I aim to be as clear as possible about how and why I use information about you so that you can be confident that your privacy is protected.
This policy describes the information that I collect when we work together.
This information includes personal information as defined in the General Data Protection Regulation (GDPR) 2016 and any subsequent data protection legislation.
This policy describes how I manage your information when we work together, if you contact me or when I contact you.
I use the information I collect in accordance with all laws concerning the protection of personal data including the Data Protection (Jersey) Law 2018.
As per these laws, I am the data controller; if another party has access to your data I will tell you if they are acting as a data controller or a data processor, who they are, what they are doing with your data and why I need to provide them with the information.
If your questions are not fully answered by this policy, please contact me. If you are not satisfied with the answers from me, you can contact the Jersey Office of the Information Commissioner (JOIC).
1. Why do I need to collect your personal data?
I need to collect information about you so that I can:
Know who you are so that I can communicate with you in a personal way. The legal basis for this is a legitimate interest.
Deliver goods and services to you. The legal basis for this is the contract with you.
Process your payment for the goods and services. The legal basis for this is the contract with you.
Verify your identity so that I can be sure I am dealing with the right person. The legal basis for this is a legitimate interest.
2. What personal information do I collect and when do I collect it?
For me to provide with you with goods and services, I need to collect the following information:
Your contact details including:
a postal address
electronic contact such as:
your date of birth
your health insurance details.
I collect this information directly from you.
I may also collect information about you from a health professional (such as your GP) to provide a complete health assessment. This may include sensitive personal information.
3. How do I use the information that I collect?
I use the data I collect from you in the following ways:
To communicate with you so I can inform you about your appointments with me, and outstanding payments, I use your name, your contact details such as your telephone number, email address or postal address.
To deliver the correct service to you I use your name, your contact details and other information collected from you during sessions. I may also use information from third parties, such as referrals from GPs.
To create invoices for sending to health insurance companies I use your health insurance membership number and authorisation code, or I use an online encrypted system.
4. Where do I keep the information?
I keep your information in the stores described below.
I use a desktop computer located in my consulting room. This computer is password protected and the hard drives are encrypted. Passwords are not shared.
I also store notes on an electronic note-keeping device. This is kept in a locked filing cabinet and is password protected. This device is backed up using an encrypted cloud service and/or using the desktop computer’s encrypted hard-drive.
I use Microsoft Word to produce invoices. The computer record includes the most recent invoice generated. I also use Microsoft Word to produce letters to health professionals and health insurance companies.
I keep paper-based information in a lockable filing cabinet in my lockable office.
5. How long do I keep the information?
I will keep the paper and electronic records for seven years in line with legal and professional requirements. I will keep invoices for seven years in line with tax return guidance. Paper records are destroyed using a secure shredding service.
6. Who do I send the information to?
I will only send information needed to deliver my service.
I send invoices and reports to health insurance companies and health professionals as required professionally and abide by confidentiality as stated on my terms and conditions.
Invoices and reports are sent either by post or by email pseudonymised with company codes. Where this is not possible or practical all documents are password protected.
Cloud storage providers will have information shared with them in compliance with GDPR.
Routine emails are deleted in a timely manner. Any documentation that is relevant for clinical files is printed and stored in the lockable filing cabinet.
I am required to abide by professional guidelines that state exceptions to confidentiality as outlined in my terms and conditions (eg, if your health is in jeopardy, with your agreement, I may share information with a mental health crisis team).
In addition, if I become aware of your intent to cause harm to another person, the law may require me to inform the relevant authorities without seeking your prior permission.
7. How can I see all the information you have about me?
You can make a subject access request to me. I may require additional verification that you
are who you say you are to process this request. I may withhold such personal information to the extent permitted by law. In practice, this means that I may not provide information if I consider that providing the information will violate your vital interests.
8. What if my information is incorrect or I wish to be removed from your system?
Please contact me. I may require additional verification that you are who you say you are to process this request. If you wish to have your information corrected, you must provide me with the correct data and after I have corrected the data in my systems I will send you a copy of the updated information in the same format as the subject access request in section 7.
9. How can I have my information removed?
If you want to have your data removed I have to determine if I need to keep the data for example, to comply with professional bodies or tax requirements. If I decide that I should delete the data, I will do so without undue delay.
10. Will I send emails and text messages to you?
As part of providing my service to you I will send you emails and, where relevant, text messages. If you do not wish to receive communication through these means, please let me know.