GDPR & PRIVACY NOTICE

On 25 May 2018, the law changed with regard to how organisations have to protect your ‘data’ (personal details and records) and this is called the General Data Protection Regulation or GDPR.
The following summary highlights how GDPR is being implemented by APJ Psychological Consulting Limited, a company which provides psychological services and individuals will be asked to provide personal and sensitive information. 

N.B. It is assumed that by engaging with this service you are consenting to records being kept.

APJ Psychological Consulting collects and processes the following personal data from individuals as appropriate according to the psychological service being undertaken: 

Personal data: Basic contact information including name, address, email, contact number, online ID, and GP contact details if needed. Photo ID may be requested.

Sensitive personal data: Health & Social Care records, therapy records, clinical notes, letters, reports, psychometrics and outcome measures.

If you are referred by your health insurance provider, solicitor, rehabilitation company or other appropriate agency such as the Crown Prosecution Service or the Police, then APJ. Psychological Consulting will also collect and process personal data provided by that organisation and related multi-agencies including basic contact information, referral information, and authorisations.

The above activities require APJ Psychological Consulting to act as a ‘Data Controller’ and be registered with the Information Commissioners Office (ICO). This register is an online public register of Data Controllers and visible for anyone to check.

APJ Psychological Consulting has a legitimate interest and purpose in using the personal data and sensitive personal collected to provide psychological services.

No information you provide is passed on without your consent except when there may be need for liaison with other parties such as your GP or Occupational Health provider, or when limited confidentiality applies such as Risk of Harm to the individual or others, or legal duty.

APJ Psychological Consulting will use the information collected to provide psychological services to you and protects your privacy. 

If you do not provide the personal information and photo ID requested, then APJ Psychological Consulting may be unable to provide services.

Your personal information may be required to process payment either directly or by a third party as appropriate.

APJ Psychological Consulting will only store your personal information for as long as it is required as per current British Psychological Society and Health Care Professions Council guidance and Caldicott principles.

Personal information is minimised in phone and email communication. 

Sensitive personal data will be sent to clients using e-mail services which are GDPR compliant. Any sensitive data attached in an email attachment will be password protected unless otherwise requested by yourself. 

Personal information is also stored on an office computer. These are password protected (entry password, and encrypted and password protected digital storage vault). Malware and antivirus protection is installed on all computing devices. Confidential digital information may also be stored in a secure cloud service offering high levels of security which is GDPR compliant.  

Mobile devices are protected with a passcode/thumbprint scanner, mobile security and antivirus software. 

Written and hard-copy notes are kept in a double-locked secure filing cabinet.

You have a right to access the information APJ Psychological Consulting holds about you by direct request or by a ‘subject access request’ and will usually share this with you within 30 days of receiving a request. Third-party information will be redacted. There may be an administration fee for supplying the information to you.

You have a right to get your personal information corrected if it is inaccurate. APJ Psychological. Consulting reserves the right to refuse a request to delete a client’s personal information where there is a justifiable reason.

You can complain to a regulator. If you think that APJ Psychological Consulting has not complied with data protection laws, you have a right to lodge a complaint with the ICO.

In the event of death or incapacity of the Director of APJ Psychological Consulting, arrangements have been made for Ewa Rula, longstanding trusted colleague to take over GDPR obligations and professional liaison as appropriate.

This GDPR & Privacy Notice may be printed for information and do ask any questions either directly to APJ Psychological Consulting or at https://ico.org.uk.