PRIVACY POLICY
Abantu Therapy offers clinical psychological services to adults, families and young people. We also engage with organisations and corporate services. This privacy policy explains how Abantu Therapy (as a data controller) processes and store personal information collected about clients, in compliance with the General Data Protection Regulation (GDPR).
​
Abantu Therapy's ICO registration number is 00310039109
1. What are your rights?
Abantu Therapy is committed to protecting your rights to privacy. Your rights include:
• Right to be informed about what happens to your personal data;
• Right to have a copy of all the personal information collected;
• Right to rectification of any inaccurate data processed, and to add to the information held about
you if it is incomplete;
• Right to be forgotten and your personal data destroyed;
• Right to restrict the processing of your personal data;
• Right to object to the processing carried out based on our legitimate interest.
2. Why will we collect information about you?
We process personal data and sensitive personal data because we have a legitimate interest to do so when providing you or your family member with a clinical psychology service. It is necessary when providing psychological assessment and therapy to clients.
Our lawful reason for processing “special category data” is that it is necessary for the purposes of the provision of health or social care or treatment.
We may also ask for information on how you found our service for the purpose of our own marketing research.
3. What information do we collect about you?
We collect information about you that may include personal or sensitive information about you or a family member who is involved in the work, such as:
• First name or given name
• Family name or surname
• Date of birth
• Gender (or preferred identity)
• Email address
• Address
• Telephone numbers
• Relationships & children
• Occupation
• GP name and contact details
• Name of health insurance provider, if relevant, and any data provided by the insurer.
To make sure that you are assessed and/or treated safely and appropriately, we record your personal information, such as your name, address, as well as all contacts you have with the Company such as appointments and the results of assessments and letters relating to your care. Your data is always kept confidential.
As a client, we record details of your appointments and all notes made during telephone calls and face to face appointments during our work together. This may include the following information:
• Medical conditions
• Prescribed medication
• Family and relationship history
• Psychological history
• Current psychological difficulties
• Goals
We also process personal data pursuant to our legitimate interests in running the business such as:
• Invoices and receipts
• Accounts and tax returns
4. How do we store information about you?
We take your privacy very seriously. We are committed to taking reasonable steps to protect any identifying information that you provide to us. Once we receive your data, we make best efforts to ensure its security on our systems. All personal information provided is stored in compliance with EU General Data Protection Regulations (GDPR) rules.
This includes:
• Email: your email address and correspondence will be stored in our email accounts (currently Outlook) by nature of you contacting us. It is your choice as to whether or not you share personal information over email. We will avoid sending sensitive information over email, unless you consent to us doing so.
• Paper notes and hard copies of reports: will be stored in locked filing cabinets.
5. How long do we keep your information?
We do not keep your data for longer than is necessary.
Administrative data is retained for up to six years as necessary, in the unlikely event there are queries from HMRC. Where it is not necessary to retain the data for six years, it is destroyed as soon as possible.
Clinical records (both electronic and in paper form) will be held for up to seven years from the end of treatment. This is so that we have a record of what we have done together in the event you return to therapy or any questions arise as to what happened during treatment. At the end of this period, the clinical record will be destroyed.
The position is different for children where, in some cases, best practice is for records to be retained until the child reaches their 25th birthday.
6. With whom do we share your personal information?
We hold information about each of our clients and the therapy they receive in confidence. This means that we will not normally share your personal information with anyone else. However, there are exceptions to this when there may be need for liaison with other parties:
• If you are referred by your health insurance provider, or otherwise claiming through a health insurance policy to fund therapy, then we will share appointment schedules with that organisation for the purposes of billing. We may also share information with that organisation to provide treatment updates.
• In cases where treatment has been instructed by a solicitor, relevant clinical information from therapy records will be shared with legal services as required and with your written consent.
• For the purposes of supervision; our HCPC accredited clinicians are obliged to consult with another mental health professional for supervision to reflect on and continuously develop his clinical skills. When discussing clients in supervision, she only refers to clients by their first name and she seeks to minimise revealing other identifiable information.
In exceptional circumstances, we might need to share personal information with relevant authorities:
• When consent is given by a client for us to contact a third party e.g., a social worker.
• When there is need-to-know information for another health provider, such as your GP.
• When disclosure is in the public interest, to prevent a miscarriage of justice or where there is a
legal duty, for example a Court Order.
• When the information concerns risk of harm to the client, or risk of harm to another adult or a
child. We will discuss such a proposed disclosure with you unless we believe that to do so could increase the level of risk to you or to someone else.
7. How you can access your information and correct it, if necessary?
Individuals can find out if we hold any personal information by making a ‘subject access request’ or ‘Right of Access’ under the Data Protection Act and the General Data Protection Regulation. Within 30 days of receiving your request, we will then supply to you:
• A description of all data we hold about you
• Inform you how it was obtained (if not supplied by you)
• Inform you why, what purposes, we are holding it
• What categories of personal data is concerned?
• Inform you who it could be disclosed to
• Inform you of the retention periods of the data
• Inform you around any automated decision-making including profiling
• Let you have a copy of the information in an intelligible electronic form unless otherwise
requested.
To make a request for any personal information we may hold you need to put the request in writing. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
8. Complaints or queries
We try to meet the highest standards when collecting and using personal information. For this reason, we take seriously any complaints we receive about this. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate. We would also welcome any suggestions for improving our procedures. If you do have a complaint, contact the ICO who will investigate the matter on your behalf.
If you are not satisfied with the response or believe we are not processing your personal data in accordance with the law, you have the right to raise your complaint with the Information Commissioner’s Office (ICO)
Contact information ICO:
Website: https://ico.org.uk/concerns/ Email: casework@ico.org.uk Telephone: +44 (0) 303 123 1113