Data Protection — Dr Paul Boyden: Clinical Psychologist

The General Data Protection Regulation (GDPR), came into effect on 25th May 2018 and provides a legal framework for ensuring the safety of personal information by organisations. The framework insists that organisations within the European Union (EU) have effective systems in place for handling and storing personal information. It also stipulates that people cannot be contacted by organisations without having given permission for sharing of information. The following privacy notice outlines how Dr Paul Boyden manages your data and your rights in relation to this. Dr Boyden is the Data Protection Officer (DPO).

Personal Information held by Dr Boyden and why:

Dr Boyden collects personal information provided by you or a referrer, e.g. insurance company/solicitor appropriate to the service you are accessing, e.g. therapy or supervision. Such information includes for example; your name, date of birth, contact details (phone numbers, email and address), GP details, your place of work, and where relevant previous reports generated in relation to accidents or injuries sustained. This information is held so that contact can be made with you to arrange appointments for relevant services but also to be able to access support systems for you should you require this over the course of your treatment with Dr Boyden. Information is also held to be able to communicate with you regarding payments (for self-referring clients), e.g. invoicing. Personal information held is with a view to providing you with a safe, effective and professional service. If you are signing up for an online course and / or for mailing list(s) he needs: Your name and your email address. If you are browsing Dr Boyden’s Facebook and Linkedin or any other social media pages, when you engage with this media your information will be stored in the form of cookies. You can opt out of this from the website when the pop up appears. To change your privacy preferences please do this directly on these platforms.

Written notes made during therapy and supervision sessions and stored in a locked filing cabinet. Where electronic communications are made, emails and texts are also stored. Your first name and the first letter of your surname will be held in Dr Boyden’s phone contacts for the duration of your therapy/supervision. At the end of therapy/supervision Dr Boyden will remove your contact from his phone and have only written contact information in the filing cabinet or electronic information on his laptop and backup system. Keeping information accurate and up-to-date: It is your responsibility to ensure that Dr Boyden is made aware of any relevant changes to your personal information that he requires to be able to provide you with an effective service.

Dr Boyden is registered with the Information Comission Office (ICO). See www.ico.org.uk for further details.

Sharing of information:

Often referring agencies require reports across the duration of assessment and therapy. Dr Boyden uses the information you share with him in sessions to provide referrers with a brief summary of assessment and treatment outcomes, e.g. progress made in relation to goals. Dr Boyden does not divulge sensitive information shared in sessions with referring agencies unless he is concerned about risk of harm to yourself or others. Where Dr Boyden is concerned about risks, he will endeavour to discuss this with you and seek your consent to share the information. However, there may be some instances where he has pressing concerns about safety to yourself or others and at such times it may not be appropriate to seek your consent before sharing with appropriate agencies, e.g. GP, police, other relevant professionals. Dr Boyden prioritises keeping people safe at all times. If information is shared without your consent, Dr Boyden will discuss this with you and his reasons why as soon as is practically possible. Reports are shared with referrers electronically, and sent either via secure email systems, e.g. Egress or documents are password protected and the password is provided in a separate email. Different referring agencies have different requirements for sharing of reports. If you wish to see the content of reports prior to Dr Boyden sharing them, please do ask. Dr Boyden considers information shared with him by you, to be your information and is happy to discuss his clinical notes with you at any time. In cases where supervisees are seeking Accreditation, personal information that is required on the application is shared with the body of accreditation. You will have provided that information to Dr Boyden and so will be aware of what is being shared with the Accreditation committee e.g. HCPC, UK Society of DBT, or similar.

How long is data held for and where?

The British Psychological Society require Dr Boyden to keep clinical records for 7 years after the end of your contact/treatment for adults. Notes are kept electronically. No paper notes are kept or stored in the building where the consulting rooms are. Electronic information is password protected where possible. Emails and texts are kept on a laptop and iphones, all of which are password protected (passcodes of fingerprint access). Dr Boyden’s passwords are not shared. Dr Boyden also uses a smartphone that is password protected and encrypted. Notes relating to ongoing court cases are kept until the case is concluded or for up to 7 years after if concluded before that time. After the 7year deadline and where any court cases are resolved, paper notes are destroyed in line with GDPR regulations, and all electronic information is deleted. Dr Boyden keeps electronic invoices for seven years as this is the required length to comply with the HMRC requirements.

How to request access to your data:

You are able to request access to your notes by putting your request in writing or making a verbal request to Dr Boyden using the contact details for the business. You will be provided with your information within 40 days. You are able to check records for accuracy, and request correction or deletion of your information. Dr Boyden recommends that if you request to see your notes, that you go through them with him so that any concerns or queries can be addressed there and then. You can request that Dr Boyden transfer your data to another business. You can also request that your information be deleted or destroyed before the 7 year expiration date. Dr Boyden will discuss each request with you and relevant parties, e.g. referring agencies. Dr Boyden will seek advice from his professional governing bodies, e.g. The Health Care and Professions Council (HCPC) and the Information Commission Office (ICO) on a case-by-case basis at the time of the request. If Dr Boyden is aware of any breach of personal data security, he will contact you as soon as possible to discuss this. Where appropriate, Dr Boyden will advise the ICO. Dr Boyden is registered with the ICO. If you wish to complain to the ICO about Dr Boyden’s GDPR compliance, you can contact them directly. The ICO website is ico.org.uk.

What if my information is incorrect or I wish to be removed from his system?

Please contact Dr Boyden. He may require additional verification that you are who you say you are to process this request. If you wish to have your information corrected, you must provide him with the correct data and after he has corrected the data in his systems, he will send you a copy of the updated information in the same format at the subject access request in section 7. If you wish to unsubscribe from any mailing list you can do this in each and every email he sends you by clicking the link which says unsubscribe. If you want to have your data removed you can make this request in writing. Dr Boyden will have to determine if he needs to keep the data, for example in case HMRC wish to inspect his records. If he decides that he should delete the data, he will do so without undue delay.

Will Dr Boyden send emails and text messages to you? As part of providing his service to you Dr Boyden will send information to you via email. He needs to send details of your appointments to you as a reminder and any relevant access links such as zoom links. Where you have consented to it, he may also use SMS (text messages). Consent for methods of communication is given by yourself on his terms and conditions sheet.

Signing Terms and Conditions / GDPR

When you sign the Terms and Conditions Document or buy or sign up for any product from Dr Boyden Psychology or his mailing list you are also confirming that you have seen a copy of this GDPR policy and that you consent.

Consent: It is important that you evidence that you have read and understood the information contained within this Privacy Notice. If you are unsure of anything please ask Dr Boyden for clarification before signing.

I have read, understood and consent to the terms outlined in this notice:

Client name (BLOCK CAPITALS) ………………………………………………………………….

Client Signature ………………………………………………………………………………………

Date: ……………………………………………………………………………………………………