Relationships & Anxiety
Denise Pickup MA BACP (Accredited)
GDPR Policy
​
When you use my website or services, I may collect personal information about you.
I have written this statement to tell you:
-
the legal basis for processing information about you
-
what information we collect about you
-
how we collect that information
-
what we use your information for
-
what choices you have about what we can do with your information
-
how to access and update your information
I am a psychotherapist and relationship counselor. If you would like to contact me my correspondence address is:
7 BEAUMONT FEE
LINCOLN
LN1 1UH
Legal Basis for Processing
The Data Protection Act 1998 and, from 25 May 2018, the General Data Protection Regulation (“GDPR”) requires that your personal data be kept private unless I am legally obliged or required to disclose it to authorised parties. In such cases I make such disclosures.
I can lawfully process personal information about you because I have a contract with you to make available my service. Your personal information is required to enable me to meet my obligations under the contract. Where you have given me explicit consent to do so I will we process ‘sensitive personal information’ (see below) relating to your health and medical records, in line with this Privacy Statement.
Information I collect about you
How I collect personal information
I collect personal information from you and from third parties (anyone acting on your behalf, for example healthcare providers).
I collect personal information from you through your contact with me, including by phone (I may record or monitor phone calls to make sure I am keeping to legal rules, codes of practice and internal policies, and for quality assurance purposes), by email, through my website, through my app, by post, by filling in application or other forms, through social media or face-to-face (for example, in consultations, diagnosis and treatment).
I also collect information from other people and organisations.
For all my service users, I may collect information from:
-
A partner, family member, or someone else acting on your behalf;
-
your parent or guardian, if you are under 18 years old;
-
doctors, other clinicians and health-care professionals, hospitals, clinics and other health-care providers;
-
any service providers who work with me in relation to your product or service, if I don’t provide it to you direct, such as providing you with apps, medical treatment, or health assessments;
-
fraud-detection and credit-reference agencies; and
-
sources which are available to the public, such as the edited electoral register or social media.
Categories of personal information
I process two categories of personal information about you and (where applicable) your dependants:
-
standard personal information (for example, information we use to contact you or identify you); and
-
special categories of information (for example, health information and information about crime in connection with checks against fraud or anti-money-laundering registers).
For more information about these categories of information, see below.
Standard personal information includes:
-
contact information, such as your name, username, address, email address and phone numbers;
-
the country you live in, your age, your date of birth and national identifiers (such as your National Insurance number or passport number);
-
information about your employment;
-
details of any contact I have had with you, such as any complaints or incidents;
-
financial details, such as details about your payments and your bank details;
-
the results of any credit or any anti-fraud checks I have made on you; and
-
information about how you use my website, app or other technology, including IP addresses or other device information (please see my Cookies Statement for more details).
Special category information includes:
information about your physical or mental health, (I may get this information from application forms you have filled in, from notes and reports about your health and any treatment and care you have received or need, or it may be recorded in details of contact I have had with you such as information about complaints or incidents, and referrals from your insurance provider, quotes and records of medical services you have received);
What I use your personal information for
I process your personal information for the purposes set out in this Privacy Statement. I have also set out some legal reasons why I may process your personal information (these depend on what category of personal information I am processing). I normally process standard personal information if this is necessary to provide the services set out in a contract, it is in my or a third party’s legitimate interests or it is required or allowed by any law that applies. Please see below for more information about this and the reasons why I may need to process special category information.
By law, I must have a lawful reason for processing your personal information. I process standard personal information about you if this is:
-
necessary to provide the services set out in a contract − if I have a contract with you, I will process your personal information in order to fulfil that contract (that is, to provide you and your dependants with my products and services);
-
in our or a third party’s legitimate interests − details of those legitimate interests are set out in more detail below;
-
required or allowed by law.
