1. Who has responsibility for the control and processing of your personal data?
The General Data Protection Regulation (GDPR: 2016) identifies those with responsibility for your personal data as either data processors or controllers. These individuals are required to handle data in accordance with the regulation. The sole data controller of Atlas Psychology is Dr David Gillan, who determines the purpose and way in which personal data is processed. As part of the modern service that Atlas Psychology provides it needs to process some of your data through third-party online organisations including accounting software, email providers, appointment booking applications, secure cloud storage and diary management applications. Where possible this will be minimised e.g. using only email address or first letter of surname etc.
Atlas psychology only holds data that is believed to be correct and not misleading and, on this basis, personal details are updated when required. If you become aware that any data held is incorrect or misleading, you can contact the clinic via email and the necessary amendments will be made.
2. How will you be asked to give consent?
Upon agreeing to receive services from Atlas Psychology, your consent for your data to be recorded as per this policy is implied. This means that as it is impossible to provide psychological services without collecting and processing your information, your consent is part of your agreement to receive the service. If you are not in agreement with this policy then unfortunately we cannot provide our services to you.
A copy of this policy is available on our website and will also be emailed to you to review prior to receiving any services, so that you can make an informed decision as to whether you proceed.
If you are a client that has been referred to Atlas Psychology by another company, you will have given consent for your information to be processed according to their policy, which we will adhere to.
As a client, you have the right to withdraw your consent at any time, however, this also prevents further services being able to be provided. Also, data already held is required to be kept for a certain period (see Section 7). Contact us to discuss any withdrawal of consent.
3. What type of data is kept?
Only directly relevant information necessary to provide psychological services will be recorded. This includes contact details and a record of assessment details and therapy progress. This information is strictly confidential, however, there are some legal exceptions. For more specific details on what data is kept contact Atlas Psychology or see table below.
4. Why do we keep your data?
As a client of Atlas Psychology you will be required to provide personal data as well as what the GDPR describes as ‘special category data’. This type of data is more sensitive in nature and thus needs further protection. Both personal and special category data collection along with their processing are necessitated by the nature of the service provided by Atlas psychology. This enables the fulfilment of the contractual agreement made with clients to provide them with the therapy and support they require. As required by GDPR, all the data collected by Atlas Psychology is adequate but not excessive for the stated processing purposes. This is achieved by collecting minimum identifiable data and only collecting information which is directly beneficial to clients. Information on the purposes of specific data collection is detailed below alongside the lawful bases for the collection of this data, as outlined under the GDPR.
5. How is your data secured?
Due to the nature of the service provided by Atlas Psychology, both physical and digital data is stored. Several measures are consistently in place to ensure the security of client data and to prevent breaches. Any access to digital storage, as well as specific documents, are password protected and file names are anonymised. Where physical data is collected this will be scanned and uploaded to secure storage areas and destroyed within seven days (where possible this will be anonymised to protect against data breaches).
Any data breaches will be reported to clients within 72 hours of discovery and any adverse affect will be discussed and supported. All data breaches will be recorded and form part of ongoing review and improvement of data protection policies and procedures.
6. Will my personal data be shared with anyone else?
The default position regarding this is that your information is strictly confidential and will not be shared. However, at times there may be benefits of sharing your personal and special category data with other organisations eg your GP surgery, onward referrals, or application you are making where you require a psychological opinion. Only when you provide consent for these specific purposes can data be shared, which is limited to those purposes only.
Under UK law there are several exceptions to this including if you are deemed a risk to yourself, a risk to others, or others are a risk to you. In these circumstances Atlas Psychology is legally bound to share your information with statutory organisations that can ensure the safety of those concerned. UK courts also have the power to subpoena your clinical record.
If you are referred to Atlas Psychology by another organisation (eg work-related health provision) we may be required to share certain information as part of a contractual agreement. This could include, but is not limited to, the number of sessions you have attended and your progress in therapy eg progress letter to a referring doctor. The obligations of these agreements should be explained to you by the referring party. Atlas Psychology will reiterate these prior to you providing information so that you can make an informed decision. Where any sharing is required all attempts to involve you will be made to ensure a transparent process. This includes only sharing sufficient information for the purposes of the process, which protects confidentiality.
7. How long is your data retained?
Personal and special category data is kept for a minimum of six years. Anonymised psychometric data is kept for a non-specific period so that future service evaluation can occur.
8. What are your rights under the GDPR?
The GDPR sets out several rights which clients of Atlas psychology possess about their personal data. These are outlined below however; more detailed information can be found on the Information Commissioner’s Office (ICO) website https://ico.org.uk/
9. How do you complain about your data handling?
Any complaints should be made directly to Atlas Psychology in writing or via email. If for some reason requests are not dealt with adequately by Atlas Psychology, these can be forwarded to the the HCPC (Health and Care Professions Council) or ICO.
Due to the dynamic nature of data protection legislation and the review of data processing by Atlas Psychology, there are likely to be changes and updates to the policy. These changes will be updated as soon as possible on the website and if necessary you will be contacted directly.