The Foundations Consultancy (TFC) provide psychological services, including psychological assessments and therapy. To enable us to provide you with these services you will be asked to provide personal and sensitive information. By engaging with this service you are consenting to records being kept.
We are committed to maintaining the privacy and confidentiality of information provided by you to us. The term 'personal data' is defined in the Data Protection Act 1998.
1. What personal data is collected?
TFC collect and process the following personal data from therapy clients:
Personal data: Basic contact information including name, address, email, contact number and GP contact details.
Sensitive personal data: Signed therapy contract agreement, therapy records (therapist notes, letters, reports, drawings, outcome measures).
If you are referred by your health provider then I will also collect and process personal data provided by that organisation. This may include, but is not limited to basic contact information, referral information, health insurance policy number, authorisation for psychological treatment etc.
2. Use of your personal data
TFC have a legitimate interest in using the personal data and sensitive personal collected to provide psychological assessment and therapy services to you. We are committed to protecting and respecting your privacy but if you do not provide the personal information requested, then we may be unable to provide a service to you.
We may also ask for information on how you found our services for the purpose of marketing research. No information you provide is passed on without your consent. We will never sell your information to others.
We may also send you updates on issues we think will be of interest to your and send you any requested information on people and services.
We do not share, sell or distribute your personal data with unrelated third parties. TFC take your privacy seriously and will only use your personal information to provide the services you have requested.
3. Who may personal information be shared with?
Keeping records is an essential component of healthcare, which helps in understanding how best to help and forms the basis of any reports needed. TFC will hold information about clients and the therapy they receive in confidence. This means that TFC will not normally share your personal information with anyone else. However, there are exceptions to this when there may be need for liaison with other parties.
In order to provide you with the information or services which you have requested, personal data may occasionally be transferred or shared with third parties, who act for or with us, for further processing in accordance with the purposes for which the data was originally collected or for purposes to which you have consented. EG: If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then I will share appointment schedules with that organisation for the purposes of billing. I may also share information with that organisation to provide treatment updates.
In exceptional circumstances, I might need to share personal information with relevant authorities, for instance:
We may have to share, transfer or disclose the information in our databases and server logs to comply with a legal requirement, to protect your vital interests, to protect the security or integrity of our databases or this website, to take precautions against legal liability, or in the event of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event.
Where appropriate, before disclosing personal data to a third party, we contractually require the third party to take adequate precautions to protect that personal data and to comply with applicable law.
4. How long will personal information will be stored?
TFC will only store your personal information for as long as it is required. Basic contact information held on my mobile phone is deleted within 6 months of the end of therapy. The sensitive personal data defined above is subject to special legislation: Adult records are retained for 8 years after the last contact with the service. Children’s records are kept until age 26.
After this time, this data is carefully disposed of at the end of each calendar year. Some records may be held indefinitely if there were any issues of concern that could lead to police investigation in the future.
5. How is security of personal information ensured?
Personal information is minimised in phone and email communication. Sensitive personal data will be sent to clients using e-mail services which are GDPR compliant (which means that the content of emails is encrypted from user to user). Any sensitive data attached in an email attachment will be password protected. Email applications use private (SSL) settings, which encrypts email traffic so that it cannot be read at any point between our computing devices and our mail server. I will never use open or unsecure Wi-Fi networks to send any personal data.
Personal information is also stored on an office computer. These are password protected. Malware and antivirus protection is installed on all computing devices. Mobile devices are protected with a passcode, mobile security and antivirus software.
Confidential digital information may also be stored in a secure cloud service offering high levels of security which is GDPR compliant.
6. How can I access my personal information?
You have a right to access the information held about you by making a ‘subject access request’. Upon receipt of your written request and enough information to permit us to identify your personal data, we will disclose to you the personal data we hold about you. There may be an admin fee for supplying the information to you. We will also correct, amend or delete any personal data that is inaccurate and notify any third party recipients of the necessary changes. TFC will usually share this with you within 30 days of receiving a request.
I reserve the right to refuse a request to delete a client’s personal information where this is therapy records. Therapy records are retained for a period of 8 years in accordance with the guidelines and requirements for record keeping by The British Psychological Society (BPS; 2000)and The Health and Care Professions Council (HCPC; 2017).
If you are not satisfied with the way your Data is handled by us, you may be able to refer your complaint to the relevant data protection authority. For the UK, this is the Information Commissioner's Office (ICO). The ICO's contact details can be found on their website.
It is important that the Data we hold about you is accurate and current. Please keep us informed if your Data changes during the period for which we hold it.
7. Anonymous data collected through this website.
In addition to the information we collect as described above, we use technology to collect anonymous information about the use of our website. For example, our web server automatically logs which pages of our website our visitors view, their IP addresses and which web browsers they use. This technology does not personally identify you - it simply enables us to compile statistics about our visitors and their use of our website.
In order to collect the anonymous data described above we use website 'cookies'. Cookies by themselves cannot be used to discover the identity of the user. A cookie is a small piece of information which is sent to your browser and stored on your computer's hard drive. You can set your browser to notify you when you receive a cookie. This enables you to decide if you want to accept it or not.
You may contact The Foundations Consultancy
The term 'The Foundations Consultancy’ or 'us' or 'we' refers to the owner of the website. The term 'you' refers to the user or viewer of our website.
You may contact The Foundations Consultancy