This privacy statement relates to all services provided by Dr Mia Hobbs who may also be known as West London Psychology or Therapeutic Knitting. It is effective from 25th May 2018 in line with the General Data Protection Regulation (GDPR).
Legal basis for collecting and storing data
The legal basis for collecting your data is in the legitimate interests of providing an effective and professional service for psychological assessment and treatment. In addition, due to the nature of therapy some of the information we hold is ‘special category’ data. This is detailed personal information and is collected during the course of our work in order to provide you with assessment and treatment for a health condition.
How your information is collected and used
In order to communicate and provide you with an effective psychological therapy service, and to keep you safe it is necessary to collect certain information about all clients and prospective clients. This is collected on the basic details form and includes the following:
Name and address
Date of birth
Family details and next of kin
During the course of initial assessment and subsequent therapy sessions, we will inevitably also collect a significant amount of other personal data relevant to assessing and addressing your presenting concerns. This information is used to assess, formulate and plan therapy sessions in order
to address your difficulties.
Mailing list: If you sign up to our mailing list, your email address will be stored for marketing purposes to inform you of new projects or products that may interest you. This will not be shared with other agencies.
To provide a good experience for visitors.
To monitor and analyse the performance, operation and effectiveness of Wix's platform.
To ensure the platform is secure and safe to use.
For a list of the essential cookies used by Wix please see Cookies and Your Wix Site | Help Center | Wix.com
How your information is stored
Your personal information is stored in a variety of paper and digital files. Your telephone number may also be stored on a password protected smart phone if you have communicated using this method. A number of administrative and technical measures are kept in place to ensure the safety and security of your personal information. For example:
Locked filing cabinets
Encrypted Cloud Storage including WriteUpp. WriteUpp is a GDPR compliant practice management software. You can read how they store data here: Security | WriteUpp
Each client’s file is additionally password protected
All smartphones and computers used are password protected
Information from telephone enquiries is kept for up to 3 months and then destroyed if the individual does not go on to use our service.
Sharing information with third parties
Your information will only be shared with third parties under the following circumstances:
There is a legal requirement to do so
There is a concern about safety or risk of serious harm to you or someone else
You have given consent for the information to be shared, for example, reports or treatment summaries to other health care professionals or school staff involved in your care or to medical health insurance companies
We need to arrange for the funding and/or payment of services received, for example, with medical health insurance companies or secure health code invoicing system.
As part of our professional practise all clinical psychologists receive supervision from a qualified clinical psychologist. During this discussion, details of your case will be discussed but you will not be identified by name.
Accuracy and retention of data
We make every effort to keep your personal information accurate, complete, and up to date. If any of your information changes please let us know so that we can update our records.
In order to be able to respond to a legal request for information, all records are kept securely for 7 years after treatment ends or for children/young people, for 7 years from the date they turn 18. This is in line with professional guidelines. All personal information will be deleted or securely destroyed at the appropriate time and we will not keep your personal information for longer than is required.
Access to your information
If you would like to request a copy of the data held about you, this is called a Subject Access Request. Subject Access Requests should be made by email to email@example.com. I aim to provide the relevant data within 30 days. I will always verify the identity of anyone making a subject access request before providing any information.
Appropriate measures have been taken to keep your data secure in accordance with the General Data Protection Regulation (GDPR). In the unlikely event of a data protection breach, all individuals whose data may have been accessed will be notified (using the contact details available). The Information Commissioner’s Office (ICO) will also be notified in order that their procedures can be followed. If you have any concerns about how your information is processed, after discussing this with us first, you can contact the ICO on 0303 123 1113 or at Wycliffe House, Water Lane, Wilmslow SK9 5AF