Privacy Policy

I, Karina Ajayi, am the Data Controller and Processor of Space For You Therapy

The basis on which I keep client data is that of “Legitimate Interests”. This means that the data is necessary for us to fulfil the contract that we have together (that is, to provide therapy) and that it is data that you would reasonably expect me to hold and use. This privacy notice aims to outline how I maintain these rights, explaining:

  • Why I collect your data

  • How I collect and process your information;

  • Your rights and how you can exercise your rights;

  • Who to contact in the event you are unhappy with my performance.

Your Rights under GDPR

Right to be Informed: You have the right to be informed about how your personal information is collected and used. I collect information about you for the following reasons:

  • To provide you with the best possible therapy care.

  • To ensure compliance with legal and ethical obligations.

  • To protect your safety and the safety of others.

Right of Access: You have the right to access your personal data and supplementary information. Following a request, I will provide all your data that we have on file within 30 days (unless this is impossible during periods of holidays or illness).

Right to Rectification: You have the right to request that I correct any inaccurate or incomplete information about you. Following a request, I will correct the information as soon as possible and within 30 days (unless this is impossible during periods of holidays or illness).

Right to Erasure: You have the right to request that I delete your personal data in certain circumstances. You can request that I delete or remove personal data where there is no compelling reason for me to continue processing. Following a request, I will delete any computer records and destroy any paper records as soon as possible and within 30 days (unless this is impossible during periods of holidays or illness).

NB: data may be retained for scientific research, historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing, but this would never include case notes or data such as address/email/phone.

Right to Restrict Processing: You have the right to request that I restrict the processing of your data in certain circumstances. For example, you can object to:

  • Direct marketing (including profiling) - I would not engage in these activities.

  • Processing for purposes of scientific/historical research and statistics. You would need to provide in writing your grounds for your objection.

  • Automated decision making (including profiling). I would not engage in these activities.

NB: This would usually be a temporary measure before correction of any errors or before erasure.

Right to Data Portability: Where you have consented to me processing your data, or where the processing is necessary for me to deliver a contract. You have the right to request that I transfer your data to another party in a structured, readable, commonly used, and electronic format. For example, this may apply if you wish that I send your notes to another therapist. The simplest solution in such cases would likely be to return the data to you, which is covered under the Right to Access.

Right to Object: You have the right to object to the processing of your data in certain circumstances, for instance;

  • Direct marketing (including profiling) - I would not engage in these activities.

  • Processing for purposes of scientific/historical research and statistics. You would need to provide, in writing your grounds for your objection.

  • Automated decision making (including profiling). I would not engage in these activities.

Information collected for Personal Records, Contracts, Correspondence and Billing

The purpose for processing this information is that it is necessary for me to deliver the services that you have contracted to. The information I collect about you may include:

  • Basic Personal Information: Name, email address, phone number.

  • Therapy Information: Information you provide during sessions, interventions used (or potentially not used) in sessions;

  • Recordings (unless you specifically object);

  • Correspondence: Emails, texts, and messages exchanged between us and

  • Third-Party Information: Information received from any third party, e.g. your GP, insurance company, or employee assistance programme.

Special Category Data: Some of the information that you give me may fall under the definition of special category of data as defined by the General Data Protection Regulation, Article 9. Some of the information that you give me may fall under the definition of special category of data as defined by the General Data Protection Regulation (GDPR). The condition for processing this special data is “processing is necessary for medical diagnosis, the provision of health care or treatment pursuant to contract with a health professional”

The condition for processing this special data is “processing is necessary for… medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems” (2,h). However, data on any criminal offences (including allegations, proceedings and convictions) will require your specific consent in order to hold any such information.

Sharing Information

I will not share your information with anyone except in the following situations:

  • Your GP: With your written consent, I may share information with your GP to coordinate your care.

  • Legal and Ethical Requirements: I may be required to disclose information to comply with legal or ethical obligations, such as reporting suspected abuse or neglect.

  • Professional Body Investigation: If you make a complaint about my practice to my professional body, I may be required to share your notes with them.

  • Data Processors: I may use third-party data processors to store or process your information, such as cloud storage providers or accounting software companies. I ensure that these companies are GDPR compliant and have appropriate security measures in place.

Transfer and Storage of Data

Data may be shared with a number of third parties in the course of delivering therapy, for instance, an insurer or an employee assistance scheme

  • Digital Records: I may use secure cloud storage services like Microsoft OneDrive or Google Drive to store your emails, notes, and other office automations, such as bookings, which are GDPR compliant.

  • Accounting Systems: I may use software like PayPal or online banking systems for accounting purposes or an accountancy company. Any downloaded data will be stored in password-protected documents. The use of PayPal or online banking systems will hold the clients’ data. I will download from these systems for accounting purposes, and the resulting spreadsheets are held in password-protected documents in either Google Drive/Microsoft OneDrive. Any credit card information is destroyed as soon as processed.

  • Mobile Phone: Texts/messages will be stored on a secure, password-protected, and fingerprint-protected mobile phone.

  • Paper Records: Handwritten or typed notes will be kept in a locked filing cabinet. Each client will have a reference number that enables me, as your therapist, to know to whom the notes belong, but should a stranger see them, they would not be able to identify whom the notes refer to.

  • Audio Recordings: Recordings if produced, will be stored on a password-protected computer that is not connected to the internet and accessible only by me, the data controller and processor. 

Retention of Data

Your data is kept for 7 years. The length of time is based on the requirements of my insurer. After this time, any paper records are destroyed, and computer records are permanently deleted.

Data Security Management

I take all reasonable steps to ensure that your information is kept secure and protected from unauthorised access, use, disclosure, alteration, or destruction and as such:

  • All data is held securely (see details of Transfer and Storage of Data above);

  • Any data transmitted is sent encrypted and password-protected, where possible.

  • For accounting purposes, encrypted and password-protected Microsoft Excel spreadsheets are used.

NB: I am not in control of data (including emails and texts) which you send to me. Mobile phone and desktop applications such as Facebook routinely access any information held on electronic devices, and this is beyond my control.

Data Breaches Management

In the event of a data breach, I will notify you and the Information Commissioner's Office within 72 hours and take all necessary steps to minimise any potential impact.

Contact Information

If you have any questions about this privacy notice or your rights, please contact me at Karina@spaceforyoutherapy.co.uk or 07345 200 910. For more information on your rights, please refer to the Information Commissioner's Office website: https://ico.org.uk/.

Cookies

Website usage information is collected using cookies. Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. You can set your browser not to accept cookies, and the above websites tell you how to remove cookies from your browser. However, in a few cases, some website features may not function as a result. For more information about cookies and how to manage them, is available at www.aboutcookies.org

Updates to this Privacy Notice

I may update this privacy notice from time to time. I will notify you of any changes by posting the updated notice on my website or providing you with a copy.