I process special category information about you because:
-
it is necessary for the purposes of preventive or occupational medicine, to assess whether you are able to work, medical diagnosis, to provide health care or treatment, or to manage health-care systems (including to monitor whether I am meeting expectations relating to my non-clinical performance);
-
it is necessary for an insurance purpose (for example, advising on, arranging, providing or managing an insurance contract, dealing with a claim made under an insurance contract, or relating to rights and responsibilities arising in connection with an insurance contract or law);
-
it is necessary to establish, make or defend legal claims (for example, claims against me for insurance);
-
it is necessary for the purposes of preventing or detecting an unlawful act in circumstances where I must carry out checks without your permission so as not to affect the outcome of those checks (for example, anti-fraud and anti-money-laundering checks or to check other unlawful behaviour, or carry out investigations with other insurers and third parties for the purpose of detecting fraud);
-
it is necessary for a purpose designed to protect the public against dishonesty, malpractice or other seriously improper behaviour (for example, investigations in response to a safeguarding concern, a member’s complaint or a telling me about an issue);
-
it is in the public interest, in line with any laws that apply;
-
it is information that you have made public; or
-
I have your permission. As is best practice, I will only ask you for permission to process your personal information if there is no other legal reason to process it. If I need to ask for your permission, I will make it clear that this is what I am asking for, and ask you to confirm your choice to give me that permission. If I cannot provide a service without your permission (for example, we can’t manage and run a health service without health information), I will make this clear when I ask for your permission. If you later withdraw your permission, I will no longer be able to provide you with a service that relies on having your permission.
Where I store your personal data
The information that I collect from you will not be transferred to, processed and stored outside the UK.
I am committed to ensuring that my suppliers have appropriate technical, administrative and physical procedures in place to ensure that your information is protected against loss or misuse. All information you provide to me is stored on my secure servers or on secure servers operated by a third party.
How long I store your information for
I will store your information only for the period required to meet regulatory or legal requirements, or according to the retention policy of referring parties such as Health insurance or:
-
12 months before being destroyed for self funding
-
12 months for funded/insurance/agency referred according to commissioning organisations policy
Emails
If you choose to send me information via email, I cannot guarantee the security of this information until it is delivered to me.
Your rights:
You have the right to access your information and to ask me to correct any mistakes and delete and restrict the use of your information. You also have the right to object to me using your information, to ask me to transfer of information you have provided, to withdraw permission you have given me to use your information and to ask me not to use automated decision-making which will affect you. For more information, see below.
You have the following rights (certain exceptions apply):
-
Right of access: the right to make a written request for details of your personal information and a copy of that personal information
-
Right to rectification: the right to have inaccurate information about you corrected or removed
-
Right to erasure (‘right to be forgotten’): the right to have certain personal information about you erased
-
Right to restriction of processing: the right to request that your personal information is only used for restricted purposes
-
Right to object: the right to object to processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or I have let you know the processing is necessary for mine or a third party’s legitimate interests. You can object to my use of your information for profiling purposes where it is in relation to direct marketing
-
Right to data portability: the right to ask for the personal information you have made available to me to be transferred to you or a third party in machine-readable formats
-
Right to withdraw consent: the right to withdraw any consent you have previously given me to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of my use of your personal information prior to the withdrawal of your consent and I will let you know if I will no longer be able to provide you your chosen service
-
Right in relation to automated decisions: you have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you, unless it is necessary for entering into a contract with you, it is authorised by law or you have given your explicit consent. I will let you know when such decisions are made, the lawful grounds we rely on and the rights you have.
Please note: Other than your right to object to the use of your data for direct marketing (and profiling to the extent used for the purposes of direct marketing), your rights are not absolute: they do not always apply in all cases and I will let you know in our correspondence with you how I will be able to comply with your request.
If you make a request, I will ask you to confirm your identity if I need to, and to provide information that helps me to understand your request better. If I do not meet your request, I will explain why.
How to Contact me
If you have any questions regarding this notice or if you would like to speak to me about the manner in which I process your personal data, please email me at: info@relationshipwork.co.uk. Alternatively please contact me at:
7 BEAUMONT FEE
LINCOLN
LN1 1UH
You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. The ICO’s contact details are as follows:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone – 0303 123 1113 (local rate) or 01625 545 745
Website – https://ico.org.uk/concerns