My name is Kelly Johnson, Owner of The Therapeutic Consultancy (TTC). I am a Therapeutic Social Worker and Foundational Theraplay Practitioner. I work from my home undertaking administrative duties where your data will be stored securely. Therapeutic work is undertaken during home visits and school visits in Suffolk and the neighbouring counties. I attend professional meetings when requested. My online presence is here www.thetherapeuticconsultancy.co.uk and https://www.facebook.com/thetherapeuticconsultancy/?modal=admin_todo_tourand you can find me on twitter @TherapeuticThe
New data protection laws are in effect from the 25th May 2018 - the General Data Protection Regulation (GDPR), the purpose of which is to provide a set of standardised data protection laws across all EU member countries. I comply with these laws by informing you of the following:
· I am the Data Controller for TTC.
· I have what is known as legitimate interest for keeping data. I will need to keep information about you in order to provide you with a service, to process payments, and to prevent serious harm. As such, I will hold your personally identifiable information for those family members engaged in work with me (name, dates of birth, address, telephone numbers, email, and payment information. I cannot work with you without keeping this data.
· My professional registration requires that I keep sensitive data about the work I carry out. I write session notes, reports and outcome measures. I have systems in place to protect your data and here have been no data breaches.
· Your private online enquiries to me will be kept confidential. Please be aware if you post to the TTC public Facebook, Linked-In & Twitter feed pages it can be seen by anyone in the online community.
· TTC follows the law and codes of practice set down by the Health and Care Professionals Council, HCPC and The Theraplay Institute.
· You are entitled to request a copy of your data, free of charge, and to have inaccurate information corrected. You can request I delete personal data about you as long as it does not include data for administrative, legal or security purposes. Third party information must be removed. You can contact me via my email in order to make an enquiry about your data firstname.lastname@example.org
· I am required to keep data for up to seven years after your last session, or up to seven years after your 18th birthday. Notes are then incinerated. These stored notes can only be accessed by me.
· I aspire to the highest data privacy standards. If you have any questions, concerns or feedback, please let me know so that I can address them.
· You can complain to the Information Commissioners Office (ICO) if you think that we have acted unlawfully: visit ico.org.uk/concerns, or telephone 0303 123 1113.
What personal data I collect and why I collect it
TTC does not sell or pass on your personal data for marketing purposes. Your data is treated with confidentiality. I will seek your consent before I share your data. At the beginning of our work we create a list of the people you allow me to share information with and you have the authority to change this at any time. In exceptional circumstances, I may need to share your personal information with relevant authorities:
o When there is need to know information for another healthcare provider, such as your GP.
o When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.
o When the information concerns risk of harm to you, or risk of harm to another adult or child. I discuss the proposed disclosure with you, unless we believe that to do so could increase the risk to you or someone else.
Where is your data stored and how is it kept safely?
· On a password encrypted Personal Computer and/or tablet, backed up with a password encrypted external hard drive. Firewall and antivirus software are enabled.
· In paper files stored in a locked cabinet
· In a password enabled mobile phone.
· In email systems – encrypted when sensitive data is used. Personal information is minimised in phone and email correspondence.
· In an online cloud: Microsoft Word and documents are password protected.