Phoenix Psychology aims to be as clear as possible about how and why we use information about you so that you can be confident that your privacy is protected.
This policy describes the information that Phoenix Psychology collects when you use our services. This information includes personal information as defined in the General Data Protection Regulation (GDPR) 2016 and the subsequent UK Data Protection Bill that is expected to be enacted in 2018.
This policy describes how we manage your information when you use our services, if you contact us or if we contact you. It also provides extra details to accompany specific details about privacy that you may see when you use our website (such as cookies) or with other online presence (such as Facebook or Twitter). In respect of cookies the policy includes information about the type of cookies we use and how you may disable those cookies.
Phoenix Psychology uses the information we collect in accordance with all the laws concerning the protection of personal data, including the Data Protection Act 1998 and GDPR 2016. As per these laws Phoenix Psychology is the data controller, if another party has access to your data we will tell you if they are acting as a data controller or a data processor, who they are, what they are doing with your data and why we need to provide them with the information.
If your questions are not fully answered by the policy, please contact our Data Protection Officer. If you are not satisfied with the answers from the Data Protection Officer then you can contact the Information Commissioner’s Office (ICO) https://ico.org.uk
- Why do we need to collect your personal data?
We need to collect information about you so that we can:
- Know who you are so that we can communicate with you in a personal way. The legal basis for this is a legitimate interest.
- Deliver goods and services to you. The legal basis for this is the contract with you.
- Process your payment for the goods and services. The legal basis for this is the contract with you.
- Verify your identity so that we can be sure that we are dealing with the right person. The legal basis for this is a legitimate interest.
- Contact you in case there is a problem. The legal basis for this is a legitimate interest.
- Optimise your experience on our website. The legal basis for this is a legitimate interest.
- Provide you with a useful and relevant website. The legal basis for this is a legitimate interest.
- What personal information do we collect and when do we collect it?
For us to provide you with goods and services we need to collect the following information:
- Your name
- Your contact details including a postal address, telephone number(s), and electronic contact such as an email address. We may also communicate via Twitter or Facebook in which case we will need to know your Facebook and Twitter username.
- Your payment card details / bank account details
- Details about how you access our website such as the IP address, the browser you use and which pages you access.
We collect this information directly from you.
We may also collect information from you from third parties for example if we need to gather information from another health professional (such as your GP) or another professional involved in your care such as a Social Worker, Carer, Psychologist or Psychiatrist in order to provide a complete health assessment.
- How do we use the information that we collect?
We use the data we collect from you in the following ways:
- To communicate with you so that we can inform you about your appointments with us we use your name, your contact details such as your telephone number, email address or postal address.
- To deliver the correct service to you we use your name, your contact details and the details about your purchases.
- To create your invoice using our accounting package we use your name and email address.
- To process your payment, we use your name and bank details
- To optimise our website so that users can find the information they need.
- Where do we keep the information?
We keep your information in the stores described below.
4.1 On our company computers
We use personal computers that are located on our business premises. The computers are password protected and the hard drives are encrypted. Passwords are changed every 90 days and it is company policy that passwords are not shared.
We do not use Dropbox or Google Drive or any other cloud service to store your data.
Your customer record
We use Microsoft Excel which is a computer program that stores the information on a computer in our office.
We create a report as per our contract with you, that contains all the information that we gather along with our findings and conclusions.
4.2 In our accounts package
We use an online accounts package that stores the information in a data centre in the USA. The company that provides the accounts software has stated that they are compliant with GDPR.
4.3 As a paper copy
We take hand written notes when we meet you. These notes are used to create the report that we provide to you. We send a paper copy of your invoice to our book keeper.
- How long do we need to keep the information?
Our book keeper / accountant keeps the paper copy invoices for a maximum of 11 months. Once the book keeper / accountant has finished with the invoice they shred the paper using a secure shredding service.
We keep the electronic invoice for seven years as this is the required length to comply with the HMRC requirements. After seven years we delete the invoices using the QuickBooks delete function.
We keep your client record for 8 years as this is the industry best practice.
- Who do we send the information to?
We send your report to you and anyone we are required by law to inform. All reports that are sent electronically are sent as attachments that are encrypted and password protected.
We send the paper copy of our invoices to our accountant. The accountant is based in the UK and all their computer systems are in the UK.
We send the details about your access to our website to our web analytics provider who are based in the European Union.
