Theodoros Tsirigotis, PsyD.
Clinical Psychologist, Psychotherapist
Privacy Policy / GDPR Policy
The Data Protection Act, 2018 (DPA), controls how your personal information is used. There are restrictions about how I collect and store information – and you have a right to know – and control – how your information is handled.
Information about the DPA can be found at: https://www.gov.uk/data-protection
Information about the ICO can be found at: https://ico.org.uk/
This document is to let you know what information I collect about clients, why I collect it, how I use and store it, who has access to it, how long I keep it and how it is destroyed.
​
Your rights
Under the Data Protection Act 2018, you have the right to find out what information I store about you. This includes the right to:
-
be informed about how your data is being used
-
access personal data
-
have incorrect data updated
-
have data erased
-
stop or restrict the processing of your data
-
data portability (allowing you to get and reuse your data for different services)
-
object to how your data is processed in certain circumstances.
​​
What Information do I collect?
I collect and ‘handle’, in different ways, the following information:
-
Your name and address;
-
Your phone number and email address;
-
Dates and times of our meetings;
-
The name and contact details of someone you know & trust who knows that you are in therapy with me (a ‘Safety Contact’);
-
The name and contact details of your GP (or primary doctor);
-
Brief notes of our sessions;
-
Emails and texts;
-
Details of our financial transactions (invoices, receipts, BACS transfers etc.).
​​
Why do I keep this information?
-
Your name and address:
-
I am required to keep this by my professional body (UKCP).
-
-
Your phone number and email address;
-
I need this if I need to contact you between sessions.
-
-
Dates and times of our meetings:
-
This is needed to back up my memory;
-
It is a requirement of my professional body and insurance company.
-
-
Safety Contact:
-
This is a matter of safety and part of my responsibility for your welfare;
-
Contact with this person (who should be an adult) would only take place in an emergency – almost always only after discussion with you.
-
-
The name and contact details of your GP (or primary doctor);
-
This is a matter of safety and part of my responsibility for your welfare;
-
Contact with your doctor would only take place
-
At your request, or
-
in an emergency, to protect your safety – and almost always only after discussion with you.
-
-
-
Brief notes of our sessions:
-
I need to keep notes in order to refresh my memory about our work;
-
I need to keep notes in order to inform my clinical supervision;
-
It is a requirement of my professional body (UKCP) and my Insurance company.
-
-
Emails and texts:
-
Emails and texts are part of the record of our out-of-session contacts, which often frame the work.
-
-
Details of our financial transactions (invoices, receipts, BACS transfers etc.):
-
I am required to keep this for tax and accountancy purposes;
-
We also need an accurate record of our transactions to keep our financial agreements transparent and accurate.
-
​​
How do I keep this information?
-
Your name and address:
-
This provided by you and is filed under lock and key, separate from other information about your ongoing therapy.
-
-
Your phone number and email address:
-
This is provided by you and is filed under lock and key, separate from other information about your ongoing therapy;
-
Information on my phone is labelled with a code so that you cannot be identified;
-
My phone is locked and protected by face I.D. and password;
-
Information on computer is held in a specific password-protected file.
-
-
Dates and times of our meetings:
-
Recorded in my diary using a code to conceal your identity.
-
-
Safety Contact:
-
This provided by you and is filed under lock and key, separate from other information about your ongoing therapy.
-
-
The name and contact details of your GP (or primary doctor):
-
This provided by you and is filed under lock and key, separate from other information about your ongoing therapy.
-
-
Brief notes of our sessions:
-
Session notes are kept in a file in a locked filing cabinet, using a code to conceal your identity.
-
-
Emails:
-
Emails are handled through a Hushmail account – which is an end-to-end encrypted email system:
-
The only people who can access Hushmail emails are me and my ‘therapeutic executors’
-
Texts are on my phone which is face/password protected.
-
-
Details of our financial transactions (invoices, receipts, BACS transfers etc.):
-
Copies of invoices/receipts are kept in secure files on y computer;
-
Clients are asked to use initials for BACS transactions to protect confidentiality;
-
Financial records are kept securely on my bank’s website;
-
Bank statements are kept in a locked filing cabinet.
-
​​
Who sees this information?
-
Your name and address:
-
Only I will see this information.
-
-
Your phone number and email address:
-
Only I will see this information.
-
-
Dates and times of our meetings:
-
Only I will see this information.
-
-
Safety Contact:
-
Only I will see this information.
-
-
The name and contact details of your GP (or primary doctor):
-
Only I will see this information.
-
-
Brief notes of our sessions:
-
Normally only I will see this information;
-
Occasionally notes are taken to supervision; my supervisor only has a first name & generalised, non-identifiable information about clients;
-
Please note that in certain circumstances, therapists have the right to withhold notes of parts of notes, subject to a court order.
-
-
Emails and texts:
-
Only I will see this information.
-
-
Details of our financial transactions (invoices, receipts, BACS transfers etc.)
-
My wife has access to the bank account; however, BACS transfers etc are identifiable only by client initials.
-
​​
How long is this information kept and how will it be destroyed?
-
Your name and address:
-
My professional body and insurance company recommend that this information is kept for seven years from the end of therapy;
-
At that point it will be shredded in a secure cross-shredder.
-
-
Your phone number and email address:
-
My professional body and insurance company recommend that this information is kept for seven years from the end of therapy;
-
At that point it will be shredded in a secure cross-shredder.
-
-
Dates and times of our meetings:
-
My professional body and insurance company recommend that this information is kept for seven years from the end of therapy;
-
Diaries will be retained indefinitely in a locked filing cabinet.
-
-
Safety Contact::
-
This is removed at the end of therapy;
-
At that point it will be shredded in a secure cross-shredder.
-
-
The name and contact details of your GP (or primary doctor):
-
My professional body and insurance company recommend that this information is kept for seven years from the end of therapy;
-
At that point it will be shredded in a secure cross-shredder.
-
-
Brief notes of our sessions:
-
My professional body and insurance company recommend that this information is kept for seven years from the end of therapy;
-
At that point it will be shredded in a secure cross-shredder.
-
-
Emails and texts:
-
My professional body and insurance company recommend that this information is kept for seven years from the end of therapy;
-
At that point emails will be securely ‘trashed’;
-
Computers to be disposed of will be securely cleared and ‘returned to factory settings’;
-
Phones no longer used will be securely cleared and ‘returned to factory settings’.
-
-
Details of our financial transactions (invoices, receipts, BACS transfers etc.)
-
Banks, HMSO and financial advisory recommend that this information is kept for seven years from the end of therapy;
-
At that point Bank Statements will be shredded securely.
-
​​
Should you wish for further information, please do speak with me.