Acorn Therapy – Counselling privacy-policy Taunton Somerset
What is your lawful basis for processing my data?
Acorn therapy processes your personal data under the lawful basis of ‘legitimate interests’ (GDPR Article 6.1.f). As with any healthcare provider, when you employ the services of Acorn therapy there is an implied understanding that we will not be able to assess and treat you safely and appropriately unless to give us the relevant information to do so. In this respect, your data may be shared with Counsellor and therapists working for Acorn therapy.
What data do you collect about me and why?
Acorn therapy will collect a variety of data which helps us assess, recommend and provide treatment for you. Data may be given to us by you or your representative and can include the following: Personal information e.g. name, address and date of birth.
Financial information through your payments to Acorn therapy.
Contact number for next of kin/family members*
Please note that the names and contact details about any family member form part of the data we hold about you and so is treated the same in terms of confidentiality and security.
Information may be given to us verbally or in writing by you or your representative.
We have a professional and legal duty to ensure that the information we record about you is relevant to your treatment/care, accurate and up to date and only used for the purposes for which it was collected.
Where is my data kept?
Your data will be kept in a locked secure clinical filing cabinet and may be accessed by other individual therapists (with your consent) the data will be kept securely within their own data protection procedure and details of this should be requested if so required from any ongoing therapist. Acorn therapy will keep no electronic details of your data at any time apart from your name and age on a securely protected database at which point you will be allocated a secure reference to provide anonymity.
Who has access to my data?
only the ongoing therapist to whom your details may be passed (with your consent) with a view to arranging future therapy directly with yourself.
Who do you share my data with?
Your data will be shared (with your consent) with a relevant therapist operating independently from Acorn therapy who we feel can offer you the relevant therapy. It is normal practice at Acorn therapy consultations are carried out in total confidence. The identity of individuals and personal details will be protected by both the therapist you see and Acorn therapy. However, there may be an unusual circumstance which necessitates breaking confidentiality. This may be when it is judged by your therapist that there is a risk to yourself or to others, or if there is a risk to a child. In an unusual event necessitating a break in confidentiality, this will be done where possible with your consent and only to those parties who have an absolute need to know.
How long do you need to keep data about me?
Professional guidelines require us to retain clinical files and work diaries for a period of 7 years after discharge from our care. This is helpful if you need treatment at a later date, but is also a requirement in case of litigation.
Financial records and items such as our bank statements (which may contain your name and payment details) are also required to be kept for a full 7 year period by HMRC for tax purposes.
If you make an enquiry about our service but do not proceed any written notes/email correspondence will be retained as above.
How can I access the information you hold about me?
You have the right at any time to request copies of the Therapy Client Record sheet and any additional consultation sheets we hold about you.
What happens if there is a breach of data about me?
Acorn therapy is required to inform you if the data breached about you could negatively affect your personal or professional life and is considered a threat to your rights or freedoms. We must also inform the Information Commissioner’s Office (ICO) within 72 hours of discovering such a breach.
If you feel that Acorn therapy has breached your rights you should raise your concerns with us in the first instance and we have 28 days in which to respond to your concerns. If after this period you feel that your concerns have not been dealt with you have the right to lodge an official complaint to the I.C.O. www.ico.org.uk
Further information: If you require any further information please email us