I aim to be as clear as possible about how and why I use information about you so that you can be confident that your privacy is protected.
This policy describes the information that I collect when we work together.
This information includes personal information as defined in the General Data Protection Regulation (GDPR) 2016 and any subsequent data protection legislation.
This policy describes how I manage your information when we work together, if you contact me or when I contact you.
I use the information I collect in accordance with all laws concerning the protection of personal data including the Data Protection (Jersey) Law 2018.
As per these laws, I am the data controller; if another party has access to your data I will tell you if they are acting as a data controller or a data processor, who they are, what they are doing with your data and why I need to provide them with the information.
If your questions are not fully answered by this policy, please contact me. If you are not satisfied with the answers from me, you can contact the Jersey Office of the Information Commissioner (JOIC).
1. Why do I need to collect your personal data?
I need to collect information about you so that I can:
Know who you are so that I can communicate with you in a personal way. The legal basis for this is a legitimate interest.
Deliver goods and services to you. The legal basis for this is the contract with you.
Process your payment for the goods and services. The legal basis for this is the contract with you.
Verify your identity so that I can be sure I am dealing with the right person. The legal basis for this is a legitimate interest.
2. What personal information do I collect and when do I collect it?
For me to provide with you with goods and services, I need to collect the following information:
Your contact details including:
a postal address
electronic contact such as:
your date of birth
your health insurance details.
I collect this information directly from you.
I may also collect information about you from a health professional (such as your GP) to provide a complete health assessment. This may include sensitive personal information.
3. How do I use the information that I collect?
I use the data I collect from you in the following ways:
To communicate with you so I can inform you about your appointments with me, and outstanding payments, I use your name, your contact details such as your telephone number, email address or postal address.
To deliver the correct service to you I use your name, your contact details and other information collected from you during sessions. I may also use information from third parties, such as referrals from GPs.
To create invoices for sending to health insurance companies I use your health insurance membership number and authorisation code, or I use an online encrypted system.
4. Where do I keep the information?
I keep your information in the stores described below.
I use a desktop computer located in my consulting room. This computer is password protected and the hard drives are encrypted. Passwords are not shared.
I also store notes on an electronic note-keeping device. This is kept in a locked filing cabinet and is password protected. This device is backed up using an encrypted cloud service and/or using the desktop computer’s encrypted hard-drive.
I use Microsoft Word to produce invoices. The computer record includes the most recent invoice generated. I also use Microsoft Word to produce letters to health professionals and health insurance companies.
I keep paper-based information in a lockable filing cabinet in my lockable office.
5. How long do I keep the information?
I will keep the paper and electronic records for seven years in line with legal and professional requirements. I will keep invoices for seven years in line with tax return guidance. Paper records are destroyed using a secure shredding service.
6. Who do I send the information to?
I will only send information needed to deliver my service.
I send invoices and reports to health insurance companies and health professionals as required professionally and abide by confidentiality as stated on my terms and conditions.
Invoices and reports are sent either by post or by email pseudonymised with company codes. Where this is not possible or practical all documents are password protected.
Cloud storage providers will have information shared with them in compliance with GDPR.
Routine emails are deleted in a timely manner. Any documentation that is relevant for clinical files is printed and stored in the lockable filing cabinet.
I am required to abide by professional guidelines that state exceptions to confidentiality as outlined in my terms and conditions (eg, if your health is in jeopardy, with your agreement, I may share information with a mental health crisis team).
In addition, if I become aware of your intent to cause harm to another person, the law may require me to inform the relevant authorities without seeking your prior permission.
7. How can I see all the information you have about me?
You can make a subject access request to me. I may require additional verification that you
are who you say you are to process this request. I may withhold such personal information to the extent permitted by law. In practice, this means that I may not provide information if I consider that providing the information will violate your vital interests.
8. What if my information is incorrect or I wish to be removed from your system?
Please contact me. I may require additional verification that you are who you say you are to process this request. If you wish to have your information corrected, you must provide me with the correct data and after I have corrected the data in my systems I will send you a copy of the updated information in the same format as the subject access request in section 7.
9. How can I have my information removed?
If you want to have your data removed I have to determine if I need to keep the data for example, to comply with professional bodies or tax requirements. If I decide that I should delete the data, I will do so without undue delay.
10. Will I send emails and text messages to you?
As part of providing my service to you I will send you emails and, where relevant, text messages. If you do not wish to receive communication through these means, please let me know.
Appendix 1: Cookies
1. What is a cookie?
A cookie is a small amount of data stored on a computer that contains information about the internet pages that have been viewed from that computer. They are commonplace on the internet and are used by websites to improve the user's online experience by storing information about how the user navigated around and interacted with it. This information is then read by the website on the next occasion that the user visits.
Cookies are sent automatically by websites as they are viewed, but in order to protect a user's privacy, a computer will only permit a website to access the cookies it has sent, and not the cookies sent by other sites. Furthermore, users can adjust the settings on their computer to restrict the number of cookies that it accepts, or notify them each time a cookie is sent. This should improve privacy and security but will generally meant that certain personalized services cannot be provided, and it may therefore prevent the user from taking full advantage of a website's features.
For further information about cookies please visit www.aboutcookies.org
2. What sort of cookies do we use on our website?
We use two types of cookies: session cookies and stored cookies. Session cookies expire at the end of the user's browser session and can also expire after the session has been inactive for a specified length or time, usually 20 minutes. Session cookies are stored in the computer's memory and are automatically deleted from the user's computer when the browser is closed.
Stored cookies are stored on the user's computer and are not deleted when the browser is closed. Stored cookies can retain user preferences for a particular website, allowing those preferences to be used in future browsing sessions.
They gather information regarding the visitors to our website on our behalf using cookies, allowing us to understand the amount of traffic to the website and whether they are returning visitors. We do not pass any information to a third party.
4. Can I browse your website without receiving any cookies?
Yes, if you have set your computer to reject cookies, you can still browse the website. However, certain functions may not be available to you unless you enable cookies.
5. How can I find and control cookies?
You can usually adjust for yourself the number of cookies that your computer (or other device, such as a mobile phone) receives. How this is done, however, varies according to which device and what browser software you are using.
As a general rule, the more commonly used web browser software packages ten to have a drop-down menu entitled 'Tools'. One of the options on this menu is usually 'Options' - and if this is selected, 'Privacy' is usually one of the settings that may be adjusted by the user. In the case of any device other than a PC(egg and mobile phone) you should always refer to the manufacturer's instructions, Alternatively, you may wish to opt-out from only the cookies used by third-party companies (acting on our behalf) to measure the traffic to our site. This has the advantage of leaving other cookies in place, thereby minimizing the loss of functionality associated with blocking all cookies.
You may find the following websites useful for information on how to change cookie settings in a range of commonly used browsers: www.aboutcookies.onx