Privacy policy

Niddrie Therapy and Coaching
Privacy Policy and Data Retention Statement

I take the protection of your data very seriously and I aim to be fully compliant with current General Data Protection Regulation legislation (GDPR) and to let you know how I use and protect the data you’ve given me. GDPR replaces the previous Data Protection Act. I wish to be transparent with the processes I have in place. Identifiable information, if shared, will only be used in accordance with this privacy statement.

I am registered with the Information Commissioners Officer (ICO) and my registration number is ZA558087.

What information do I collect?

Depending on the therapy chosen, I may collect some or all of the following personal data such as name, address, date of birth, gender, GP/medical practitioner details, telephone number, email address and payment information such as recording a cheque payment. I may also collect any data you give me regarding personal history, family background, alongside potentially sensitive data relating to your medical and mental health conditions.  The property where my clinic is located has CCTV at both front and rear entrances and indicated by signage.

What do I use the information for?

  • To provide services relating to your needs
  • Taking notes about our sessions for both you and I to reflect upon as we progress
  • To notify you of appointments and the services I provide
  • To fulfil administrative, legal, ethical and contractual obligations
  • To share resources (e.g. website links, book recommendations) with you relevant to any work I undertake and only with your consent
  • CCTV recordings are used solely for the prevention and detection of crime; apprehension and prosecution of offenders and to ensure the security of the property

What information do I share?

I will not share any information about you with other organisations or people except in the following situations:

  • Consent – I may share information with relevant medical professionals or others whom you have requested or agree I may contact
  • I may discuss my work with a clinical colleague who is bound to the same code of ethics
  • Serious harm – I may share your information with the relevant authorities if I have reason to believe this may prevent serious harm being caused to you or another person
  • Compliance with law – I may share information when the law requires me to – i.e. safeguarding, terrorism, drug trafficking and serious crime 

How do I keep your information safe?

  • All information you provide to me is stored as securely as possible. I take all reasonable precautions to prevent the loss, misuse or alteration of information given
  • All paper forms, notes and correspondence are kept in locked filling cabinets and all electronic files are kept on password protected devices with virus protection software
  • For webcam appointments I recommend we use Zoom or Skype which are secure platforms
  • Client notes and any other forms of documentation are destroyed seven years after the completion of coaching or a therapy
  • Images captured by CCTV may be monitored and kept for approximately thirty days after the recording was made.  After this time, recordings stored on our CCTV system will usually be overwritten
  • Any known data breaches will be reported to the ICO within 72 hours

Your rights

Under the GDPR, you have the right to:

  • Access your personal data by making a subject access request either verbally or in writing. Any request for personal data will be acknowledged within 3 working days and supplied within one month from your request.  You have the right to view any personal data recorded by our CCTV.  I may redact the personal data of anyone else on the recordings.  I will give you the opportunity to view the recordings that have been identified.  I may be able to supply you with a copy of the recordings unless that isn’t technically possible or to do so puts me to disproportionate effort
  • Rectification, erasure or restriction of your information where this is justified and appropriate (for example some information may be retained for patient safety and insurance purposes)
  • Object to the processing of your information where this is justified
  • Request transfer of data (data portability)
  • You may withdraw your consent for me to hold or process your data at any time. However, if you do this whilst actively receiving coaching or a therapy these would have to end. You can withdraw your consent by stating this via email to alison@therapyandcoaching.co.uk
  • If you have any concerns about the way I handle your data, please discuss with me in person or e-mail. If you feel this has not been resolved effectively you have the right to contact the Information Commissioners Office (ico.org.uk)
  • Any complaints about my services, please put in writing to myself and I will acknowledge receipt within 3 working days. I aim to resolve complaints as soon as possible and I welcome any feedback.

Changes to this policy

This document may be amended from time to time. You may request a copy of this policy at any time.