Privacy Policy

My details

Dr Jenny Makinson, proving services under company name ‘Dr Jenny Makinson Ltd’. Registered address: 199 Westburn Road, Aberdeen, AB25 2QE. Company Number: SC698018.

Telephone: 07423 534680

Website: www.drjennymakinson.co.uk

Email: admin@drjennymakinson.co.uk

This policy

I operate as a Limited Company and as such hold my own Information Commissioner’s Office (ICO) registration, and am registered as a data controller. By submitting personal data to me and/or by using my website you give your consent that all personal data that you submit may be processed by me in the manner and for the purposes described below.

This privacy policy explains how I collect, use, store and retain your information when you work with me as a client, including through the use of my website (www.drjennymakinson.co.uk). It contains all information that I am obliged to provide data subjects in accordance with articles 13 & 14 of the General Data Protection Regulation (GDPR), information about the personal information I process, and details of my compliance with the GDPR and the Data Protection Act 2018 (DPA), including your rights.

Please note that this privacy policy may be updated or amended, and any changes will be posted on my website. If you have any queries regarding this policy, please contact me at admin@drjennymakinson.co.uk

My basis for collecting and processing information

In order to fulfil my role as a psychologist and provide my services, I collect personal and sensitive data. As such I have a legitimate interest in collecting data and will only do so where there is a legal basis for doing so. For example:

· To know who you are so that I can communicate with you

· To deliver a service to you

· To process your payment for the services I deliver

· To verify your identity so that I can be sure I am contacting the right person

· To contact you

· Should I need to share information about you in very specific circumstances, as outlined below under ‘Sharing of personal information’.

I may also ask for information on how you found my service for the purpose of my own marketing research. No information you provide is passed on without your consent, and I will never sell your information to others.

Personal and sensitive information that I collect

Data is collected by me from the point of initial contact (this may be by telephone, email or website contact form), as well as in the course of therapy from initial assessment session onwards.

The information I collect includes:

· Contact information such as name, address, date of birth, email, contact numbers, video conference ID (if online therapy), and GP contact details.

· Assessment information about you such as who you live with, your occupation, main relationships, details of current and historical psychological difficulties, lifestyle and social circumstances, risk information such as suicidal and self-harming history and alcohol and drug use. I may also collect details of your current and past physical and mental health history, including any current or historical psychiatric diagnoses, medical conditions relevant to psychological therapy, and any prescribed medication.

· Therapy notes and outcome measures, as prescribed under my professional regulating bodies (HCPC and BPS).

· If you are referred by your health insurance provider, then I will also collect and process personal data provided by that organisation. This includes basic contact information, referral information, and health insurance policy number and authorisation for psychological treatment.

What do I do with your information?

I take your privacy seriously, and will only use your personal information to provide the services you have requested from me. If you do not provide the personal information requested, then I may be limited in providing, or unable to provide a service to you.

Information Storage

I will ensure that your personal and sensitive data remains secure. I am committed to taking reasonable steps to protect any individual identifying information that you provide. To prevent unauthorised disclosure or access to your information, I have implemented physical and electronic security safeguards. All personal information provided is stored in compliance with General Data Protection Regulations (GDPR) rules.

Brief session notes, contact details and assessment and outcome measure information are all created in accordance with my regulating professional bodies (HCPS and BPS) and stored electronically on OneDrive using security settings which are stated to ensure GDPR compliance. Your email address and telephone number may be temporarily stored in my email account and business smartphone by nature of working together/contacting each other, but will be stored securely and deleted after use. Electronic correspondence will also be held by the corresponding application used, all of which are GDPR compliant.

No sensitive personal information is stored on the Dr Jenny Makinson website, and information provided through this website is only used for the purposes you give permission, for example, to receive my newsletter, or to be contacted about my services. If you wish to check or change what types of cookies you accept this can be altered within your browser settings. You can block cookies at any time in this way. By not blocking cookies and continuing to browse you are authorising the use of essential cookies.

In any instance it is necessary for me to send sensitive information by email, I use either a separate secure email address with end-to-end encryption (Tutanota), or encrypt the document containing the information using a password sent separately. All electronic devices (including computers, laptops and mobile phones) used to process information are protected by antivirus software, are used only by me and are password protected. Any personal or sensitive information sent by postal mail will be marked confidential.

Information retention

I will only store your personal information for as long as it is required. The sensitive personal data defined above is stored for a period of 7 years after the end of assessment / therapy for adults, or until after a child’s 25th birthday, or 26th birthday if aged 17 when therapy ends. After this time, this

data is deleted by the end of each calendar year. Financial information is retained for 6 years under HMRC requirements.

Sharing of personal information

Clinical supervision is a requirement of my profession to ensure I am adhering to professional standards and evidence-based ways of working. All supervision occurs within a GDPR compliant framework without provision of client names.

If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then I may share appointment schedules with that organisation for billing and claim purposes. I may also share information with that organisation to provide treatment updates where necessary.

In exceptional circumstances, I may need to share personal information with relevant authorities, for example:

· When there is need-to-know information for another health provider, such as your GP.

· When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a legal duty, for example a Court Order.

· When the information concerns risk of harm to you, or risk of harm to another adult or a child. Whenever reasonably possible, I will discuss such a proposed disclosure with you unless I believe that doing so could increase the level of risk to you or to someone else.

My accounting is carried out externally by Granite Accountants Ltd., 199 Westburn Road, Aberdeen, who are in turn registered with the ICO and externally regulated to ensure they follow all relevant professional, Data Protection and GDPR legislation. In performing their role for me they will have access to relevant Client information (for example, Client name, therapy session(s) cost and date of occurrence, and on occasion where insurers request this on their invoices – diagnosis, gender, date of birth and address). In agreeing to work with me you are therefore agreeing for the sharing of this information with Granite Accountants Ltd. If you have any concerns about this, please contact me to discuss in more detail.

Your Rights

You have the following rights:

· To be informed what information I hold (i.e. to be given or have access to this document).

· To see the demographic information I have about you (free of charge for the initial request).

· To make a ‘subject access request’ (SAR) for copies of your records. There may be an administrative charge for this and these will be provided within one calendar month of the request being made.

· To rectify any inaccurate or incomplete personal information.

· To withdraw consent to me using your personal information e.g. to withdraw consent for me to telephone you and request I contact you via email only.

· To request your personal information to be erased (please note that I can decline this if the information is needed for me to practice within my own professional code of ethics and conduct).

· To ask that I transfer the personal information you gave me to another organisation, or to you, in certain circumstances.

· You can complain to me directly, or to a regulator such as the Information Commissioner’s Office, for example if you think that I have not complied with data protection laws:

o Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

o Helpline number: 0303 123 1113 o ICO website: https://www.ico.org.uk