Privacy/Data Protection Policy
Duprey Psychology Ltd. is committed to using your data in a responsible and secure way, complying with the terms of the General Data Protection Regulation (GDPR).
Duprey Psychology Ltd. provides psychological services, including psychological assessments, therapy, consultation and supervision. We respect the privacy of our clients and will only collect and retain personal and sensitive information that enables us to perform our services.
The purpose of this data protection policy is to let you know what personal information we collect, why we collect this data, how long it is retained, why it might be shared with another party and what your rights are regarding this data.
If your questions are not fully answered by this policy, please contact Dr Jennie Duprey. If you are not satisfied with the answers from Dr Duprey, you can contact the Information Commissioners Office at www.ico.org.uk.
What personal information we collect
In order for us to be able to provide you with our services, we need to collect the following information:
- Your name
- Your contact details, including a postal address, phone number and email address
- Personal information relevant to your health assessment / therapeutic plan
This information will either be collected directly from you or from a third party professional, such as a Social Worker or solicitor. We may also need to gather information from another health care professional (such as your Doctor) to provide a complete health assessment.
Why we collect your personal information
- We collect your personal information so that we know who you are and can communicate with you in a personal way.
- We need to be able to verify your identity so that we can be sure we are dealing with the correct person.
- We need your personal information so that we can deliver a service to you.
How we use the information you provide
- To communicate with you about appointments.
- To deliver our services to you we need to use your name, contact details and any personal information that is relevant to your health assessment / therapeutic plan.
- To create an invoice for our services we will use your name and contact details.
Where we keep the information
In our database, stored in Dropbox Plus (a secure cloud-based storage service)
We use Dropbox Plus to store your personal data and to share it with a third party, such as an Associate. Dropbox Plus is a GDPR compliant service.
We keep your personal data stored in an individual Dropbox folder. It includes information from third parties, such as Social Workers or solicitors, notes from our assessment or therapeutic sessions, as well as standardised assessments or questionnaires we might complete together, and audio/video recordings from appointments. It also includes any written reports, containing all the information that we gather, our findings and conclusions.
We use personal computers, located on private premises. The computers are password protected. Your personal data will not be stored directly on these computers, but on the cloud-based service.
In a locked cabinet on private premises
We need to write notes when we meet with you. Some assessments and forms are also hand written. These notes, assessments and forms are a necessary part of our assessment and therapeutic services and help us to create our report. The paperwork is stored in a locked cabinet.
How long we keep the information
- Any enquiries which do not develop into confirmed work will be deleted after six months.
- Video and audio recordings will be kept for a maximum of six months after the report is completed or therapy has ended. After this they will be deleted.
- We keep your Patient Record (which includes any reports, notes and assessments) for seven years (or seven years after the age of 18). This is the guideline given by the British Psychological Society (BPS). After this it will be deleted. Paper notes and forms will be shredded using a secure shredding service.
- We keep your electronic invoice for seven years, as this is the required duration to comply with HMRC requirements. After this it is deleted.
Who we send the information to
Duprey Psychology will only share information about you with other organisations or people in the following circumstances:
- Consent: We may share information with relevant medical professionals or others whom you have requested or agreed we need to contact.
- Serious harm: We may share your information with the relevant authorities if we have reason to believe that this may prevent serious harm being caused to you or another person.
- Compliance with law: We may share information when the law requires us to, for example, safeguarding, terrorism, or serious crime.
- In the event of Dr Duprey's death: A named colleague would be able to access the contact details to notify clients.
- Supervision: It is an ethical requirement for any clinician offering psychological services to have regular supervision. Any supervisor used is an accredited member of the relevant professional body and works within their ethical framework.
- Video and audio recordings may be shared with an Associate Psychologist for coding or transcribing interviews, with a Supervisor or with the Lead Solicitor if requested by Court. Videos and audio recordings are sent via WeTransfer. WeTransfer is GDPR compliant, which means the content of videos is encrypted user to user i.e. from us to the lead solicitor. Once the files are safely stored, they can only be accessed using the unique links sent to sender and recipient.
- If a Solicitor, Agency or Social Worker has instructed the work, we will communicate with them via email. Court Reports are sent to the Lead Solicitor electronically as password-protected email attachments.
You have the right to access your personal data; to rectify, erase or restrict your data; to object to the processing of your data; or to request transfer of data. Please contact Dr Duprey if you wish to do this.
If you wish to have your information corrected, you must provide us with the correct data and after we have corrected the data in our systems we will send you a copy of the updated information.
If you want to have your data removed we must determine if we need to keep the data, for example in case HMRC wish to inspect our records. If we decide that we should delete the data, we will do so without undue delay.
Communicating by email and text message
As part of providing our service to you, for example arranging your appointments, we may communicate with you via email or text message. We will not send emails or text messages to you about marketing or additional services.
What happens to your data if Dr Duprey dies unexpectedly?
In the event of Dr Duprey’s unexpected death, an Associate would take responsibility of her work, including current cases and all previous records. This would ensure that your data remained secure and protected and that data was deleted at the appropriate time.
Dated: 28th January 2020
By: Jennie Duprey