Data Protection and Privacy
This is the Privacy policy for Dr Elinor Doris who is the data controller for information collected through this site and for personal data collected during therapy sessions. The purpose of this policy is to inform you how I collect and use your personal information both via this site and during the provision of my services. It is also the policy that covers my justification for processing sensitive data that you provide to me.
I collect the following personal information about you:
-
Personal and contact details as requested on the personal and contact details form
-
Financial information relating to the sessions attended and payments made
-
Copies of communication between you and I
-
The initial consultation report and session notes
I hold your personal information in the legitimate interest of working safely and professionally with you, in order to contact you about sessions and billing, and to provide you with the best possible treatment and service.
For all sessions I keep brief electronic notes which are stored securely. I am registered with the Independent Commissioner’s Office for data storage and session data is stored in accordance with General Data Protection Regulations (GDPR). In keeping with BPS and Health and Care Professions Council (HCPC) standards, records are kept for a period of seven years following the conclusion of therapy, after which they are deleted.
In circumstances where it will not result in harm, you have the right to:
-
Access a copy of any of your personal information
-
Require me to rectify inaccuracies in your information
-
Require me to stop collecting or to delete your information
-
Object to the way I am processing your information