Dr Nicola Connolly Privacy Policy
Dr Nicola Connolly Consultant Clinical Psychologist and Chartered Psychologist
(HCPC No. PYL24345, British Psychological Society No. 073939)
Email:
Privacy Policy
Dr Nicola Connolly, Consultant Clinical Psychologist, offers psychological services to children, adolescents and adults. This privacy policy explains how she (as a data controller) processes and stores your personal information in compliance with the
General Data Protection Regulation (GDPR) laws.
Dr Connolly is registered with the Information Commissioner’s Office, registration number ZB505052 (www.ico.org.uk).
1) What Are Your Rights?
Dr Connolly is committed to protecting your rights to privacy. Your rights include:
• Right to be informed about what happens to your personal data;
• Right to have a copy of all the personal information collected;
• Right to rectification of any inaccurate data processed, and to add to the
information held about you if it is incomplete;
• Right to be forgotten and your personal data destroyed;
• Right to restrict the processing of your personal data;
• Right to object to the processing carried out based on our legitimate interest.
2) Why I Collect Information About You?
I process personal data and sensitive personal data because I have a legitimate interest to do so when providing you or your family member with a clinical psychology service. It is necessary when providing psychological assessment and therapy to clients. My lawful reason for processing “special category data” is that it is necessary for the purposes of the provision of health or social care or treatment.I may also ask for information on how you found my service for the purpose of my own marketing and service evaluation.
3) What Information Do I Collect About You?
I collect information about you that may include personal or sensitive information about you or a family member who is involved in the work, such as:
• First name or given name
• Family name or surname
• Date of birth
• Gender (or preferred identity)
• Email address
• Address
• Telephone numbers
• Relationships & children
• Next of Kin
• Occupation
• GP name and contact details
• Name of health insurance provider, if relevant, and any data provided by the insurer.
To make sure that you are assessed and/or treated safely and appropriately, I record your personal information, such as your name, address, as well as all contacts you have with the Company including details of your appointments and all notes made during telephone calls and face to face appointments during our work together. This may include the following information:
• Medical conditions
• Prescribed medication
• Family and relationship history
• Psychological history
• Current psychological difficulties
• Goals
I also process personal data pursuant to legitimate interests in running the business such as:
• Invoices and receipts
• Accounts and tax returns
Your data is always kept confidential.
4) How Do I Store Information About You?
I take your privacy very seriously. I am committed to taking reasonable steps to protect any identifying information that you provide to me. Once I receive your data, I make best efforts to ensure its security on our systems. All personal information provided is stored in compliance with EU General Data Protection Regulations (GDPR) rules. This includes: Email: Your email address and correspondence will be stored in email accounts (currently btinternet.com) by nature of you contacting me. It is your choice as to whether you share personal information over email. I will avoid sending sensitive information over email, unless you consent to me doing so.
Paper notes and hard copies of reports: Will be stored in locked filing cabinets.
Online practice management software: Each client has an electronic record that is stored via a secure ISO27001 accredited datacentre.
5) How Long Do I Keep Your Information?
I do not keep your data for longer than is necessary. Administrative data is retained for up to six years as necessary, in the unlikely event there are queries from HMRC. Where it is not necessary to retain the data for six years, it is destroyed as soon as
possible. Clinical records (both electronic and in paper form) will be held for up to seven years from the end of treatment. This is so that we have a record of what we have done together in the event you return to therapy or any questions arise as to
what happened during treatment. At the end of this period, the clinical record will be destroyed. The position is different for children where, in some cases, best practice is for records to be retained until the child reaches their 25th birthday.
6) With Whom Do I Share Your Personal Information?
I hold information about each of my clients and the therapy they receive in confidence. This means that I will not normally share your personal information with anyone else. However, there are exceptions to this when there may be need for liaison with other parties:
• If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then I will share appointment schedules with that organisation for the purposes of billing. I may also share information with that organisation to provide treatment updates.
• In cases where treatment has been instructed by a solicitor, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.
• For the purposes of supervision; as an HCPC accredited clinician, Dr Connolly is obliged to consult with another mental health professional for supervision to reflect on and continuously develop her clinical skills. When discussing clients in supervision, she only refers to clients by their first name and she seeks to minimise revealing other identifiable information. In exceptional circumstances, I might need to share personal information with relevant authorities:
• When consent is given by a client for me to contact a third party e.g., a schoolteacher.
• When there is need-to-know information for another health provider, such as your GP.
• When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.
• When the information concerns risk of harm to the client, or risk of harm to another adult or a child. We will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else.
7) How Can You Access Your Information?
Individuals can find out if I hold any personal information by making a ‘subject access request’ or ‘Right of Access’ under the Data Protection Act and the General Data Protection Regulation. Within 30 days of receiving your request, I will then supply to you:
• A description of all data I hold about you
• Inform you how it was obtained (if not supplied by you)
• Inform you why, what purposes, I am holding it
• What categories of personal data is concerned
• Inform you who it could be disclosed to
• Inform you of the retention periods of the data
• Inform you around any automated decision making including profiling
• Let you have a copy of the information in an intelligible electronic form unless otherwise requested.
To make a request for any personal information I may hold you need to put the request in writing. I want to make sure that your personal information is accurate and up to date. You may ask me to correct or remove information you think is inaccurate.
8) Complaints or Queries
I try to meet the highest standards when collecting and using personal information. For this reason, I take seriously any complaints I receive about this. I encourage people to bring it to my attention if they think that my collection or use of information is unfair, misleading or inappropriate. I would also welcome any suggestions for improving my procedures. If you do have a complaint, contact Dr Connolly who will investigate the matter on your behalf. If you are not satisfied with the response or believe I am not processing your personal data in accordance with the law, you have the right to raise your complaint with the Information Commissioner’s Office (ICO)
Contact information ICO:
Website: https://ico.org.uk/concerns/
Email:
Telephone: +44 (0) 303 123 1113
Dr Nicola Connolly
Consultant Clinical Psychologist