Privacy Policy
I am committed to protecting and respecting your privacy. This Privacy Policy explains how I collect, use, store, and protect personal data in compliance with the General Data Protection
Regulation (GDPR) and related legislation.
1. Personal Data I Collect:
I may collect and process the following types of personal data about clients and their families:
• Personal identification information: Names, dates of birth, gender, and contact details. (e.g., phone number, email, address).
• Health and therapy records: Therapy notes, session summaries, mental health information, medical history, and any assessments or reports.
• Family or guardian information: Names, relationships, contact information, and any legal documentation such as guardianship or consent forms.
• Sensitive personal data: Information related to mental and emotional health, behavioural concerns, or other data necessary for therapeutic purposes.
2. Legal Basis for Processing Personal Data:
I rely on the following legal grounds under GDPR for processing personal data:
• Consent: I will obtain informal consent from clients (or parents/guardians for minors) before collecting or processing personal data.
• Contractual obligations: Processing is necessary to perform a therapy contract with the client or to take steps to establish a contract.
• Legal obligations: I may process data where necessary to comply with legal obligations, such as safeguarding or child protection laws.
• Legitimate interests: I may process data when necessary for the therapist or client's legitimate interests, provided that the individual’s rights and freedoms do not override
these interests.
3. How I Use Personal Data:
I use personal data for the following purposes:
• To provide therapy services tailored to the client’s needs.
• To create and maintain therapy records for continuity and effectiveness.
• To communicate with clients, families, and other relevant professionals involved in the client’s care.
• To comply with legal or regulatory requirements.
• To assess and improve the quality of services offered.
4. How I Store Personal Data:
Personal data is stored securely in the following ways:
• Electronic records: Stored on secure, password-protected systems with encrypted backups.
• Paper records: Kept in locked filing cabinets accessible only by authorised personnel.
• I retain personal data only for as long as necessary to fulfil the purposes outlined above or as required by law. After this period, data will be securely destroyed.
5. Sharing of Personal Data:
I may share personal data with the following third parties where necessary:
• Other healthcare professionals: With consent, I may share relevant information with other professionals involved in the client’s care (e.g., doctors, psychiatrists).
• Schools or educational institutions: With consent, I may share therapeutic insights or recommendations to assist with the client’s academic needs.
• Regulatory bodies or authorities: If law requires, I may share data to comply with legal obligations or in safeguarding cases.
• Person of my trust: With consent, I may share data to allow a person of my trust to communicate with you in case I have an incapaciting illness, injury or in case of my death.
I do not sell or rent personal data to third parties.
6. Your Rights Under GDPR:
Under the GDPR, clients and their guardians have the following rights regarding their personal data:
• Right to access: You have the right to request access to the personal data we hold about you or your child.
• Right to rectification: You have the right to request correction of any inaccurate or incomplete data.
• Right to erasure: You can request that we delete your personal data where it is no longer necessary for the purposes for which it was collected.
• Right to restrict processing: You can request that we limit how we use your personal data in certain circumstances.
• Right to data portability: You have the right to request that we provide your data in a structured, commonly used format for transfer to another service provider.
• Right to object: You can object to processing your data in certain situations.
• Right to withdraw consent: Where processing is based on consent, you have the right to withdraw consent at any time.
To exercise any of these rights, please get in touch with me sarah.rogers.playtherapy@outlook.com
7. Data Security:
I take appropriate technical and organisational measures to protect personal data from unauthorised access, accidental loss, or destruction. This includes:
• Using encryption for data stored electronically.
• Regular audits of my security practices.
8. Data Breaches:
In the unlikely event of a data breach that may pose a risk to your rights and freedoms, I will notify you and the relevant supervisory authority (the Information Commissioner’s Office) as
required under the GDPR.
9. Changes to This Privacy Policy:
I may update this policy from time to time to reflect changes in our services, legal obligations, or best practices. Any updates will be posted on our website or communicated to you directly.
10. Contact Information:
If you have any questions, concerns, or requests regarding this Privacy Policy or how I handle personal data, please get in touch with me via email sarah.rogers.playtherapy@outloook.com
This policy ensures that I handle all personal data with the utmost care and respect, in compliance with GDPR, safeguarding your rights and privacy throughout the therapeutic
process as established by BAPT (British Association of Play Therapy).
Incapacity:
In the event that I become unable to work due to a disabling illness, injury, or death, a person of my trust will have access to my client's list. It contains the names of the clients I am currently working with and their phone numbers. They will have access to this in order to contact you and inform you of the situation.