- How can I see all the information you have about me?
You can make a subject access request (SAR) by contacting the Data Protection Officer. We may require additional verification that you are who you say you are to process this request.
We may withhold such personal information to the extent permitted by law. In practice, this means that we may not provide information if we consider that providing the information will violate your vital interests.
- What if my information is incorrect or I wish to be removed from your system?
Please contact the Data Protection Officer. We may require additional verification that you are who you say you are to process this request.
If you wish to have your information corrected, you must provide us with the correct data and after we have corrected the data in our systems we will send you a copy of the updated information in the same format as the subject access request in section 7.
- How can I have my information removed?
If you want to have your data removed we have to determine if we need to keep the data, for example, in case HMRC wish to inspect our records. If we decide that we should delete the data, we will do so without undue delay.
- Will we send emails and text messages to you?
As part of providing our service to you we will send your report to whoever commissioned it via secure email. The report will be encrypted and password protected. Also, as part of this service, we need to send details of your appointments to you. To protect your information, we prefer to use an end to end encrypted messaging service, for example, WhatsApp. If you are not able to use such a service we may use SMS (text messages); however, this does increase the risk of someone intercepting the message.
- How do I opt out of receiving emails and / or text messages from us?
If you are receiving text messages from us, you may unsubscribe at any time by following the instructions included within the text message. Similarly, if you are receiving emails from us, you may unsubscribe at any time by following the instructions included in the email.
You can remove yourself from WhatsApp at any time.
When you unsubscribe (ie. opt out) from either text message or email communications, we will suppress your details on our systems to ensure we have a record of your decision to not be contacted in that particular manner. We will not use the email address or mobile phone number again for such messages again unless you opt back in.
When unsubscribing from either email or text communications, you should always follow the specific instructions given in the particular email or text that you wish to discontinue receiving.
Appendix 1: Cookies
- What is a cookie?
A cookie is a small amount of data stored on a computer that contains information about the internet pages that have been viewed from that computer. They are commonplace on the internet and are used by websites to improve the user’s online experience by storing information about how the user navigated around and interacted with it. This information is then read by the website on the next occasion that the user visits.
Cookies are sent automatically by websites as the are viewed, but in order to protect a user’s privacy a computer will only permit a website to access the cookies it has sent, and not the cookies sent by other sites. Furthermore, users can adjust the settings on their computer to restrict the number of cookies that it accepts or notify them each time a cookie is sent. This should improve privacy and security but will generally mean that certain personalised services cannot be provided, and it may therefore prevent the user from taking full advantage of a website’s features.
For further information on cookies please visit www.aboutcookies.org
- What sort of cookies do we use on our website?
We use two types of cookies: session cookies and stored cookies.
Session cookies expire at the end of the user’s browser session and can also expire after the session has been inactive after a specified length of time, usually 20 minutes. Session cookies are stored in the computer’s memory and are automatically deleted from the user’s computer when the browser is closed.
Stored cookies are stored on the user’s computer and are not deleted when the browser is closed. Stored cookies can retain user preferences for a particular website, allowing those preferences to be used in future browsing sessions.
We use a number of independent measurement and research companies.
They gather information regarding the visitors to our website on our behalf using cookies, log file data and code which is embedded in our website. We use this type of information to help improve the services to our users. We explicitly require that third parties do not use any information for their business or other purposes.
- Can I browse your website without receiving any cookies?
Yes. If you have set your computer to reject cookies, you can still browse our website. However, certain functions may not be available to you unless you enable cookies.
- How can I find and control cookies?
You can usually adjust for yourself the number of cookies that your computer (or other devices such as a mobile phone) receives. How this is done, however, varies according to which device and what browser software you are using.
As a general rule, the more commonly used web browser software packages tend to have a dropdown menu entitles ‘Tools’. One of the options on this menu is usually ‘Options’ – and if this is selected, ‘Privacy’ is usually one of the settings that may be adjusted by the user. In the case of any device other than a PC (eg mobile phone), you should always refer to the manufacturer’s instructions.
Alternatively, you may wish to opt out from only the cookies used by third party companies (acting on our behalf) to measure the traffic to our site. This has the advantage of leaving other cookies in place, thereby minimising the loss of functionality associated with blocking all cookies.
You may find the following websites useful for information on how to change cookie settings in a range of commonly used browsers: