to you, I will use your name, your contact details and the details gathered at your initial assessment appointment. I use written notes taken at the end of each session to record attendance and to provide an effective service to you. This is in line with guidance from my regulatory body (HCPC) and professional organisation (BPS).

 

  1. 3. Where do I keep your personal information?

 

I keep records in electronic or paper based (file) formats:

  1. Electronic person identifiable information is kept on an encrypted external data-locker secure memory device)
  2. Paper based recording: I am required to record relevant information that you provide to me. I do this by taking handwritten notes following sessions which are stored in a physical file. I may use this information to create a report, should you or your insurance provider request it. The paper-based file also includes the information sheet you complete at the assessment appointment giving personal details (eg. date of birth and GP contact details). Your psychology therapy notes/file are stored in a locked filing cabinet in a secure location
  3. Mobile phone storage: I may keep your mobile or other contact telephone number stored in the memory of my mobile phone. This would be for contacting you at short notice should the need arise. Only your first name is stored. The mobile phone I use is pin protected.

 

  1. How long do I keep your personal information?

 

I retain your psychology file/notes for 7 years in accordance with guidance issued by our professional body, the British Psychological Society. After this time, I will shred your file/notes and delete any electronic copies of reports relating to you.

 

  1. 5. Who do I disclose your personal information to?

 

If psychological reports are required I will send these to you, or to another health professional/provider or insurance company authorised by you. In addition, I may have to share data I collect if I am required to share data with the legal authorities to fulfil my obligations under Scottish law or if there is a significant risk to you or others. Under Child Protection legislation, I may be required to contact child protection services if you disclose information that indicates that a child may be currently still at risk.

 

If I wish to access or share your data in any way not described in this privacy policy, I will contact you beforehand and only proceed with your explicit consent.

 

All reports that are sent electronically are sent as attachments that are password protected.


  1. 6. Website:

 

Data collected by third parties

The www.edinburghpsychologist.co.uk website is hosted by 1and1 internet  and uses Transport Layer Security (TLS) to encrypt and protect email traffic The 1and1 privacy policy, which applies to this site can be viewed at https://www.1and1.co.uk/terms-gtc/terms-privacy/?linkId=ft.nav.privacypolicy. The website platform I use is therefore compliant with GDPR from May 2018.

 

Email:

We use Transport Layer Security (TLS) to encrypt and protect email traffic. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

Should you choose to contact us using an email link, or our contact form none of the data that you supply will be stored by this website or passed to / be processed by any of the third party data processors.

Instead the data will be collated into an email and sent to us over the Transport Layer Security (TLS).

Should you choose not to consent to us using your contact details in any form submitted, please contact us by phone or direct email.

This website is hosted by 3rd party servers located in the EU which are compliant with EU legislation.

Data submitted via email directly to This email address is being protected from spambots. You need JavaScript enabled to view it. will be kept for approximately 6 months and then deleted unless there is a legitimate reason to keep this longer (eg. if you become a client and this forms part of the client case record).

 

  1. 7. Record of payments and retention of payment information:

 

I keep records of invoices, payments and receipts for accounting purposes. W required to retain this information for 6 years in line with HMRC requirements. After six years I delete and/or shred this information.

 

  1. Your rights:


How can I see all the information you have about me?

You can make a subject access request (SAR) by contacting me. I may require additional verification that you are who you say you are to process this request. I will aim to provide you with this information within one month of your written request. I may withhold such personal information to the extent permitted by law. In practice, this means that I may not provide information if I consider that providing the information will violate your vital interests.

 

What if my information is incorrect?

Please contact me. I may require additional verification that you are who you say you are to process this request. If you wish to have your information corrected, you must provide me with the correct data and after I have corrected the data in our systems I will send you a copy of the updated information in the same format as the subject access request.

 

How can I have my information removed?

If you want to have your data removed I have to determine if I need to keep the data, for example in case HMRC wish to inspect my records. If I decide that we should delete the data, I will do so without undue delay.

 

How do I make a complaint?

If you wish to raise a complaint on how I have handled your data, you can contact me to have the matter investigated (This email address is being protected from spambots. You need JavaScript enabled to view it.) If you are not satisfied with my response or believe I am not processing your data in accordance with the law you can complain to the Information Commissioner’s Office: https://ico.org.uk

 

  1. Changes to this privacy policy:

 

I may occasionally make changes to this data protection and privacy policy. Following any changes, the date at the top of the privacy policy will be updated. If any change allows for the wider access to or sharing of data, such changes will only apply to data collected after the date of the updated privacy policy.

 

 

Dr Barbara Douglas

Registered Counselling Psychologist

Chartered Psychologist.

Websites for Psychologists by

YouCan Consulting Ltd